| > Or am i just being downvoted by people who don't want anybody to know that it's possible to stop this form of tracking? I think you are confused how this works. Because it would NOT be possible to stop this type of tracking. That is why you are being downvoted. The downvotes are because you are simply wrong, not because there is a conspiracy on HackerNews of people that don't want other people to know that it is possible to stop tracking. Here's how it works: In the example given above, you only have the url vm.tiktok.com/[short-url-id]. This URL does not represent anything on its own. When you click the link, it goes to a tiktok server that looks up the `[short-url-id]` portion of the url in a database, which contains the actual video id/url that is trying to be shared, along with additional metadata about the share such as the person that shared it and the device the user is coming from, etc. This information is then logged in a data warehouse or sent down a data firehose to eventually perform advanced analytics to TikTok. All of this is happening while you are waiting to get the real url of the video back. Yes it's only a few milliseconds, but by the time you get the url of the video back so that you can actually watch the video, the data has already been logged. Your privacy is already compromised. So your suggestion is to "unmask" the url and "untrackify" it and then give the user the end-url with the actual video. The problem is that the only way to get the real url and to "untrackify" it, you need to contact TikTok and they will already log the data before you can get the real url back. You can't simply "unmask" it. Only TikTok knows what the real URL is. In order to get the real url you need to ask them (by following the short url link) and they will log your data before they give you the real url. There isn't any way around this (other than not using the vm.tiktok share links). I am not sure if the "real url" that tiktok gives you contains url parameters in it or not. It probably does. So you could theoretically remove those. For example turn tiktok.com/video-url?sharing_user=username123&device=iphone into tiktok.com/video-url. This would be possible. But it wouldn't do anything to protect your privacy. It would simply remove the "[First Last] is on TikTok" message. But the data already got logged when you exchanged the short-url for the long-url. So the privacy damage has already been done. This is why "unmasking" simply doesn't do anything other than give you the illusion of privacy, without any change to real privacy. By contrast, when you see a url like cnn.com/news-story-url?utm_source=facebook and you remove the parameters from that type of link, you can actually overt a certain level of tracking because the tracking hasn't been logged yet when you remove the parameters. So removing the params into the link cnn.com/news-story-url and following that, will avoid the tracking because the tracking is done on the actual visit with that specific url. Since you removed the tracking parameters, the website now has no data to actually track. |
Preemptively opening the link as the sender will send a request to TikTok, but they're not really gaining any useful data there since you just watched the video, hit share (this is what they know so far), and now you opened the link that you had generated. So their database only learned that you shared a video with yourself, which you immediately opened.
The more valuable data is when various intended recipients open the link, allowing TikTok to associate you with them to serve more targeted videos based on implicit social graph, etc.
Moreover, opening the link yourself to get the "canonical url" protects yourself if you're sharing the link broadly since others can't obtain your name [and potentially more?] from the shortlink.
Now, if you're the recipient, there's not much you can do to avoid the tracking link, besides opening it up in as much of an anonymous environment as possible. But interestingly enough, I find the privacy threat greater to the sender. The sender has a TikTok account to aggregate data quite straightforwardly, unlike the recipient. The sender is also being associated with a number of recipients, vs. the recipient with only one sender, and again only through cookies, IP, or something of that sort.