Hacker News new | past | comments | ask | show | jobs | submit login

Firefox recently started stripping out tracking URLs [0] and the most prevalent one is Facebook with it's ?fbclid= so it looks like they're encoding it straight into the URL now to bypass that, Medium does similar also.

[0] https://www.engadget.com/firefox-can-now-automatically-remov...

It's opt-in behavior. So Facebook is explicitly countering opt-in requests for privacy (without informing you)

See also: all the companies scrambling to circumvent App Tracking Transparency, in which they are not only being duplicitous, they're also breaking the new agreements formed with the app store and the customer.

Tracking has been a grey area in technology. Now that regulations and users are trying to scrape back some control over their privacy, it's going to be a lot clearer to see the line between moral and amoral behavior in companies.

App Tracking Transparency only forces you to do what you must have already been doing to comply with the GDPR (and potentially even the earlier ePrivacy Directive).

Any complaints about ATT should've been considered admissions of guilt by the EU regulators and promoted investigations.

This is the kind of thing that should be illegal.

Once upon a time, I would ship word docs with a remote image using a unique URL that I host. When someone opens the word doc (and accepts remote images) the URL is fetched and I know when someone opened a doc that was destined for a particular recipient.

It's quite interesting when the doc intended for a specific recipient is opened in 15 different geographical areas. Even more interesting when that specific recipient was under an NDA.

My question to you is if this should be made illegal? (since it is the same action facebook appears to be doing)

I didn't know Facebook was protecting documents under NDA.

Can you provide references?

Oh apologies I didn’t realize it was only Facebook that would be specifically targeted in the law. By all means, please continue!

And who do you think has the lobbying, law-making, and regulatory advantage here? Facebook or 5 billion disaggregated people around the world?


You should be a able to change how URLs work for your own website. They're not making any promise of stability here.

You can. The problem is that they're changing them to actively and intentionally circumvent the expressed wills of people visiting their site.

I'm allowed to move my arms like I want, but that doesn't give me the right to push people off cliffs.

Very poor metaphor.

The will of the (informed) visitor doesn’t matter when they are visiting a place. I can’t have an intention to take a painting from a museum, ranging about the museum making it hard

Should we also ban sites formatting their pages so that you can't easily block their ads?

That's changing the topic and avoiding the question.

It's also further defending hostile dark patterns and evading explicitly expressed personal intent.

The browser is a user agent, not a publisher or advertiser agent.

Yes, this kind of tricks by corporations.

I believe the problem is not the ads but the tracking.

Formatting pages to make ad blocking difficult is another example of websites making a conscious choice to thwart user intent.

In both cases, sites are attempting to tie content consumption to content monetization, and users are attempting to get the content without the monetization because they dislike side effects of the monetization.

Most websites track users. Even if they don't try to monetize content or show ads.

you're ignoring political purposes, and the political engagement of even the most vocally apolitical orgs. and you're ignoring abuse of access granted through neglect

Intent matters.

Many sites do this very intentionally, including Facebook. Look sometime at the markup on their "sponsored" disclosures

I would be in favor

I guess they should just be done with it and say if you don’t opt in don’t use FB.

Not when it impacts peoples' right to privacy and control over their own data. Do you work for Facebook?

I'm all in for making this kind behaviour illegal by big corporations which is used by large population.

This is a bold opinion

The times I've seen these corporations doing cunning harmful actions, I've left with zero sympathies for them.

How many "this should be illegal"s are we going to see on this website before people realize that powerful platforms have the money, power, and politics to lobby their way out of everything? A huge chunk of this was made illegal through the GDPR, and for years on this website everyone said it was a massive overreach. Or maybe we make this spend 5 years making this specific thing illegal and they circumvent it all in two weeks. Or they just ignore it and pay the paltry fines as a cost of doing business.

Not to mention the giant groups of people working at FAANG here, directly complicit with this behavior, afraid their salary and stock options will tank if anything changes.

