[humbleharbinger]

I wonder can they tell the difference between tracking params and good old unobtrusive query params?

[thomaslord]

Ultimately I don't think they can. How would they handle a link like `https://example.com/password_reset?prid=ZXhhbXBsZWNsaWNraWQ`?

I'm sure somebody will figure out a way to use multiple seemingly-legitimate parameters to get the same result. Why use ?click_id=aqNERjsdfyqe when you can use ?category=10612550&subcategory=5929127&page=4257344 and transfer the same data without arousing suspicion?

[neop1x]

Websites can use a single lengthy encrypted parameter to encode everything (query params and tracking data). And then what.. will they break all website links by removing the parameter?