967
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 29 Nov 2023
967 points (99.1% liked)
Technology
59205 readers
3133 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
I'm rather certain, the way it works is that it removes parameters that are named like well-known tracking parameters. For example, most webpages use Google Analytics, so you see UTM parameters everywhere.
A "reset your password" link could theoretically use a parameter that's named
utm_content
, then it would presumably get removed by this feature, but I see no sane reason why one would name their password-reset parameter like that.In general, such tracking parameters are usually named in a way that it will rarely clash with other parameters a webpage may want to use, so for example they may have a prefix like
utm_
.Oh, so it's not just stripping the GET parameters? Okay, that's smarter than I was assuming
Stripping all GET parameters would break many, many legitimate webpages. 🫠
Looking at some comments on the linked post, I think you are right, and it would probably be fine for things like a password reset. I could play around with it, but my laptop is in the other room.