Companies have the willpower and money to fight any sort of check on their power, well after the rest of us are all beyond exhausted.

So we should just give up? Yes it's a hard problem trying to regulate the behavior of companies with the resources and determination to subvert consumer rights, but it's not binary, incremental progress is possible. If you have ideas for a better approach perhaps you could share them here.

there are more radical options than incremental reform under a widening power imbalance

One of many benefits of posting "this should be illegal" is that it exposes what people think about the problem.

We think the problem is just the big corp circumventing moral, ethics and even law for make a profit, but how many people here support this behavior?

We are not only talking about people working there, but people from the outside, completely unrelated, telling they are right and that they should keep doing what they are doing.

Maybe we can not fight big corps because they have all the money and power, but people, we definitely can fight them.

another way to put it is that even if there isn't consensus on a legal solution (particularly when those kind of solutions involve state power and violence), it's fine to express and promote a moral stance

There are laws against it (in certain parts of the world at least). Of course, those laws do allow tracking in certain situations. Of course that makes enforcement harder - enforcers need to figure out if this is not an allowed case. Moreover, enforcement agencies vary in execution, with the Irish DPA so bad, their actions are indistinguishable from actively undermining GDPR.

> So Facebook is explicitly countering opt-in requests for privacy (without informing you)

Facebook informs you of their tracking via the privacy policy you agree to when using their services

Right, that’s totally legible to most users.

Tiktok does the same thing when you get a URL to share a video

It’s really creepy too if you don’t know the share url can leak your account name (if you were trying to keep that private)

Just to add some clarity, it's not that it "can leak" your account name, it deliberately pops up your account name and profile photo above the video to anyone that clicks the link.

It is but try to explain this to a regular user and they will call you a tinfoil hat nerd

I don’t think this is that big of a problem today, after so many privacy leaks people are a bit more aware, at least in my experience. Also tiktok actually shows a popup that the link contains information about your account.

Ya, most people get that there is no privacy. Where I think you get more of the "tinfoil hat" accusations is that a lot of people don't care or don't recognize the far reaching implications of lack of privacy.

In my experience most people do understand the basic structure of a URL even if they don't know the proper names for the parts. It doesn't take being a software developer to empirically figure out which parameters are responsible for tracking and delete them before sharing — especially if you see your own username in one of them.

Do “regular folk” really do this though? It is a serious, non provocative question. I strip all cruft off URLs but consider myself privacy aware and technically adept. I don’t think my non-technical friends have any idea about this.

Take a look at the URL you get when you try and share a tiktok video, and tell me which part to delete to remove the tracking

You have to visit it yourself to resolve it to a long link, then you'll get a long URL that has /@username-of-uploader/videos/[video id]?[huge amount of tracking variables]. For now, you're ok with dropping everything after the ? after you resolve out the vm.tiktok.com link shortener.

Not that it makes it any less shitty but you can disable that behaviour in the settings

Until that setting dissapears when things get suffled up after an update or something like that.

I actually had no idea that was an option.

ByteDance has done a really good job making me reconsider whether I’d ever work for Big Tech again.

I have some serious reservations about social media generally, which is why I left to begin with, but between TikTok and Instagram I know hands down who I trust more.

What’s your exact concern with TikTok?

Not sure if this is theirs, but [1]:

> “Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting. In another September meeting, a director referred to one Beijing-based engineer as a “Master Admin” who “has access to everything.” (While many employees introduced themselves by name and title in the recordings, BuzzFeed News is not naming anyone to protect their privacy.)

[1] https://www.buzzfeednews.com/article/emilybakerwhite/tiktok-...

Why is this linked to “big tech”? Big tech usually means FAANG which is American when you point out an issue with information going to China.

Sorry I'm not the person who wrote that comment, so I don't know if this is what they were thinking, it was just a guess. It is confusing for me what they meant too.

This sort of nationalism is not useful; when pattern of life data is used to quietly blackmail or extort you it doesn't really matter whether it's your own or a foreign government doing it.

