Link Unshortener: https://linkunshorten.com/
I'm not sure how much work it would require for you to support this, but it would help cement your place as a good web actor if you're so inclined!
API Docs: https://t.ly/docs/
I'll leave it as an exercise for the reader to decide how things ended up where they are now and whether it's a good thing for them. Personally I think it's comical and horrifying just how much compilation goes on in projects written in that particular interpreted language these days!
They probably don't count private browsers even when I am a logged-in paying user - who parses server logs these days.
Apps are killing the open web anyway. People being born now will grow up without knowing what the web is.
I agree about the state of the web tho. I'm a web dev and I often browse with JS disabled and always with adblocking and pihole.
I have 1 client-provided phone that I only power on for specific purposes that is not neutered and has a closed-source app.
A good-citizen should aim to self-host anything as important as executable code _where possible_. The reasons, I hope, are obvious.
I started blocking JS a few weeks ago, and this has been my experience as well - a pleasant surprise.
For a long time I thought that would be a step too far, that browsing would become so annoying and unpredictable because of it. Any annoyance from having to turn on JS for individual sites is easily outweighed by the number of annoyances I avoid - news websites are actually readable, blogs open with their content rather than with an in-your-face pop-up, and as a bonus, I pay attention to things like: how many 3rd party domains is it trying to connect to? does it require 3rd party JS to be enabled to function at all? did they even consider the possibility of disabled JS and bother to write a noscript message? Things like this translate to a measure of trustworthiness to me now, and I've been both horrified (by simple blogs trying to connect to 80+ domains) and pleasantly surprised (by complex-seeming websites that don't use 3rd party JS at all).
Until they block you for "suspicious behavior" after a few minutes of using it like that.
When i switched to Ublock origin, i didn't even realize how to do this. I just allowed all JS whenever i found broken sites.
Now, this very thread encouraged me to finally figure out Ublock origin settings, and now, finally enable specific JS elements instead of a blanket "allow".
Here is a gret userguide for Ublock origin toggle.
Not very common in the general population. But there are those (mostly software developers) who prefer to be in control what code they run on their computers. I know one person who does most browsing using lynx. That is certainly extreme, but extensions like NoScript and uMatrix (has gone out of maintenance recently) certainly have their user base.
It has some pros, too, but on the whole I really miss the mid-2000s Web and am not fond of all the web applications out there.
The biggest hurdle I've encountered so far, is that Stripe doesn't offer a fully nojs alternative to enable users to make payments, although this would be incredibly easy for them to do, considering that they already offer a hosted checkout. The only thing missing here is a way to get the checkout URL itself from the server side, when the Checkout-session is generated.
You'll still be blind to individuals that are blocking GTM/GA itself since you're not using the newer server-side GTM option, hence only a sanity check. But it's a fairly low-effort tweak to be able to get a read on how common it is for your site specifically.
The response is:
<meta http-equiv="refresh" content="0;url='https://weatherextension.com/'" />
Side note, I think a 301/302/303/307/308 redirect is better than meta refresh (t.ly happens to use a 301 redirect + meta refresh).
However given your username I'd like to let you know Cobra Kai season 3 recently released and is as silly as ever, in case you haven't already watched!
Well, Google Analytics and Googlesyndication are known to set the infamous PREF cookie (remember Snowden and PRISM?)... so I wouldn't recommend that website either if the whole point of this discussion is to avoid ad tracking cookies.
I also recently release a new feature called OneLinks that are great for social media bios. Here is an example on a OneLink: https://t.ly/TimLeland
Extension Link: https://t.ly/extension
You also set cookies on every request apparently. What are they for?
$ curl -Is https://t.ly/ | grep -ic set-cookie
The setup I use is customised for me, i.e., Rube Goldberg would be proud. I can view and manipulate all traffic from outside the application and outside the origin computer. I can strip cookies based on IP, domain or URL very easily.
I also control DNS so only domains I approve would even return an IP address.
