Remove tracking elements from URLs

[Swrup]

Pitch

I want mastodon server to automatically remove tracking elements from URLs, like the ClearURLs add-on already does :

Many websites use tracking elements in the URL (e.g. https://example.com?utm_source=newsletter1&utm_medium=email&utm_campaign=sale) to mark your online activity.
All that tracking code is not necessary for a website to be displayed or work correctly and can therefore be removed—that is exactly what ClearURLs does.

Another common example are Amazon URLs. If you search for a product on Amazon you will see a very long URL, such as:

https://www.amazon.com/dp/exampleProduct/ref=sxin_0_pb?__mk_de_DE=ÅMÅŽÕÑ&keywords=tea&pd_rd_i=exampleProduct&pd_rd_r=8d39e4cd-1e4f-43db-b6e7-72e969a84aa5&pd_rd_w=1pcKM&pd_rd_wg=hYrNl&pf_rd_p=50bbfd25-5ef7-41a2-68d6-74d854b30e30&pf_rd_r=0GMWD0YYKA7XFGX55ADP&qid=1517757263&rnid=2914120011

Indeed most of the above URL is tracking code. Once ClearURLs has cleaned the address, it will look like this:
https://www.amazon.com/dp/exampleProduct

Motivation

This practice has no place on the fediverse.
Many users care for their privacy and don't want to be tracked by mindlessly clicking a link and expose others by accidentally sharing a link containing such tracking elements.
Many server administrator want to protect their users and don't want to enable companies to track them this way.
There is many clients so implementing it on the server is better to protect everyone on all platform.

Discussion

I think there are two choices:

• The server administrator could choose to clean all URLs or not.
• If the server allows it, the user could choose to only receive/send cleaned URLs

What do you think about it?

[shleeable]

I support the root request. Sadly, like the CleanURLs plugin... this is a fast moving target that regularly changes and will likely need to be maintained/updated to be effective.

[Swrup]

I think the only thing that will need to be maintained is the list of parameters to block.
So if we want the filter to be up to date we can fetch the file containing the list of regex rules to apply from the ClearURLs project.
Also the most common trackers stay the same, the list of regex maintained by ClearURLs doesn't change much.

[zapashcanon]

I'm the administrator of a small instance and I strongly support this feature request.

Actually, it could be possible to simply re-use the list maintained by ClearURLs and update it automatically from time to time. There would be no maintenance cost.

[fbausch]

As a Mastodon user, I would love this functionality.

[ccoenen]

Personally, I think changing a user's input is an anti-pattern. Even if this is well-intentioned. I would like to suggest making this visible for the author of a toot to decide. For example:

• Me: enters a url with all sorts of utm_foo stuff
• Mastodon: "Hey there, you posted a link that will track other people. Tracking is considered a violation of their privacy. Would you like to automatically remove those tracking features? [Yes/No]"
• Me: SLAMS THAT YES BUTTON

This has the advantage of also telling people about this tracking pactice.

[d4f5409d]

Personally, I think changing a user's input is an anti-pattern. Even if this is well-intentioned. I would like to suggest making this visible for the author of a toot to decide. For example:

* Me: _enters a url with all sorts of `utm_foo` stuff_

* Mastodon: "Hey there, you posted a link that will track other people. Tracking is considered a violation of their privacy. Would you like to automatically remove those tracking features? [Yes/No]"

* Me: _SLAMS THAT **YES** BUTTON_

This has the advantage of also telling people about this tracking pactice.

This is a really nice solution. I see in this many potential.

[Swrup]

I agree, it is better to let the user know.

But how would this be implemented?
In the client-server API their is no "error handling" when posting a status.
When a client POST a status, it expect a "200 Success" response and nothing else.
How can we ask to set a "tracker cleaning" setting before posting the status?

What about cleaning statuses from others but containing a tracker?

I think we could have one simple "remove trackers from every status I receive/post [yes/no]" setting.
Or two settings: "remove trackers from status I receive" and "remove trackers from status I post"
These settings will have default values defined by the instance administrator.
And maybe the administrator can choose to automatically notify a user of those settings, in some way (?), the first time the problem is encountered.

[realpixelcode]

Generally, I like this idea. However, I think there might be situations where parameters are blocked that the user intentionally inserted. Maybe a reader-side option would be a solution for this.

[Swrup]

A client side option would mean every possible activitypub client would have to do it.

Only parameters identified as being trackers are on the ClearURLs list, not just any parameters.

[scollovati]

Generally, I like this idea. However, I think there might be situations where parameters are blocked that the user intentionally inserted. Maybe a reader-side option would be a solution for this.

The Fedilab app actually has a feature flag (in the privacy section) where a user can choose to strip all UTM query parameters.

This is a good thing both from UI and privacy perspectives.

Hope that @mastodon implements this in the mobile applications.