This is an example of a share URL provided to you from TikTok when you click the "Share Link" button from the share menu:

https://www.tiktok.com/t/ABCDE1gHIJk2/

When you click that link, it will redirect you to a link like this:

https://www.tiktok.com/@fakename/video/1234567890101112131?_r=1&_t=1aB2CDe3fG

It has some extra bits at the end, so let me show you it's breakdown:

https://www.tiktok.com/@fakename/video/1234567890101112131 is the actual URL to the video you want to share. When you see a ? at the end of the URL, you are entering into the parameter zone.

?_r=1&_t=1aB2CDe3fG is not required to share the video, and it is the bit of data the app needs so it can present the popup you see after clicking the shared URL. When you click a shared URL a box appears before the video that says:

<Username> has shared you a video! 
<Profile Image> 
Do you want to watch & follow, or just watch?

[ Watch & Follow! ]
[ Watch ]

If your display name on TikTok is your whole name, well, everyone clicking the link now knows your name. If your TikTok username is a common username you use on the wider internet, well now you've linked that common username to the name you use here. If you're posting videos on your account that show your face... you get the idea.

So what should I do?

When you click the share button and get the link, open it in your phone or computer's browser first. Then, copy the part of the URL that is BEFORE the ? and share that link. There are also TikTok privacy front ends for TikTok like ProxiTok. One easy way to provide those links instead of a direct link is to use Farside.link. You do so by adding https://farside.link/ to the front of the TikTok URL. Like this: https://farside.link/https://www.tiktok.com/@fakename/video/1234567890101112131. Farside also works for things like Twitter, Reddit, Instagram, among others.

Anyway, hopefully this helps some people. Stay safe comrades.

  • CyberSyndicalist [none/use name]
    ·
    2 months ago

    @dessalines@lemmy.ml

    Someone should make an issue for common referrer/tracking urls to be automatically scrubbed on submission. Would retain privacy and also help to disincentivize affiliate link spam.

    .

    I don't want to use my github account for opsec reasons

    • Dessalines@lemmy.ml
      ·
      2 months ago

      We already do some scrubbing on links, so you could add this to the clean_urls function in lemmy. Lmk when you have a PR for that.

      • Awoo [she/her]
        ·
        2 months ago

        Their profile page is still under construction I'm not sure they would know how. But hopefully someone does because it's a solid suggestion. Maybe hexbear could add it then push it up.

      • BakedCatboy@lemmy.ml
        ·
        2 months ago

        It would be cool if it was possible to use https://github.com/ClearURLs/Rules/ as a rule source, either as a built in option or configurable with a config option.

        • Dessalines@lemmy.ml
          ·
          2 months ago

          Totally agree, I'd def appreciate if someone could add that as a git submodule and do a PR. Open an issue if you would.

          • RedWizard [he/him, comrade/them]
            ·
            2 months ago

            Alright, not sure if I understood the assignment, but I've created a pull request that adds the CleanURL repo as a submodule and created an issue for it: https://github.com/LemmyNet/lemmy/issues/4905

    • quarrk [he/him]
      ·
      2 months ago

      Building it into the platform would be incredible

  • drinkinglakewater [he/him]
    ·
    2 months ago

    Would also recommend the CleanURLs extension that tries to remove tracking elements from URLs you click. It's not 100% perfect, especially against those shortcut links, but the "Copy Clean URL" button when you right click makes it easy to share stuff without the tracking bullshit

  • citrussy_capybara [ze/hir]
    ·
    2 months ago

    appreciate the PSA, seeing more bad links with trackers shared lately

    the new reddit-logo share button also does this, and the youtube &si= tracker

    another option if an obfuscated link from someone else, use a site like https://urlex.org/ to expand the url without opening the link and activating the tracking, then edit the url to generic

  • quarrk [he/him]
    ·
    2 months ago

    Anyone who uses TikTok should visit the privacy settings and turn off all the options under “Suggest your account to others”, especially the one for “People who open or send links to you”.

    Show

    Since turning this off, my shared links don’t display my username anymore. There are still some parameters left, presumably for tracking, so the advice in this post is still applicable even with this setting turned off.

  • Chronicon [they/them]
    ·
    2 months ago

    seriously important PSA. A whiff of convenience and people are completely disregarding opsec and allowing our community to be mapped out by these companies

  • Assian_Candor [comrade/them]
    ·
    2 months ago

    Do ? exclusively precede parameters? Like could we extend the site to drop parameters either automatically or optionally (opt in?). Seems like it would be easy w regex

    I don't know shit about rust but I could fuck around and see if I could get it to work, it's about time I did something useful around here

    Edit: we could easily do it for a subset of domains like tiktok and YouTube etc

    • underisk [none/use name]
      ·
      2 months ago

      ? Is the part of the url that marks the start of the parameters section, which is a list of key=value pairs separated by &.

      Some URLs require those to properly link to the resource you’re trying to share, they’re not entirely tracking data except on certain parts of sites like Twitter and apparently TikTok. For example YouTube uses the parameter “t” when you link to a specific timestamp in a video.

      Edit: also do not use regex to parse a URL. Plenty of library code out there to do that without going down that dark path.

      • RedWizard [he/him, comrade/them]
        ·
        2 months ago

        But if you have to use regex use something like CleanURL's providers json file. No need to reinvent the wheel and its crowd sourced.

        • underisk [none/use name]
          ·
          2 months ago

          Programming is all about finding the code other people wrote that does 90% of what you need then gluing it together by writing that last 10%. Unless you’re maintaining a library, in which case thank you for your service.

  • erik [he/him]
    ·
    2 months ago

    I avoid this issue by being too old to have a TikTok account.

  • HexBeara [none/use name]
    ·
    2 months ago

    Look at me, making history day at a time, a post about me showing my whole doodooass. Good post though, I'm ignorant about this kind of stuff and I'm sure others may be as well, and going forward there shouldn't be anymore issues (concerning tiktok at least)

    • citrussy_capybara [ze/hir]
      ·
      2 months ago

      that link has even more junk upon opening
      https://www.tiktok.com/@/video/7362359406396263726?_r=1&_d=REDACTED&preview_pb=0&sec_user_id=REDACTED&share_app_name=musically&share_item_id=REDACTED&share_link_id=REDACTED&sharer_language=en&source=REDACTED&timestamp=REDACTED&u_code=REDACTED_id=REDACTED&utm_campaign=client_share&utm_medium=android&utm_source=copy

      cut everything after the ? first https://www.vxtiktok.com/@/video/7362359406396263726

      the short links have your account info in them [redacted screenshot below with personal info removed] so anywhere on discord (or here) you share links can see it

      Show