But it mostly happen during these kinds of redirects where one or more actors wants to be in the redirect loop. This could be URL shorteners or price comparison websites.
uBlock asks if you want a one time exception when a redirect leads you to a blocked url.
I currently use a combination of uBlock Origin blacklisting, NoScript whitelisting, and Little Snitch alerting, if you need a baseline to compare. I've also run a Pihole instance in the past to loop my phone in, but that's not running as of today.
I think what I have created is something like a cross between Pi-Hole, Burp and something yet to be named. But it's faster, more flexible, uses different software and is Java-free.
A programmer with an excellent track record for reliability once said something like "The best interface is no interface." This is how I like things. I do not want to be required to costantly interact. He is the author of the DNS server and daemontools, which I use to control the servers.
Edit: the link should be https://tinyurl.com/examplezoom (which does have viglink.com).
For some reason you wrote the preview link, https://preview.tinyurl.com/examplezoom, which does not have the tracker.
TBF I think they have direct link on preview page simply because they don't want to track the traffic from these pages (instead of trying to disguise), but the practice is still bad.
HN post for that list here: https://news.ycombinator.com/item?id=25512273
There are many claims the list author makes without any source code at all, though a lot of buzzwords. The reddit r/pihole moderator pulled the post: https://www.reddit.com/r/pihole/comments/kh5dit/the_quantum_... . The thread was more entertaining before the list author deleted every downvoted comment they made.
However, at least for Pi-Hole users, more is usually better, so I added the list to my Pi-Hole.
Holy shit that's such bullshit.
They are basically claiming they invented a artificial general intelligence, with feelings, that happens to feel the same way about ads as us. It's basically sentient instead of publishing research papers, they turned it into an ad blocker.
Even if it's not morally wrong, it makes you look like an idiot who doesn't understand the technology you are selling. In the worst case it might even be used as evidence that your work is a fraud.
There is no benefit; To the lay person, It would sound just as impressive to say "We trained a machine learning model to detect ads and spyware" and that wouldn't immediately set off alarm bells with people familiar with the current state of machine learning.
Second: Talking about fraud, the evidence linked above is pretty strong.
Their alleged AI is somehow detecting test domains that authors of other lists as "ads or spyware". Test domains that aren't linked anywhere on the internet.
In one "smoking gun" example, the test domain doesn't even have a DNS entry. The alleged AI can't even load the domain to scan it.
I added the 4 lists you recommended to my Pi-Hole, which added a net new 73,253 domains to my Pi-Hole. My total is now close to 2M.
EDIT: I'm not sure quite how to deal with being put on ad lists. Sure, people can upload any file to our host so it's plausible that someone, at some point, has uploaded an advert. Someone could also redirect to an advert domain and we'd have no way to really deal with that unless it was reported. Ideas are welcome for solutions.
1. Reach out to the list maintainer to see why your site was added.
2. Create a blocklist comprised of those ad lists. Don’t redirect to sites on the blocklist.
3. (Of dubious practical value) Create a Terms of Service that says users may not use your to link to advertisements.
A place to start might be this large, very popular list that combines a bunch of other lists: https://oisd.nl/
Actual text file is here (large file warning): https://hosts.oisd.nl/
Just prevent your service from shortening links to any of those domains.
This is an excellent merged blocklist, with public whitelist (oisd is fully closed, no insight in what is whitelisted and why, also causing more false positives..)
That seems entirely unenforceable. Aren't ALL websites ultimately advertisements?
No. Some are just information, art, or what-have-you. Here's one I just found now.
If the goal is purely informational, why is the author's name attached?
The site also advertises the CMS it runs on.
That's my point, by a reasonable standard, ANY site that exists is an advertisement for something or other, thus a rule saying "no linking to advertisements" is worse than useless.
Ads are sort of like porn. There are lots of things you certainly know serve no other purpose than to advertise something and you can block them outright. Native advertising is certainly difficult though.
Or perhaps you believe the mere existence of information is a call for attention.
I think there would be exceptions, like test sites, personal experiments etc. that could make it on to the internet without seeking attention, but any content designed for consumption is attention-seeking.
