Dennis Hackethal’s Blog

My blog about philosophy, coding, and anything else that interests me.

Published

Change Twitter Links to Improve Your Privacy

Take any tweet. This one, for example.

The full link to that tweet is:

https://twitter.com/CerebralWisdom/status/1548009507766226945

That’s the URL when you copy it manually from the browser’s URL bar.

However, if you instead click on the share icon underneath the tweet and select “Copy link to Tweet”, Twitter appends the following information to the link before copying it:

?s=20&t=jU2DlkUwoNNqWmaFxC

These are query parameters. The question mark signifies the start of the query-parameter section of the URL; s and t are parameter names (aka keys); 20 and jU2DlkUwoNNqWmaFxC are their respective values. Key-value pairs are separated by = and the & signifies the start of the next pair. (I am providing a fake value for t, but that’s more or less what it looks like: it’s always an alphanumeric sequence that contains lowercase and uppercase letters and has roughly that length.)

Since the link works just fine and the page looks the same with or without these query parameters, I’m guessing they fulfill some purpose internal to Twitter. Specifically, I’m guessing they are designed to track you because they can tell Twitter who you shared that link with.

Here’s how it seems to work in detail. When you open up Twitter and save links to various tweets to your clipboard, they all have the same query parameter t. That parameter only changes when you refresh the page, so it’s generated on page load, and so I’m guessing it differs for every user. I don’t know what s is used for.

I guess that Twitter internally associates the parameter t with your account and browser session. They then identify you as the link’s originator whenever somebody clicks on it. That tells Twitter something about your social network off Twitter. When a visitor to your link is logged in, Twitter can associate you two more precisely.

You should remove these parameters from Twitter links before sharing them. This practice may increase your privacy because links without these parameters could have come from anyone.

By the way, the chat app Telegram is particularly bad for privacy in this regard because it loads previews of links as you type, not just upon sending your message. To generate the preview, Telegram has to load the link – meaning it makes a request to Twitter, who can then use those pesky parameters to track you. You need to remove them before pasting them into apps like Telegram. I recommend either editing them in a plain-text editor like macOS’s TextEdit first or, even easier, copying them from the browser’s URL bar. Depending on the information Telegram sends to Twitter to preview tweets in a chat, it may divulge more information about you – e.g., merely the fact that you use Telegram, which is something Twitter did not (and need not) know about you.

Worse, say you have an anonymous account somewhere and use it to share a Twitter link you’ve generated, including these parameters. At the very least, Twitter will know that you are somehow associated with the anonymous account.

In short, always remember to remove everything starting at and including the question mark from tweet URLs.


What people are saying

What are your thoughts?

You are responding to comment #. Clear

Preview

Markdown supported. cmd + enter to submit. Your comment will appear upon approval. You are responsible for what you write.
This small puzzle helps protect the blog against automated spam.

Preview