contextPlus icon indicating copy to clipboard operation
contextPlus copied to clipboard

Published 20 hours ago verified publisher icon totallymike

Consider removing known tracking get params

Open jonathanKingston opened this issue 8 years ago • 4 comments
trafficstars

The risk of leaking information across a container is very high.

It would be great to filter out known parameters when reloading the URL.

This perhaps could be an external list similar to HTTPS everywhere which blocks params like utm_source and filters other params based on content.

jonathanKingston avatar Jun 06 '17 12:06 jonathanKingston

Ooh this is a valid concern. utm_source is a good low-hanging fruit. I'll peek at HTTPS Everywhere to see if I can spot a list of others they filter for. Can you think of any other params, or other obvious heuristics to filter for?

Thanks!

totallymike avatar Jun 06 '17 12:06 totallymike

I don't think they have a list, I was using them as an example as the rule format they have likely will become it's own repo.

UTM as mentioned is the super low hanging fruit here which can be the initial work 👍 https://en.wikipedia.org/wiki/UTM_parameters

I'm asking people at Mozilla if we know of a list like this.

Similar bug here: https://github.com/jonathanKingston/fix-my-http/issues/8

It would be worth considering checking for value leaks too like usernames or credit cards however that will be much harder.

jonathanKingston avatar Jun 06 '17 13:06 jonathanKingston

For UTM parameters there's: https://github.com/Rik/au-revoir-utm

HairyFotr avatar Mar 24 '18 14:03 HairyFotr

I would suggest using Neat URL to achieve this, this is way out of contextPlus' purpose.

Madis0 avatar Jun 04 '18 08:06 Madis0