Why would you assume I was being national (implication: racial) about it. The national and cultural loyalties of the people working on these two products is highly similar.

I trust Instagram more because I was in the room when we said “using dwell as the signal and turning the online learning rate to who-the-fuck-cares is a bit much even for us”.

FB/Meta/IG’s bad, bad misses are just policy at ByteDance.

FB deliberately didn’t build this product because it’s kind of intense even as social media goes. Well ByteDance has decided that we’re all selling crack cocaine to 13-year-olds.

If anyone is going to display a modicum of social responsibility around this new lowest common denominator, it’s almost certainly FB.

It’s weird to find myself defending FB but in this instance it’s merited.

Nationalism is not racial. The implication is that you have more of a problem that China is seeing your data vs America just because it’s not your country, rather than both being equally bad (third party seeing and potentially using your data against your best interests or not compensating you for it).

Nationalism is the belief that your country is inherently better than others just because it is your country.

If everyone held this view then there would be no path that doesn’t lead away from national conflict, because all Chinese would choose China and all US people would choose US in these situations, rather than focusing on objective bad actors.

Are there even any good actors, when it comes to national governments?

Not saying that's an excuse for badness, but let's also not pretend that all governments are equally bad. I would rather the US violate my privacy than China, if those were my only choices.

Granted, currently I'm more or less physically out of reach of China's law enforcement, but well within the US's reach. So China having my data -- at least in the short term -- probably can't hurt me all that much. But longer term? Who knows.

"Equally bad" is objectively subjective. The reality is, especially on a long timeline, corrupt is corrupt and a degree of corruption is largely irrelevant. Instead we use the perceived degree of less corruption to justify nationalism and other things, and it's largely a matter of perspective. You probably wouldn't believe me but you ask the average Chinese person and they think the American government is just as corrupt as the Chinese. You may differ in your opinion. Who's right? Who knows? But I know one thing for sure, and it's that it doesn't matter who is less or more corrupt.

I’m on full take with both NSA and GHCQ minimum. I cut power to hardware when I want privacy. My ex-girlfriend is CIA, but uncle works for a defense contractor, and just for fun: I’m one of 10 or 20 colorful figures in tech who make a great story in the last ten years.

Have I seen shit? Yeah! Are you full of shit? Also yeah, unfortunately.

I don’t understand what you’re trying to tell me. Could you elaborate?

I would disagree here. The incentives are quite different, as there are many foreign governments who are actively hostile and use the internet for extremely effective psyops. Social media is the #1 place for psyops with great success.

> The incentives are quite different, as there are many foreign governments who are actively hostile and use the internet for extremely effective psyops.

How does this differentiate them from domestic governments exactly?

For obvious reasons: they want to disrupt society, drop placement in the world, cause internal fractions that divert attention abroad to domestic strive, actively harm populations by spreading dangerous information, move fringes into the center to replace those who are effective with those who are not, cause macro economic harm, replace narratives of foreign adversaries to make them seem friendly or sow doubt that they are in fact doing bad things, rewrite narratives with their value systems instead, destabilize countries and cause civil war, cast doubt on things like democracy to shift the world to autocratic rule, etc etc.

Your question is phrased in a way that would be exactly the kinds of things that foreign adversaries want to achieve online: make people hate their local government so they throw their baby out with the bath water, meanwhile the foreign adversary keeps power with an iron fist and censorship so they don’t suffer the same consequences.

> For obvious reasons: they want to disrupt society, drop placement in the world, cause internal fractions that divert attention abroad to domestic strive, actively harm populations by spreading dangerous information,

Dd we really need foreign governments for this? They do it, but we get plenty of it right here at home. Covid made that plain enough, but so have decades of attacks on education and the middle class. In the US we even have government investigations into our own government for wanting to destabilize the country, cast doubt on our democracy and promote civil war.

