DeRe: a De-Redirection, Tracker-busting, Privacy-enhancing Installation.
New: Use DeRe as an automatic link cleaner/jammer! See the December 2022 update for details.
Here you go:
Failed to parse URL.
Put a web link into the URL field and press enter or push Go.
(see below for updates)
Find out where a short link goes without actually going there.
Like it or not, tracking and profiling is a big part of your online life. Even if you have all your privacy settings turned up for maximum protection, systems may not be linking your personal data, but they are still watching your behaviour. The purpose of this work is to make redirects transparent and to culture jam behavioural tracking.
Site owners want to know what's generating traffic for them, so they add variables to links that let them see if you got a link from a social media site, via email, etc.
This makes for long, complicated links, and because there's nothing hidden in a URL, the tracking is visible, malleable. This is where link shorteners come in. A URL likeis not only easy to share, but an opportunity to collect data. For example, a link shortening site can log your IP address, which can be used to make an approximate determination of where you are.
Link shorteners also give marketers the opportunity to make all their tracking variables less visible. The short link redirects to a longer link that embeds tracking information. Then your browser immediately takes you to the site, which records the tracking information. You have no chance to intervene, review, or modify.
This work addresses that. The URL you enter is checked for a redirect, which is how most link shorteners work. If it finds one, it then grabs the new URL and then repeats the process until there are no more redirects. This works for most but not all services.
At each stage, it discards cookies and looks for common tracking variables. If found, it messes with the values, either substituting one of a set of canned selections or by generating a random sequence.
These two steps make a complete mess of tracking data. First off, it will look like our server is where the user is, so your geographical location is masked from all the intermediaries. Second, information about how you got the link is filled with disinformation, making it almost completely useless.
Last, but by no means least, some unscrupulous actors use link shorteners to make a malicious link look harmless. Something innocent looking likecould wind up taking you somewhere you don't want to go, like illegal content or something else you might not otherwise want to visit. That's why this work doesn't just take you to the final destination. It's wise to take a look at the link it generates before clicking on it, just to be sure that's something you actually want to see. The work also incorporates a few known "malicious" redirection sites that take you to fake dating sites and similar garbage. If one of those is found, it will be covered in the notes.
This is a work in progress. It will be updated as new trackers are discovered.
In case you were wondering, this work does no extra tracking. The information you enter into the URL field is not recorded.
If you enjoyed this, please share. If you find a problem, please reach out (via Mastodon).
Fixed a bug where dere was failing and giving a blank screen, added some new utm_ variables to jam.
You can now use DeRe to jam links by using it as an automatic redirect. Facebook seems to have stopped replacing links with its own redirect, instead it appends a "fbclid" (Facebook Click ID) to any links you post there.
If you post a link to https://somesite.com/somepage?utm_source=email, Facebook changes this to https://somesite.com/somepage?utm_source=email&fbclid=xxxxxxx where xxxxxxx is a long string that tracks you by identifying the exact source of the click.
Now if you instead post a link as:
Facebook turns this into:
And DeRe will convert this back to:
Where yyyy is either something absurd or random, and send the browser there.