trkid= not cleaned from Netflix links when codex.nflxext.com is blocked about addon HOT 6 CLOSED

The behavior you describe above is not a bug.

CleanURLs clears the tracking parameters before they are sent. However, when calling Netflix or Google, sometimes they are injected some tracking fields into the url after the call. These are not called, but serve to track relationships between users.

An example scenario: You're watching a movie on Netflix and would like to recommend it to your friends. In addition you send them the link to the film. Now Netflix knows through the tracking ID that you are in contact with the person you sent the link to.

ClearURLs will not delete the parameters you mentioned if you blocked the 3rd-party scripts because the URL with the tracking fields will never be called from you.

The tracking fields will be added after your call. This feature can also be found in the Mozilla docs: https://developer.mozilla.org/en-US/docs/Web/API/History_API (history.pushState).

That's why ClearURLs works correctly. If you allow the 3rd-party scripts, then the tracking fields are called in the background and ClearURLs can clean them up.

I have also written a small website for illustrative purposes on which you can understand the behavior: https://curl.kevinroebert.de

I hope you could understand my explanations.

from addon.

So if I'm understanding you correctly, it only cleans the tracking parameters once an attempt is made by them to "call home" and, in my example, since I had that particular Netflix address blocked, the tracking parameter couldn't make the connection, so ClearURLs wasn't activated to clean it. Is that right? If that's the case, ClearURLs is acting retroactively instead of proactively, which means that instead of simply analyzing the link, removing any tracking parameters from it, then navigating to the cleaned link, it's navigating to the link with all the tracking parameters and only when they make a "call" (do you mean call as in call home or call as in calling a function?) does ClearURLs block that call and remove them. I could be completely wrong, but it seems like cleaning them ahead of time would be preferable, because it would ensure no connections are made before it catches them and cleans them, and it would allow the link to be copied without all the garbage.

Or perhaps I'm completely misunderstanding what you're saying. After all, this statement

CleanURLs clears the tracking parameters before they are sent. However, when calling Netflix or Google, sometimes they are injected some tracking fields into the url after the call.

sounds like you're saying the tracking stuff is put in only after clicking the link, but in the Netflix example I gave, it's all there when I hover over the link and when I copy it.

from addon.

With call I mean a request to the server. ClearURLs cleans only those requests that are actually sent to a server.

There are also links on pages which are never called, e.g. in the Google search, you only call the links you are clicked on.

Something similar you have to imagine with the Netflix link. It does contain tracking fields, but it's never called by Netflix, if you're blocking the 3rd-party scripts.

Netflix and other vendors sometimes add these tracking fields after the request, so as to have e.g. bypassing addons like ClearURLs. You will only be able to track people who have not installed a privacy addon such as ClearURLs. But you will be protected from this trick (I've tried to show you the trick with my example page on curl.kevinroebert.de), if you have installed ClearURLs or something similar.

As a small proof that no request, even when clicking on the Netflix video is made, I have attached a screenshot. There I explicitly searched for netflix.com/watch:

The situation is different, however, if you reload the video with F5, then your browser will make a request to Netflix with the tracking fields. Then ClearURLs detects this request and deletes the tracking fields before submitting.

We purposely designed ClearURLs this way to purify the URLs when they actually call. Thus, we save a lot of computing power, because otherwise many unnecessary links would be cleaned up, but never visited or loaded by you.

To summarize in a nutshell: ClearURLs cleans up all the urls that are called by your browser, so no tracking field that could detect ClearURLs ever arrives at the provider of the page.

from addon.

Ok, I'm pretty sure I'm more or less understanding this, but the concern I have is that regardless of whether this addon is enabled or not, everything acts exactly the same. Hovering over links in a google search show the clean link, then clicking on them causes them to change to the tracking link, which is what you get if you copy it, but then when it loads the page the URL in the location bar is clean. Since it's like this with or without the addon, it doesn't seem like it's doing anything, even if it is in the background, and so I never know if it's actually working or not aside from looking at the logs, and I hate to just assume something is working. I take it though that's just how it is with this and I just have to have faith that it's doing its job?

from addon.

If you hovering over a url, does not mean you see the real link. It can be changed by a script. The real url is only final after a press on it.

Only at this point (the request) ClearURLs and I think NeatURLs (Smile4ever/firefoxaddons#134) too, clean up the request and not the shown url, from tracking fields. You can see all actions from ClearURLs in the log file and you can see the "blocked" counter growing. So you do not have to trust me, you can see a proof of work in the log and at the "blocked" counter.

I believe the real problem is an understanding problem. You must not assume that urls that you see when you click are also called. Urls can be manipulated in the background of scripts and this also happens with Netflix and Google, for example through the history.pushState function.

A url is always final and invariable only at the request to the server. This is where ClearURLs comes in and cleans up the request for tracking fields. You may not be able to see the cleaned url on your monitor, but you can see in the log files or at the counter that the request has been cleaned up.

from addon.

If you hovering over a url, does not mean you see the real link. It can be changed by a script. The real url is only final after a press on it.

I understand this. I think I've found the reason for much of my confusion, though. I was wondering why, when clicking the links, I was seeing all the tracking info, but there was no indication it was being cleaned. Even using the badge and log, I wasn't seeing it. Turns out, it was because I have the Do Not Track setting enabled and, somewhat surprisingly, that's apparently honored by Google. I disabled that and retested a link and, sure enough, the ClearURLs log showed the link being cleaned as expected. What got me to think to try that was your statement "You must not assume that urls that you see when you click are also called," which got me wondering why bother embed the tracking info if they're not going to use it. Now things make a lot more sense. Thanks for the help :)

from addon.