Maybe. Attention can also be granted without it have been called there. There are also websites not designed for consumption.
If every website is advertising, then surely most of human discourse and activity would also be considered advertising. What's even the purpose of the word?
You're not going to convince me that everything is an ad, and I probably won't convince you either. I'm not interested in playing any further semantic word games. I'll read any replies you make if you choose to, but I have nothing more to offer in this thread.
I do believe all content made for consumption (even purely informational content) is attention-seeking.
Curiously, this specific tracking behavior (both the redirect and the cookie) goes away when turning on previews.
(Incidentally, my uBlock origin filters block the VigLink redirect as a tracker, by default, as a sibling commenter points out.)
When used as a URL shortener, there are no cookies, no tracking, and ublock origin shows a nice big zero throughout. This is because the revenue model of Oh By is selling custom/vanity codes - not monetizing user data or advertising.
"If you're looking for a dead-simple URL shortener that respects your privacy and doesn't slow you down with ads or multi-megabyte interstitial pages, Oh By might be for you."
The typical use case is a human message, not a URL. If you want a redirect you need to explicitly prefix it like that…
Do youtu.be, t.co, fb.me and dlvr.it next!
I see them all the time in commercial text messages, like from things I've subscribed to, or delivery alerts so I can track the pizza guy.
Rather than awkwardly typing in my username and password through a remote control, I should be able to open the Netflix app on my phone and scan the qr code.
Data analytics - basically you spread out different shortened links on your campaigns / media, so you can track effectiveness while at the same time the user does not have to manually type in cryptic characters.
It is a service that unshortens the url and removes (if possible) the tracking parameters.
It is GPL3, allows Easy Self Hosting and has an automatic browser plug-in
On the other hand I do love websites like WireCutter which only exists because of referral codes.
I found that it broke some sites though so I removed it.
It's an easy way to make money because it doesn't involve a long sales process with major advertisers. Viglink does all that. tinyurl, bitly, et al are probably making a fair amount given their reach
1. TinyURL does not give Zoom any more customers than they would have had otherwise.
2. Zoom pays VigLinks and TinyURL.
3. An incompetent, or unethical performance marketer gets to claim to their boss they are driving X upgrades for $Y when in reality they are driving 0 incremental upgrades for $Y.
Running a free URL shortener costs time and money which is why they do it. For my URL shortening service https://blanq.io, I am planning to remove this feature and only support custom domains. Free shortening is highly abused by spam and its a daily battle to be one step ahead of them.
Last week, a single bad user created a phishing link and brought down the entire site for an hour until I was able to restore it.
As far it seems to be a grim future, it is almost only way they can monetize. Otherwise they will close their businesses rendering millions of URLs broken, what I think is the future that is too easy to predict.
Bitly charges $30/month (basic) which seems like an outrageous amount of money to me for what it does. How much more monetization do they need?
rows=csr.execute("select count(*) as nr from moz_cookies").fetchall()
rows=csr.execute("select host,count(*) as nr from moz_cookies group by 1").fetchall()
for r in rows: print("- %3d %s" % (int(r),r) )
csr.execute("delete from moz_cookies where host not in ("
" 'your', 'own', 'list', 'of', "
" 'sites', 'you', 'trust')")
print("%d > %d cookies" % (ckbefore,ckafter) );
I can do more to help web users understand trackers... perhaps I will work on that this year.
I’ve worked in and around the space for too long to see outside of my bubble.
Is that important enough to risk being "found out", or do they just not care that much about being found out, so went with the somewhat technically easier to implement but visible to end-user option?
I eventually decided that URL shorteners were a terrible idea for the web and that I wanted the 'actual' URLs out there.
Care to elaborate?
What's a good alternative (with the ability to tailor the shortened url)? I wouldn't mind paying a couple bucks a year.
I've created a free service with no ads and completely free that also generates qrcodes (https://qrli.to)
The problem with url shortners is usually the abuse they get (from affiliate tracking above to MLM or CPL for dating sites). However the entry barrier is so low and they are still a relevant part of the infrastructure, not surprised bitly and tinyurl are monetizing this way.