I'm not saying foreign governments don't play these kinds of games too, but if pointing out my own nations very real problems and deficiencies makes me sound like foreign adversaries maybe those foreign governments aren't the biggest problem we have and we'd be better served cleaning house and looking at the problems within before pointing fingers at folks outside.

First of all, why would you want additional malfeasance? This is indefensible. It’s like saying with all the police shootings, who cares if foreign army’s are going around and shooting people.

Covid made plain that psyops work extremely well. A huge amount of disinformation came that way, in addition to a domestic audience that was very happy to incorporate it. Having a mistrust of authority in the first place makes this frictionless because it means you trust whatever you read online instead of your local authorities. That makes psyops easy peasy.

You can both not want foreign meddling and want to improve your local situation at the same time. Geopolitical issues are never a serial process, and they never end. There will never be a point where everyone agrees the domestic issues are now “fixed and everything is perfect” so now we can focus on the constant foreign attacks. That’s a false start.

Don’t throw the baby out with the bath water. When you burn it all down you’re just left with ashes, and whatever the replacement is almost always cheaper and worse.

You can safely assume that any big company in a G8 country is spilling data to the spook arm of the other 7.

Perhaps but it’s different when it’s an ally and intelligence gathering to face larger threats. That’s not the same thing as trying to bring down another society at large.

As does StackOverflow

It's not encoded though, your user ID is right there and you can strip it out. I agree that it could be clearer like /question/1234?utm_user=5678 instead of /question/1234/5678

Amazon does similar, along with a generally crap description of the product that isn't necessary, you only need the 'dp...' ID.

You could argue that SO at least gives you some benefit - there are badges you can earn for popular shared links.

FB also claims their tracking is beneficial, they can show you more relevant ads this way.

Perhaps there are benefits to everything; is the cost, i.e. losing privacy, worth it?

True but the same can be achieved with just asking the person about their needs/interests or using only public data for ad targeting.

Second, this only applies to Facebook users, and yet they also track non-users despite them not even going to be showed any advertising.

Instagram does the same as well with your user ID as a query param when you share or copy a link.

Tracking query string params in urls is nothing new, and its easy to spot.

What tiktok (and it looks Facebook is starting to do) is generate you a completely unique URL when sharing a video. Copy a tiktok video URL and you get something like tiktok-dot-com/video/abc456def - that ID at the end is unique to you. There's no tracking params to remove from the video because they encode the video ID and your user ID in the same 'field'

Well I didn't say this was "something new".

Your comment is somewhat accurate, but not the whole story.

A copied Tiktok share URL looks like this:

When pasted into a browser though, it redirects to the normal post URL:

From there the tracking ID can be easily removed (by one's self) from the query params. This is in contrast to Facebook's new approach.

Instagram === Facebook

So not much surprise here.

+1 this is likely the situation. I would bet that the rest of the url resolves to the old format with the search param after some decoding.

That was such a naive move by firefox tbh

Perhaps a bit more explanation is needed considering the downvotes: https://news.ycombinator.com/reply?id=32118663&goto=item%3Fi...

This is an arms race firefox would lose. I think if anything, firefox trying to race it is now negatively affecting anyone that were able to manually remove tracking id themselves (or use a browser extension)

Ad-blocking, like content piracy, are activities that are ignored and can flourish in the fringes. Once they go mainstream and become threats to profit margins, considerable resources will be brought to bear to fight them.

So the ultimate question is: how do we make sales executives look like a threat to profit margins?

The only way I can think of is to make profits above a certain level unprofitable by taxing them at a high rate with ratcheting without bracketing (i.e. any amount up to $X billion taxed at 10%, but anything greater than $X + $0.01 will be taxed at 60% for the entire amount, resulting in a tax graph that is discontinuous for profit vs. tax). Profits can be tinkered with, so perhaps do that with revenue instead. Then, for companies of a certain size will have no need for sales executives, and will be punished by Wall Street for exceeding optimal sales targets.

