Skip to content
Cross-browser extension to automatically undo facebook’s downright shady link destination swapping
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


A cross-browser extension which automatically undoes facebook’s downright shady link destination swapping. More at

How to Install

fb-anticlickjack is cross-browser (courtesy of Kango) and can be installed on Safari, Firefox, Chrome or Opera.

  1. Clone the repo (downloads offered soon)
  2. Navigate to /output

Then, depending on your browser:

  • Chrome:
    1. Navigate to chrome://extensions
    2. If not already enabled, enable Dev Mode (top right)
    3. Load Unpacked Extension, and select /output/chrome
    4. fb-clickjack should pop up in the list of extensions. yay!
  • Safari:
    1. Open /output/fbanticlickjack.safariext
    2. Trust the extension and it shall be installed
  • Firefox:
    1. Tools -> Addons
    2. Extensions
    3. Little cog in the top right -> Install Add-on From File
    4. Select /output/fbanticlickjack_0.9.0.xpi
    5. Trust it
    6. Restart it
    7. Configure it
  • Opera:
    1. Open /output/fbanticlickjack_0.9.0.oex
    2. It will install and show you where the button is


Facebook does some über shady stuff. Take a look at this link markup:

<a href=""
	onmouseover="LinkshimAsyncLink.swap(this, &quot;http:\/\/\/a\/world-food-prize-monsanto-syngenta\/5\/4\/?sub=fb&quot;);"
	onclick="LinkshimAsyncLink.swap(this, &quot;http:\/\/\/l.php?u=http\u00253A\u00252F\\u00252Fa\u00252Fworld-food-prize-monsanto-syngenta\u00252F5\u00252F4\u00252F\u00253Fsub\u00253Dfb&amp;h=vAQGPZeS2&amp;enc=AZPU8l070clXWw6LHhO4o4DptNXHUJ-arcfAYrU_b9C9hbEWvbrlI_MaFREKw0ndh6ayQWiStDoBTzV4G_UAy8yAuDGtTxEFHVQMr7kfTgP0ummGczPBxRufyw3VG5TX_gA&amp;s=1&quot;);">They're giving the "Nobel Prize of Agriculture" to... Monsanto??</a>

Messy, huh? The point is, whilst the source of the link is perfectly legit, Facebook added some code which changes where the link points to as you click it. Predictably, it’s routed through their l.php redirector, which is tracking you.

Now, Facebook is more than likely already tracking everything you do, but there’s no reason to hand it over on a silver platter when it’s so easy to prevent.

You can’t perform that action at this time.