Is this not addressed by blocking all 3rd party cookies at the Browser ?
Text messages where going over a character limit adds to the cost
There are tons of URL shorteners, and not all of them do this.
Both services set long-lived tracking cookies:
curl -v 'http://bit.ly/aFzVh0'
< Location: http://nymag.com/daily/entertainment/2010/08/hear_katy_perrys_milk_milk_lem.html
< Set-Cookie: _bit=l03lLp-b899a3350a02095760-00P; Domain=bit.ly; Expires=Fri, 02 Jul 2021 21:47:25 GMT
curl -v 'https://t.co/45cMiYOHQ8'
< location: https://luke.cat/
< set-cookie: muc=6d0d0800-f738-4704-b292-f03b6e5a5f91; Max-Age=63072000; Expires=Tue, 03 Jan 2023 21:49:09 GMT; Domain=t.co; Secure; SameSite=None
This is one of the thousand reasons that I don't think capitalism will be viable beyond 10-20 years from now. The endgame will be perfect monopoly - one global player in every niche of our daily existence. Slowly force-feeding us a diet of whatever is most profitable (whatever service encompasses the most dysfunction in exchange for money).
Off the top of my head, a better system might be one that seeks to eliminate dysfunction instead of profiting from it. Web browsers could provide short links to all websites by using a hashing function instead of an encrypted refcount. They could remove as many identifying bits as possible (like cookies). I like the direction that Apple and others are going, preserving less user data and letting less spill between unrelated websites.
The question of what all these advertisers will do once they're not allowed to track us is a big one. But my guess is that targeted advertising is not needed in the first place. They did just fine (arguably better) with demographics in the centuries before tech revealed our personal browsing histories.
Hmm. You posted this from your phone or computer that was created by capitalism, from an OS created by capitalism, using a browser created by capitalism, to a message board for an organization who literally specializes in capitalism. While the original incarnation of the internet wasn’t created by capitalism, military funding and the inherent authoritarianism is probably not the ideal direction to return to. Yet you think all of this only has 10-20 years left?
Oddly, you express a preference for what Apple are doing instead, yet they are the single largest product of capitalism or any other economic system that the world has ever known, including Saudi Aramco. Capitalism just “cured” a pandemic faster than anyone thought possible.
Now, it’s not without its issues, but all of the evidence seems to suggest that we maybe ought to think twice before abandoning it and probably killing hundreds of millions of people (again).
... that all base on centuries of research, science and technological development that happened before capitalism was even first proposed. Your point being?
The classical Sciences and Arts were all founded and developed under “divinely ordained” Monarchies. I suppose that would’ve been a fantastic case for conserving that system for you?
Have you thought that maybe all those material accomplishments made under capitalism have less to do with the system itself and more to do with the fact it’s the only one around? Pretty sure many of today’s tech is founded as much on innovation that came out of Soviet labs as anybody else’s.
Also, incidentally, current day capitalism is at the beck and call of one of the last remaining communist countries. Just a curiosity.
Not even close to what I said. I didn’t suggest that he contributes anything to society.
> Have you thought that maybe all those material accomplishments made under capitalism have less to do with the system itself and more to do with the fact it’s the only one around? Pretty sure many of today’s tech is founded as much on innovation that came out of Soviet labs as anybody else’s.
It’s (mostly) the only one around because the others all failed spectacularly every other time. Not only did states collapse, but about 100 million people died. It’s amazing that you’d use the Soviet union as an example, considering where they ended up.
> Also, incidentally, current day capitalism is at the beck and call of one of the last remaining communist countries. Just a curiosity
China is the least communist of the remaining communist countries. And do you happen to know what major change allowed their GDP to explode and make them soon-to-be the biggest economy in the world?
Even ignoring that, do you really want to live somewhere like China? If you think poverty and working conditions are bad in the US, just you wait!
Unless you meant one of the other examples, like Cuba, North Korea, Vietnam or Laos. I’m guessing not.