DeRe: a De-Redirection, Tracker-busting, Privacy-enhancing Installation.


Here you go:

Put a web link into the URL field and press enter or push Go.

About this Work

(see below for updates)

Find out where a short link goes without actually going there.

Like it or not, tracking and profiling is a big part of your online life. Even if you have all your privacy settings turned up for maximum protection, systems may not be linking your personal data, but they are still watching your behaviour. The purpose of this work is to make redirects transparent and to culture jam behavioural tracking.

Site owners want to know what's generating traffic for them, so they add variables to links that let them see if you got a link from a social media site, via email, etc.

This makes for long, complicated links, and because there's nothing hidden in a URL, the tracking is visible, malleable. This is where link shorteners come in. A URL like http://short.url/abcd is not only easy to share, but an opportunity to collect data. For example, a link shortening site can log your IP address, which can be used to make an approximate determination of where you are.

Link shorteners also give marketers the opportunity to make all their tracking variables less visible. The short link redirects to a longer link that embeds tracking information. Then your browser immediately takes you to the site, which records the tracking information. You have no chance to intervene, review, or modify.

This work addresses that. The URL you enter is checked for a redirect, which is how most link shorteners work. If it finds one, it then grabs the new URL and then repeats the process until there are no more redirects. This works for most but not all services.

At each stage, it discards cookies and looks for common tracking variables. If found, it messes with the values, either substituting one of a set of canned selections or by generating a random sequence.

These two steps make a complete mess of tracking data. First off, it will look like our server is where the user is, so your geographical location is masked from all the intermediaries. Second, information about how you got the link is filled with disinformation, making it almost completely useless.

Last, but by no means least, some unscrupulous actors use link shorteners to make a malicious link look harmless. Something innocent looking like http://short.url/abcd could wind up taking you somewhere you don't want to go, like illegal content or something else you might not otherwise want to visit. That's why this work doesn't just take you to the final destination. It's wise to take a look at the link it generates before clicking on it, just to be sure that's something you actually want to see.

This is a work in progress. It will be updated as new trackers are discovered.

In case you were wondering, this work does no extra tracking. The information you enter into the URL field is not recorded.

If you enjoyed this, please share.

Alan Langford
January, 2018

Significant Revisions (latest: December 2019)

November 2021

December 2019