This will make whole internet fragmented, why serve customers beyond revenue target, so best products will be available only to most profitable customers.

One could say the car industry is also "fragmented": but we have up-market OEMs and Toyota/Honda.

Isn’t this already the common theme in capitalism?

It is enough for Firefox to make the trackers have to be more invasive.

I don't have to defeat you if I can make you look bad enough to all the observers.

What nonsense. The negative effects are due to Facebook, not because Firefox took defensive actions.

Don't blame the victim, blame the abuser

First we had toggleable cookie and JS settings.

Sites blocked functioning without cookies or JS.

Then we had adblockers.

Sites blocked functionality with adblockers installed.

Then we had Do Not Track.


Then we had GDPR.

Sites: Multi-thousand-word EULAs, TOU, "Accept" vs. "Pound Sand" options, multi-hundred click "choice" dialogues, "your privacy is very important to us (to invade and violate)", and mass geoblocking.

Then we had UTM and FBPID URL tracking parameter stripping.

Sites: Encode tracking data directly into URL as a hash.

Firefox's action isn't simply meant to solve the problem. It's there to highlight the repeated and escallated violation and negation of express personal intent and preference.

No means no.

Do you have any evidence to say that this is the case other than speculation? It's also possible that they just changed the URL format. FWIW `pfbid` seems to be a shortened version of "post fb id" so why would it include the "cl id"?

Rule #n of the internet: If Meta does anything which doesn't explicitly protect the privacy of users, you can safely assume that it harms the privacy of users.

I went to Vice's fb page, found the same post that OP linked to and checked the URL. The pfbid part is exactly the same to me. The URL by default has some additional params attached like __cft__ and __tn__, which can be stripped, and those are probably tracking-related. Based on this, I don't think that pfbid is connected to tracking

If I were Meta, this is how I would implement this. First, get everyone used to the new opaque base64 encoded blob, by using it just like the previous numeric post id. Then, after all the initial speculation dies down, encode other stuff in it.

Are you sure about that? It's not the same for me.

OP: https://www.facebook.com/VICE/posts/pfbid02XdVziPTwhmPU9XzBq...

Me: https://www.facebook.com/VICE/posts/pfbid0TbuHEaGP2fLTRDFRTu...

There were also a bunch of other query params junk after that I omitted here for brevity.

Facebook will Facebook, that's a given. But why aren't FB employees (anonymously) responding here and explaining how this "pfbid" thing can be circumvented or even what it contains? Where are the actual privacy activists that will do a grep through the FB sourcecode for pfbid and give us the scoop??

It looks like one already explained what this is: https://news.ycombinator.com/item?id=32119684

probably takes a certain mentality to still be working at facebook and the people who cared enough to do this sort of thing left instead

Multiple other companies doing the same thing would point to a trend.

what's the reason to change from the old format if that's all it does?

Makes a lot of sense— thanks!

I suppose Firefox could remove this new encoding too

Not that easy, unless the URL pbfid thingy can be easily parsed into separate "post id" and "tracking id" parts — which I bet it cannot.

One alternative, which would require significant effort and investment but would be a brilliant way to outsmart Facebook's crap, would be to accumulate pbfids in a common pool such that, if a given pbfid points to post X, fetch a different random pbfid that points to post X. If the initial pbfid is not recognised, add it to the pool once the post is determined, either as a new alternative for a known post, or as a novel entry.

Of course, FB would hate it and would either try to expire old pbfids (and risk breaking "legitimate" links) or use legal threats, which would require them to openly admit that they don't give a shit about people's privacy preferences.

Problem, I think, is that only Facebook can know the X such a url points to without accessing it.

So, upon seeing a new one, you’ll have to resolve it. Only then would you be able to tell what other URLs it’s equivalent to.

One way to gain anonymity there is to do that from a proxy, but such proxies would be detectable from the amount of pages they request from Facebook.

