Facebook is actively fighting back the attempts by browsers to provide their users with better protection against unwanted tracking on the web.
And for all the talk about using encryption to ensure privacy and improve security in its apps, Facebook seems to have managed to find a way to turn encryption against internet users' best interest.
In order to prevent browsers like Brave and Firefox from deploying URL stripping that removes tracking parameters added to links by Facebook and others, like Amazon, Facebook is reportedly turning to encrypting links.
Instead of changing tracking parameters in URLs, they are now encrypted and cannot be automatically removed. This means that browsers at this time cannot do anything to prevent tracking via Facebook URLs.
One recourse is to stop using Facebook, and another not to sign into it and delete site data and cookies often – since URL tracking alone is not as efficient a tracking tool for Facebook if not paired with the latter two.
For now at least, the URL stripping functionality is still useful in a large number of other cases where parameters are appended in order to track users across the internet when they're not on the sites that are tracking them, Ghacks reports.
Until now, Facebook used its “click identifier” (fbclid): Google's version is known as “gclid,” while Microsoft has “msclkid.” These added parameters have only one purpose – to track users, and are not needed for sites to operate correctly. Unless, that is, the personal data-hungry sites like Facebook make it impossible to remove them.
In that case, a link to a post will lead to the main Facebook page of an account, rather than the post itself.
Brave Browser has been stripping tracking from URLs by default for several years now, while Firefox introduced it (“Query Parameter Stripping”) with the version rolled out this June.
In Firefox, the feature is on by default only in so-called private browsing mode. Users can also activate it by going to the settings and choosing “strict” Tracking Protection, or via the configuration page (“about:config”).
Or they can use an add-on, like the open-source ClearURLs that automatically removes tracking elements from URLs to protect privacy.