When you browse the web, clicking and clicking through links to reach
a webpage, all the pages you see are given back to you from various
webservers. These webservers are able to choose the right page thanks
to the URL holded by the link you click on. A URL often looks like https://stuff and you can see them in
the address bar of your web browser.
For exemple, clicking on a link, which URL is https://en.wikipedia.org/wiki/URL will ask
Wikipedia webserver to send you back the webpage about URL.
Some URL may be really ugly to see. For exemple, to ask Wikipedia to send you
back the webpage, which will allow you to modify the content of the URL article, you have to click on a link, which looks like: https://en.wikipedia.org/w/index.php?title=URL&action=edit.
The things you can read after the question mark in the previous URL (the title=URL&action=edit part)
are called parameters. Their aim is to
help the webservers to build complex pages, given a number of
options. This way, the same “page” will serve different contents,
for different parameters.
parameters are totally fine. The problem comes from the fact that they could be
used for another goal than helping the server to build the right
page.
In fact, webservers are very dumb things. They only do what they are
asked to do. Nothing more, nothing less. Thus, if the Wikipedia
webserver is configured to only handle the title and
action parameters, it will completely ignore
other parameters, which may appear in the URL used to display webpage from it.
That is to say, accessing all of the following URL will display exactly the same thing.
https://en.wikipedia.org/w/index.php?title=URL&action=edithttps://en.wikipedia.org/w/index.php?title=URL&action=edit&toto=tatahttps://en.wikipedia.org/w/index.php?title=URL&action=edit&tag=pistache&time=nowThis matter of fact is used by marketing and audience measuring
companies to put in the wild specially forged links, which will
display the webpage they are intended to, but leaks some other
information to the webserver, by the mean of
tracking parameters, which serve the
only goal of disclosing your browsing session to them.
You already see a lot of them, often on media websites, to help them know if you comes from Twitter, Facebook or an email campaign. Some may think there is nothing wrong with such a disclosure, but we think there is a sick race to gather the most information about us in our back, and we do not want to participate in this anti-privacy game.
As we said previously, all parameters do not have
necessarily a role to play to display the correct web page. Thus,
they can be removed from the URL of the webpage we are trying to display, without inferring with its
computation by the webserver.
If we take the following URL http://www.newspaper.any/what_an_article_1635831?utm_source=dlvr.it&utm_medium=twitter we can see two tracking parameters:
utm_source, which discloses the fact that you came on that page after having
click on a link using the dlvr.it link shortening service.utm_medium, which discloses the fact that you came on that page from Twitter.By removing this two parameters, we do not change the
way the webserver will retrieve the right article and send it back
to us. But this webserver is now a little more blind about our
origin, what is better for our privacy.
Finally, if you want to think more about your privacy in our modern web environment, We are pleased to let you know about other effort to preserve our privacy: