[minebreaker]

I strongly disagree with a lot of claims here.

>> if it isn’t there, it’s probably for a good reason. > which isn’t really true anymore. For most websites, the majority — not just the plurality, but the majority — of visitors arrive by following a link inside an email or an app

I don't think the statement is factually backed up. At least I hate native apps.

> Even so, my custom query string is, in my calculation, an expression of digital etiquette: rather than dump a load of anonymous traffic on your doorstep, I reveal who’s linking, so a website or online shop operator can trace it back and get in touch, if wanted or needed

Anonymity considered harmful these days?

> a wave of new subscriptions and weren’t sure if they were legitimate; a brief email correspondence assured them that yes,

It's not legitimate unless it's signed (and if anybody gives a shit to verify it).

> Note that a handful of sites do choke on unexpected query strings, including YouTube (!),

This is a good habit IMHO.

Anyway, I'm thankful to the original post because it was a good reminder to re-review my browser settings.

Honestly I don't understand why the EU focused on the stupid cookie law instead of referers which are clearly privacy-violating.

If you use Firefox I recommend you make sure `network.http.referer.XOriginPolicy` set to 1.

[intronic]

I also dont get why adding 'utm_source=Robin_Sloan_sent_me' somehow gels with his calculation it is 'an expression of digital etiquette: rather than dump a load of anonymous traffic on your doorstep, I reveal who’s linking'. Theres no actual link to the referring website just some bunch of characters which look like someones name and some of which are in the actual referring URL.

And yeah I'm also thankful also to see that firefox setting.

[randallsquared]

I am totally sympathetic to the "this isn't a legible link for machines". After all, this utm_source implies that some human is looking at the logs manually (or at least, trying to decipher aggregated utm sources manually). However, we are well into a transition to a world where this isn't true, and 'utm_source=Robin_Sloan_sent_me' is probably just as good as 'utm_source=robinsloan.com' for LLMs of 2026+.

[jampekka]

> Honestly I don't understand why the EU focused on the stupid cookie law instead of referers which are clearly privacy-violating.

Neither the ePrivacy directive (commonly called the "cookie law") nor the later GDPR focus on cookies. They are "technology neutral", applying to e.g. URL parameters and HTTP headers too, but just widely misunderstood and badly enforced.

[extraduder_ire]

It doesn't help that the most visible and best SEO'd sites purporting to explain the GDPR are made by advertising/tracking companies, or firms representing/selling services to them.

I'd guess that the average person doesn't know that the GDPR applies even when you're taking details from people by hand with a pen on paper.

[jampekka]

Yes. My diagnosis that this is due to bad enforcement and the refusal to make or stick to clear enforcement criteria. This lead to the deployment being that companies are as maliciously compliant as possible, with the criteria evolving as a loophole whack-a-mole with 10 year iteration time due to enforcers and courts dragging their feet.

[IdiotSavage]

Or set network.http.referer.spoofSource to true.