It also looks like they already thought about replays of URLs. For me, https://www.facebook.com/VICE/posts/pfbid02XdVziPTwhmPU9XzBq... currently says:

“It looks like you were misusing this feature by going too fast. You’ve been temporarily blocked from using it.

If you think that this doesn't go against our Community Standards, let us know.”

So, chances are they also thought about users exchanging URLs (e.g. by having each running instance of Firefox read Facebook URLs for other instances). It is possible that (a part of) your Facebook user ID also is encoded in each URL.

So create an extention which feeds the URL to FB when it is first requested, find the canonical URL, and return that to the clipboard / share dialogue.

Smart but now there’s another third entity you have to trust to aggregate all this personal information from a slew of users just to… avoid the same situation initially? Sort of seems like only a marginal improvement.

The third party can’t really do much with this data.

The third party can still see which users decode the exact same string, thus derive relationship networks. (If i regularily share links to my friends they all resolve it at the third party to te "canonical" form, that third party then knows that all those are my friends)

Assuming you can even decode it. Could just be an encrypted string.

It doesn't even need to be that. If I were facebook, that string would just be an index in some internal Facebook key-value store.

Not really. pbfid needn't be a hash. You can take the plain text url, which can be ".../random.user/post/post_number", happened a random salt, and encrypt it using a key which is a function of "f(random.user)". That way you get unique encodings for each shared URL and every time you decrypt just discard the random bit. Defeats all pooling/reverse engineering efforts and offers perfect user isolation (each user has their own key).

> try to expire old pbfids (and risk breaking "legitimate" links)

Or encode some versioning scheme, and keep trying various versions until one comes up with a valid link. If we can think of these things in seconds, so can the engineers at FB.

presumably they've encrypted/MAC'ed it, so you can't without breaking the link

Sounds like this calls for some browser extensions

Beyond privacy I'm interested in generally a browser extension that disables things that provide free labor to for-profit enterprises, such as hiding the moderation queue (which even has an annoying persistent badge) on StackExchange sites, the one that asks me to provide unpaid labor to private equity and has various rules that sound nice if it were a public utility but primarily work to improve their SEO.

By your same logic, participating on HN is free labor to a VC firm. I don't see how you can draw the line with a general-purpose extension other than simply actively avoiding things you don't want to do through your own volition.

I agree with the logic, and am free to criticize even if I engage as an individual without power

I think a good place to start would be with user awareness

That's called hypocrisy :)

I'm well aware and don't give a shit, I'm not the one as an individual causing the problems in the first place and have no individual power to correct it. But you're free to go spend your time and energy attacking victims of these behaviors as complicit, like a "gotcha" for why these powers deserve to go unchecked

"And yet, I see you participate in society."

Sorry about the quote marks; from memory, so probably not an exact quote.

Most likely can’t be fixed by an extension and also to the parent poster, Firefox can’t strip this info out because the encoded string (how I read the original question) includes the actual metadata about what’s to be displayed. Looks like fb won this round.

At least for now, facebook has an endpoint that converts from new to old.


Returns references to the older style url in the returned html.

I also noticed it's calling that new style base64 string a "story_token" in places, and uses it in conjunction with "page_token" set to "VICE" in this case.

Thanks for digging this up! Looks like a path forward

Nit picky but isn't this action actually illegal in some jurisdictions ?

For example in France: « Obstructing or distorting the operation of an automated data processing system is punishable by five years' imprisonment and a fine of €150,000. »

maybe! lots of reasonable anti-capitalist action is illegal. it's good to be aware but nothing to be respectful of

But fetching data from an http server by giving it a URL is what it's for; how can that be "Obstructing or distorting" it?

I was actually wondering why the big trackers haven't implemented this yet and how much time it will take them to switch. I mean, the tracking part of the URL is so obvious it's just sitting there and asking to be removed. Most tech people do that, also some extensions, and now Firefox. So it was just a question of time.

