The Skill of (Easily) Avoiding Tracking Links

With a subscription to a friend’s email list, I was greeted wonderfully by links tracking me out the wazoo. There’s a way to avoid these things.

Are you aware that some of the links you send out contain built-in tracking (e.g., how many people clicked the link, that they accessed the site via Salsa email blast, etc.)? If so, will you please disable this feature moving forward?

If you don't want to disable this, will you please explain why you find it important to track the people who access links via your emails?
The Page Master

You CAN Spot Tracking Links

If you hover over a link (or press and hold on mobile), you will see where the true link points. Try this in one of your email subscriptions — you’ll see something like “click here to see showtimes,” but instead of “https://www.amctheatres.com/,” which you’re expecting, the link will point to a weird-looking URL. This is often used to look for phishing links, but we’ll talk about tracking today.

Link to “Read more about the court ruling” with a long URL including “utm_campaign=ww-en-2a-generic-coms_email-g_eng-newsletter&utm_source=proton_users_mail&utm_medium=email&utm_content=2021_-_dec”
“Read about the court ruling” is apparently part of a “utm_campaign” for “proton_users” via email

Case in point, I expect the link in the screenshot to take me to https://protonmail.com/blog/security-audit, but I am instead directed to https://protonmail.com/blog/security-audit?utm_campaign=ww-all-2a-generic-coms_email-g_eng-newsletter&utm_source=proton_users_mail&utm_medium=email&utm_content=2021_-_june.

If you use Twitter, you will find that all links on that site go to “https://t.co/LongCharacterMessageHere." Even if you can see the URL that Twitter is linking you to, like duckduckgo.com/app, clicking the link first takes you to “t.co.” For example:

Why Are There Trackers??

There are a couple of reasons for the prevalence of tracking links. When tracking links are sent in email, it is often a way for an organization to know that you’re engaging with their content. They lace their links with trackers so they can say “120 people clicked a link in the March email, but 200 clicked a link in the April one, after we changed the formatting. Thus, our user interface update is more engaging.” In essence, it’s a way to gather analytics. There is also a security aspect to it: Google laces all Gmail links with a goo.gl link in order to run each link in an email through their proprietary virus scanning software before a user clicks that link. I assume that this is the same reason that Twitter converts all links shared on its platform to the t.co address. Look for this the next time you click a link from your Gmail account.

However, I think this is creepy and I don’t want to be tracked.

Avoiding Tracking Links

The simplest way to avoid these is simply to copy and paste links into a new tab in your browser and strip the tracking stuff from it, instead of clicking through the link. For example, you will know that a link contains a tracker if it passes extra parameters like ‘utm’ at the end of the URL. This might look like “epicgooeycookies.org/shop?utm_medium=email.”

Parameters are pieces of information sent after a “?” in a URL. For example, “https://duckduckgo.com/?q=test” is passing the query ‘test’ to DuckDuckGo, and will search for that parameter (the query is represented by the variable ‘q’). If I searched DuckDuckGo for “food,” the link would read “https://duckduckgo.com/?q=food.”

Although this solution is simple, it’s not guaranteed to work in all situations. Not all parameters are bad. And there’s more to avoiding these links than just looking for utm_source, utm_campaign, etc. ‘Utm’ will always be associated with tracking, but the principle is paramount: strip links of parameters that are not necessary for the link to load before navigating to them.

Photo by Ales Nesetril on Unsplash

This will require experimentation. For example, I can avoid tracking when I click on a shared Spotify URL by deleting the query ‘si’. As far as I can tell, that variable stands for “share ID.” In other words, https://open.spotify.com/track/7j1iOwsnNZfWxjf4Ouxi0f?si=844275a67282429c and https://open.spotify.com/track/7j1iOwsnNZfWxjf4Ouxi0f point to the same location, but the former contains tracking.

When browsing email, instead of clicking blindly on “example.com/page123/?utm_source=tracker&utm_medium=email,” strip those parameters and simply navigate to “example.com/page123” in a new tab.

Sometimes tracking is unavoidable. But this article is long enough and there are other strategies for handling those situations. Instead of clicking on Xcel Energy’s tracking URLs (http://click.xcelenergy-emailnews.com/?qs=MASSIVESTRINGOFNUMBERS), for example, I could simply log in to my Xcel portal and navigate to the same place that link would have taken me.

--

--

--

Security+ certified game designer with a degree in Cinema & Media Arts. Previous and sole writer for Kyro Digital: https://kyrodigital.com/our-blog/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

US’ Planned Parenthood cyberattack exposes data of 400K patients: Report

US' Planned Parenthood cyberattack exposes data of 400K patients: Report

What Are The Top Secure Data Transmission Methods?

Bug: Local Admin Certificate-based Authentication to WinRM on a Domain Joined Server

How to Hack WiFi, A Beginner’s Guide

The Ultimate Guide for WordPress Security 2021

PrivacySwap defi class is back

Does Money Laundering Happen Often In Casinos

Hash Spraying Attack

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Page Master

The Page Master

Security+ certified game designer with a degree in Cinema & Media Arts. Previous and sole writer for Kyro Digital: https://kyrodigital.com/our-blog/

More from Medium

My Journey Of DTS(Design Thinking Studio)

This is the only territory you need to conquer to conquer yourself.

Perspectives of Discernment in John Henry Newman

A Life Lived in Doorframes