What this has done for me has highlighted how many things are tracker me and how badly those things are designed because they don’t fail gracefully.
I had a telehealth visit link today that broke using this feature. So that’s nice to know. My virtual doctors appointments are being tracked by a third party.
Edit, looks like Firefox is smarter than me, ignore this.
I don’t know what the link was doing, but just because FF thought it was “tracking info” does not mean it was nefarious. It could be used for authentication or security. I have not tested it, but I presume this would break a “reset your password” email link.
I’m rather certain, the way it works is that it removes parameters that are named like well-known tracking parameters. For example, most webpages use Google Analytics, so you see UTM parameters everywhere.
A “reset your password” link could theoretically use a parameter that’s named utm_content, then it would presumably get removed by this feature, but I see no sane reason why one would name their password-reset parameter like that.
In general, such tracking parameters are usually named in a way that it will rarely clash with other parameters a webpage may want to use, so for example they may have a prefix like utm_.
What this has done for me has highlighted how many things are tracker me and how badly those things are designed because they don’t fail gracefully.
I had a telehealth visit link today that broke using this feature. So that’s nice to know. My virtual doctors appointments are being tracked by a third party.
Edit, looks like Firefox is smarter than me, ignore this.
I don’t know what the link was doing, but just because FF thought it was “tracking info” does not mean it was nefarious. It could be used for authentication or security. I have not tested it, but I presume this would break a “reset your password” email link.
I’m rather certain, the way it works is that it removes parameters that are named like well-known tracking parameters. For example, most webpages use Google Analytics, so you see UTM parameters everywhere.
A “reset your password” link could theoretically use a parameter that’s named
utm_content, then it would presumably get removed by this feature, but I see no sane reason why one would name their password-reset parameter like that.In general, such tracking parameters are usually named in a way that it will rarely clash with other parameters a webpage may want to use, so for example they may have a prefix like
utm_.Oh, so it’s not just stripping the GET parameters? Okay, that’s smarter than I was assuming
Stripping all GET parameters would break many, many legitimate webpages. 🫠