Not true if people just choose to stop or slow their use of Facebook. Most of my friends there are barely active. I never use the app, only desktop with ad blocking, but still, nothing there is really interesting to me, so I'm rarely on FB at all. Across the web I never use it to authenticate, and if a private company asks me for any personal info, it's usually inaccurate info that I enter.

I have remembered a fake birth date, fake home address, and other details that I use for all these sites, unless they're related to commerce or legally justified purposes. We do not need to provide accurate info to private companies that mis-use our data (provided it is not required for our own reputational purposes).

Golly is Facebook extremely boring, dull, and utterly a user experience nightmare... I miss all my friend's birthdays frequently because the experience is so undesirable and unenjoyable on it.

Twitter is also fast becoming my least favorite thing to use as well because of a habitually botched user experience.

the point isn't the one individual service or actor, these behaviors are incentivized and enabled systematically and will repeat

free labor lol, they're providing a service. For free where free = no money, They give user a way to share with each other, ways to organize events, ways to sell things, ways to send messages with each other, ways to make calls to each other, ways to have video chat with each other, all for free (again free = no money). In return they put ads in your face and to make those ads more relevant they look at whatever data they can gather.

I don't like be spied on but gees, they aren't getting free labor. They're paying like crazy. As someone that once at a > $1000 phone bill it's amazing to me I can video chat with friends all over the world via FBs services and pay no direct money to do it and that to keep up with them I can now just post to fb instead of send out a newsletter or write each individual person

Many sites offer these things for free without the need to track you around the internet. Facebook's business model breaks social expectations of privacy. They make a lot of money because they sell other people your data through ad targeting.

Facebook controls the barely tech literate crowd by offering an aol type experience.

These services are popular with the masses. No one cares that they give data to facebook so they can be sold more things and leave them poorer.

You end up paying facebook no direct money but you have less money and spent when you didn't need to.

The only time I fill out pop-up surveys is when I want to enter wildly inaccurate data bout myself. That time back when Facebutt forced everyone to use their government names (as if it was an authentic requirement) I was shocked at how many people caved into entering their full name.

Companies are having a field day with all this data collection. I hope they get real karma for the deception.

there'll be no karmic payback or redemption story without organized action against the root of these behaviors. there's certainly no hope in a market solution

FB costs each family of four in the US, EU, Japan, and other wealthy nations roughly $468/year whether they use the survice or not.


I don't care, there are ways to build public goods services

Isn't answering on questions providing free labor to StackOverflow too? Providing way more value to their company? Do you draw a line between answering and reviewing?

yeah I would like to have a public space to help my peers and am trying to build that in adjacent spaces

The extension would likely need some sort of FB proxy in order to decode the provided URL to its canonical source.

That is, when copying a FB URL, you'd take the supplied value, feed that to the proxy, get the translated (and presumably canonical OR), and feed that to the clipboard buffer or share dialogue.

Needless to say, a fucking PITA.

Facebook could also just make it completely opaque, and just add random data to their urls(by which I mean a+b=c, not a+b=ab), and then subtract it on their end. Then you literally might not be able to see anything, not even the webpage directory.

So: pass the URL to FB to decode to canonical value, and return that for further operations (share, copy/paste, etc.).

This would have to be through an extension or an internal browser function.

The canonicalisation request would have to be w/o the initial person's FB identifiers as part of the request (e.g., cookies, etc.). FB might cotton on to immediate re-requests after URL provision, though that would be an interesting approach and yet further signs of expressly violating expressed intent.

Here is a good way to do it, block the entire domain :)

Piece of s**

They literally just announced they were doing it.


That's the old encoding (fbclid), not the new one (pfbid).

Wouldn't be the first time they implemented direct anti Facebook features.

Even if it can, it won't the next one. Which fb simply encrypts to url (assuming it is not encrypted already)

Why on earth would Facebook think it is ok to bypass that? This should be considered a violation of the CFAA. Start putting Facebook execs in federal prison.

I'm all for throwing facebook execs behind bars, but what part of the CFAA would cover encoding tracking data in a URL?

Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact