Open Kusresa opened 6 years ago
Can you provide the exact steps (original Google URL) to obtain this result? And just for reproducibility, which browser version and extension version are you using?
On Firefox 58 Beta, latest version 4.20
I can't reproduce this. Can you share the URL of the search result page? "In Firefox address bar type in 'music video'" assumes that my default search engine is Google (it is not). Even if I select Google's search engine, I end up on a page where the source looks like a table containing:
<a href="/url?q=https://m.youtube.com/watch%3Fv%3D2Vv-BfVoq4g&sa=U&ved=0ahUKEwj6wcHF9c3YAhXJCsAKHW7JApMQuAIIDDAB&usg=AOvVaw2aWJ5XdrMi1GIHdENnuJBe"><img src="https://img.youtube.com/vi/2Vv-BfVoq4g/default.jpg?h=69&w=92&sigh=__Y90Cs0FC3cFfxZ0hEDy7NSouOhA=" alt="Video voor music video" width="92" height="69" border="1" align="left"></a>
When I tap on a search result, I am immediately directed to a YouTube video. For what it's worth, I am trying to reproduce this in a private tab.
URL is: https://www.google.com/search?q=music+video&prmd=ivmn&source=lmns&tbm=vid&sa=X&ved=...
One thing I just realized I forgot to mention, I'm using the "Chrome UA on Google" Firefox addon since Google's interface for Firefox is poor. I just tried with the default UA and like you I am redirected directly to a Youtube video. So I'm guessing it is only done on the layout showed to Chrome users.
I tried to reproduce with Chrome's UA override, set to Chrome Mobile (+Device toolbar), and see the following HTML:
<a class="_p6m" data-url="intent://www.youtube.com/playlist?list=PLFgquLnL59alCl_2TQvOiD5Vgm1hCaGSI#I…gle.nl;launchFlags=0x8080000;S.intent_description=Popular+Music+Videos;end" data-weburl="http://www.youtube.com/playlist?list=PLFgquLnL59alCl_2TQvOiD5Vgm1hCaGSI" href="#" jsaction="bct.cbz" data-ved="0ahUKEwjmx5jYgs7YAhUD_SwKHffWBEgQxa8BCCQwAA" ping="/url?sa=t&source=web&rct=j&url=%23&ved=0ahUKEwjmx5jYgs7YAhUD_SwKHffWBEgQxa8BCCQwAA&usg=AOvVaw0VTJzWxrN8ZFOD4xbU2nov" oncontextmenu="google.ctpacw.cm(this)"> ... </a>
Upon pressing the mouse, the link (href) turns into:
/url?sa=t&source=web&rct=j&url=%23&ved=0ahUKEwjmx5jYgs7YAhUD_SwKHffWBEgQxa8BCCQwAA&usg=AOvVaw0VTJzWxrN8ZFOD4xbU2nov
.
This is bogus, but different from what you are observing. I'll try spoofing the UA on Firefox mobile later.
I tried spoofing "Mozilla/5.0 (Linux; Android 6.0.1; SM-G928F Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36" as the User-Agent in Firefox (responsive design mode), and get the same effect as reported in https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-356693730
Are you able to reproduce this bug in a private tab (without cookies)? I don't have the YouTube app on the mobile device for testing. Could it be that this redirect URL only appears when you have (at some point) opened the YouTube app?
I can reproduce this tracking link every single time - in normal/private browsing and with/without cookies (with the Chrome UA on Google addon enabled) .
I have disabled the Youtube App and it still happens. I think this occurs when you have an app installed on your Android (or even an app that can be installed on Android) when that app should according to Google be used to open the Google link because I have reproduced links which have a different values for the app=
parameter (example: com.vevo
. I have no VEVO app but in Google Videos Search it will show up as Youtube app
or Vevo app
under the link title so Google indicates which app they think a link should be opened with). Have also come across com.dictionary
in normal Google search (not under Videos) when visiting a dictionary.com link which has no indicator of an app to open with (unlike the Vevo example).
Can you paste the exact URL that you are using to access the search results?
And just in case I cannot reproduce with that exact URL, can you:
<a>
element that contains a search result (similar to what I posted in https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-356693730 ).Copy the HTML source of the <a>
that you selected in the last step and share it with me (maybe by mail if you are concerned about sharing potentially private information; though you could use a private tab and not log in to avoid such undesired information leakage).
Just to make sure that we are looking at the same thing, also share a screenshot of the page.
URL: https://encrypted.google.com/search?q=Music&prmd=vin&source=lnms&tbm=vid&sa=X&ved=0ahUKEwjQkc2Qxd3YAhVDa7wKHTHwCY4Q
https://i.imgur.com/oVJicZP.png
<a class="_p6m" data-url="intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end" data-weburl="https://m.youtube.com/watch?v=yd8jh9QYfEs" href="#" jsaction="bct.cbz" data-ved="0ahUKEwi68r7Nvd3YAhVNNbwKHQTXDnIQxa8BCCUwAQ" referrerpolicy="origin"><div class="g _Bhm"><div class="_V9p"><div class="_vhm"><div class="_Dhm"><span class="_Chm" style="padding-left:20px;padding-right:5px">3:54</span></div><div><g-img class="_whm" style="height:90px"><img id="uid_dimg_1" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAUDBBAOCggIDg8ICQgPCgoJCQoICgoKCQ4ICQ0NCgoICwoNChwLCA0PCgkJDRUQGh0dHx8fCg4WGBceGBAeHxIBBQUFCAcIDwkJDxYVEhMcGh0bGBoVGx4bHBceFhIVFRUXGBcVGBMSFRUXFxcVFxcaFRUXFhIVFRYVEhUdEhIVEv/AABEIAFoAeAMBIgACEQEDEQH/xAAcAAABBAMBAAAAAAAAAAAAAAAAAQUGBwIDCAT/xAA3EAACAQMCBAMGBAQHAAAAAAABAgMABBESIQUGEzEHIkEUMlFhcYEjkaGxFTNCUghicnPB0fD/xAAbAQACAwEBAQAAAAAAAAAAAAAABAECBQMGB//EACoRAAICAQQBAgQHAAAAAAAAAAABAhEDBBIhMUFRYQWx0fATIiMycoGR/9oADAMBAAIRAxEAPwDjKinazs1OhGV1kPaRpUSLT94/+alnF+RohF1o5GICFmDMjDIGcBwoAH2qUr6FM2uxYZKM/PRXtLU65F5RhuoZWaR4ZgxSMF49JbAOcFdTjfsPzpzbwqb2rp6ibTSGMmwbOMFcYx33z8KKZxyfFdPjm4TlTXt8vUrGipTz1wKK3MaI0kkjDJ1MhAAOPRc7n9qjXSONXpRQ3hzxywU49M10U423A5mAZY5WBGQVUnY9jXnvLF0IDpJGfTWrLn6ZG9VtHY81FZFaSpASislHegrQBjRS0YoASilpKAJ3wa5EVnJC1rLK7ZdHdepFqIwG7eXA+FevhUcQWEyQlGYZYB3KB9QCHps2BnOcU78N4FdaEu4D1ozF0ukZAmhyq+cKw0P6GmV+B3TMI5ZLa30nZWeJSGIxq0r3OKtTTPNPJjyN1NLm3+Z3fpXgz4Fwi2do4AHEk0czQyyPhUliLYXAHYFM5qXXFs5sBwt7mCO+UAyO7tjogsdPUAySEXf6fOoLJy1MzJChleOFXQTaSkQDMWk0v2K5diW39fSlh4O7NqYliVDhnJBaMt01k33wcZ+m9TCNk58MZtPfdO+eeea78V4GbnmxSK8lgj9xMJ3Jy6jzHJOT5s1v5S4eJp4oD7gw7/P4L+Z/StPN/Dnin/EUrghTq97UAC2oHfPmBz65yDXq8O74JexhvdOpSRjPl3GMnHoapltRe03NNTjG3Z0pyVyupCAgDYflTtzhyZC0TJhJMjdWUEffamrlrm+HyoTIvoGZRoz8NQbvUi5m4i625khGolSQ2nV5QNyPT71kK1w+zTVPk5N8TeVDaTYCkW7ktCx3wR70Jb1xsR8j8qh1W/4jw3VxHOhij0IHnmkciWYGAZLJKrGPQylgoX4HIGRmoa1Mbe3kVdXwbra2LBiOw/f4VrkQg4OQfnTry+Ada752I32/L1NJxtTkEdvWujVJMW/G/U2MaKKWioGBKSlNLQB1N4Uw6rUp/pI+6L/1XmsvDWCL2h7jpXTtKZurMuGEbkHS2XI2Ac52+lRXw18QBHG9t0Z5LvSjQwjZpEVQH0bZJCqz4xvpOKf+ZbVuIXts0SXEMUatqugbi2kTUMGMxzWwWRmyw2z65IzTO6L9z55DTanDqJ29sXy38v8Afu6GDlm/jh4mlnaSdSynBikj/mxrK4ZVZFby7Np2+Z+0tWZHFtfC3I4izeytrjxBHPAWBcx99QCHyn5D0pu4fyVBwt04jcXINxqPsgaF5F6x31tGh6kmlc/CrVTlm8e9u5gyeyGyV0LRHT1MNpwmdpg/nbbs2mq9Gq5wk007Xr6/U5Y8YLt5L+ZpG8oMfSXAGpNPTaTAGkEsn6/KopahRJA7ANFrAkz/AG5wxwDnt5vuKtbxo5QDx2vEIpUmGhhchY3jKNkEHS2+klmH2qmi3vL3Gf1HrVJNW0ei0ji8aUfB194V8jW8cKzhlniEZ0h0TXpLdQZcDLYON/gAO1WnwyeNbIMTBF05TjWyg6JTsoXuwO35/OuTvAbnQqVsJJdI7QrIPKV7aQc5bH9v5fK8uQJVieQ9LhNvKp0LLaQ24kxsNZeWRWt3KNnsw8xAJG5y8kJylTNXDtS4HHxA49F7NNG0SxdRHAcIyagQRgxkZUkfEVwxXZPPV4ipe3RZpVEekytIZIxpyXSHyhQPdBYAZI7eUVxs1d9OmrspmpOke7gsuJUHoTpP32H6mnrikWx+9eLlq3XJuHI0ID5f8wA0n7k/pRf8WBzswGDjNNvoy80XLInHwMlLSUCqjwUtIaWgCecgc1x286XhigkuR5czPKuF06NSFQVVsZ7j12qx7rxyDtpjtZZJfdRUl1KxBOCD0tePtUd4VygrILgvoJWExoYInQKFHULavfLHt8O+aebziCp5UEUW2PwUVCfmSBmukd0TxmqzaTNltQcpfyfHsSPlHghnuYuNcVlhgCENbWIOrAU5QFAS777kY32ycbCdcT56nmncwySwWvSNuI107jWW9o93VHIyaF77YOO9U1ZcQGcnc571IIOYlQA5ApXLmfSNXSaFZGp5P6XhEvawjcG3lwyuCGVtww9e/eqE8VeQxaX0UIbTaSkNHM+ohUJw+oKpc9POTgE47Ak4qdcwc+gBJMDyujBmOPKCNYUZy2U1DHzrb4ycSWSyjlI1BF6oIxnW7pEignsDrZj/ALfzrjik93JsSioftKEs4cyaQ6oRko7EqNS7r5sZQnG32p95l5juG6EcwC3EWB1CuJGTuof+mQfOtfCOIQws5eLryBT09xpSUnIPwfGwz+lMV9dNI7SOSzH1Jz9h8BvTTVs6Rdlv8J54e+S3sW6cUMSh3UkB5Zh/LUL6IpGsn4qvp3gPPXLZhmkZBqhI14H9Ge6/MD/3amDhl0Y5Y5RkFWB2+Hr+masHj9yrxh8hwy5zk9jS0rxz46GFUo8ldLKQpUEgHGoenl7fvSSyE4zue29ZXaAMcdvhWnFNJ2jhQUtFFSSIaWkNLQBctvPcTW9q8EM88L3MXDImhXUrcRaMSJaDHZzH5voCc7Vhccg8VYQsOH8SYSSSRQkRZ1SQh2YL5s40wyFT2bQdJNR/wa8Ubjhf8TjgaMC5tTCplziG7GRBxGMiMkTRLJOq+n4pz2FTzmX/ABAT/wAPt7WKGK14ksfC4pL22ubSSJ14NIs1tIIEtesGaSNMo0jKNLaUHUOJbbMzD8L0+J8LkifLXJvFLmOKa3sb64ikha5ieOPytAjGPqAk7anVgo/q0tpBwcR22uZHN0JJEtDDq6iTq3X1qdBjWE4JYPhSD2qzk/xIdW5u5byy9ps2uuH3tja2d9JY+yy8KDeywCRIj7RBqZnZCAAzs6gHGKy5g51e5vbu/kW1S4uLqW6MiQxt0hcO0johbc6S+ATk7HfNU2IfUdqqJ77rhdo1us0s1zb3JRiiXBErtkDTJ0o1/BXVnA9QM01cy82mW2gs1yECIJiw950wVC75wDmmq74p1WPW6bH1mVMSnT23UgNttuDTZKgHZlb6Bh+4o2ohR55NdGaM0Zqx1CpBY3OLZQT21Y+maj+a2pJsFz5c1ScdyIYTnJLds9vpWus53yflWFWXQISjNGaM1JIGlpM0tAGNFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB//2Q==" class="_WCg" alt="Video for Music" onload="typeof google==='object'&&google.aft&&google.aft(this)" width="120" height="90"></g-img></div></div></div><div class="_Ahm"><div class="_Dgm" style="-webkit-line-clamp:2">Rihanna - Don't Stop The Music</div><div class="_Cgm" style="margin-top:8px"><cite><span class="_zhm">YouTube app</span></cite><span class="_xhm"> - 8 years ago</span></div></div></div><span style="display:none" jsl="$t t-4Pexf-E8mU0;$x 0;" class="r-i95eUoE3rhlw"> </span></a>
Thanks for sharing the HTML source. The same source, reformatted for readability is:
<a class="_p6m" data-url="intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end" data-weburl="https://m.youtube.com/watch?v=yd8jh9QYfEs" href="#" jsaction="bct.cbz" data-ved="0ahUKEwi68r7Nvd3YAhVNNbwKHQTXDnIQxa8BCCUwAQ" referrerpolicy="origin">
<div class="g _Bhm">
<div class="_V9p">
<div class="_vhm">
<div class="_Dhm"><span class="_Chm" style="padding-left:20px;padding-right:5px">3:54</span></div>
<div>
<g-img class="_whm" style="height:90px"><img id="uid_dimg_1" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAUDBBAOCggIDg8ICQgPCgoJCQoICgoKCQ4ICQ0NCgoICwoNChwLCA0PCgkJDRUQGh0dHx8fCg4WGBceGBAeHxIBBQUFCAcIDwkJDxYVEhMcGh0bGBoVGx4bHBceFhIVFRUXGBcVGBMSFRUXFxcVFxcaFRUXFhIVFRYVEhUdEhIVEv/AABEIAFoAeAMBIgACEQEDEQH/xAAcAAABBAMBAAAAAAAAAAAAAAAAAQUGBwIDCAT/xAA3EAACAQMCBAMGBAQHAAAAAAABAgMABBESIQUGEzEHIkEUMlFhcYEjkaGxFTNCUghicnPB0fD/xAAbAQACAwEBAQAAAAAAAAAAAAAABAECBQMGB//EACoRAAICAQQBAgQHAAAAAAAAAAABAhEDBBIhMUFRYQWx0fATIiMycoGR/9oADAMBAAIRAxEAPwDjKinazs1OhGV1kPaRpUSLT94/+alnF+RohF1o5GICFmDMjDIGcBwoAH2qUr6FM2uxYZKM/PRXtLU65F5RhuoZWaR4ZgxSMF49JbAOcFdTjfsPzpzbwqb2rp6ibTSGMmwbOMFcYx33z8KKZxyfFdPjm4TlTXt8vUrGipTz1wKK3MaI0kkjDJ1MhAAOPRc7n9qjXSONXpRQ3hzxywU49M10U423A5mAZY5WBGQVUnY9jXnvLF0IDpJGfTWrLn6ZG9VtHY81FZFaSpASislHegrQBjRS0YoASilpKAJ3wa5EVnJC1rLK7ZdHdepFqIwG7eXA+FevhUcQWEyQlGYZYB3KB9QCHps2BnOcU78N4FdaEu4D1ozF0ukZAmhyq+cKw0P6GmV+B3TMI5ZLa30nZWeJSGIxq0r3OKtTTPNPJjyN1NLm3+Z3fpXgz4Fwi2do4AHEk0czQyyPhUliLYXAHYFM5qXXFs5sBwt7mCO+UAyO7tjogsdPUAySEXf6fOoLJy1MzJChleOFXQTaSkQDMWk0v2K5diW39fSlh4O7NqYliVDhnJBaMt01k33wcZ+m9TCNk58MZtPfdO+eeea78V4GbnmxSK8lgj9xMJ3Jy6jzHJOT5s1v5S4eJp4oD7gw7/P4L+Z/StPN/Dnin/EUrghTq97UAC2oHfPmBz65yDXq8O74JexhvdOpSRjPl3GMnHoapltRe03NNTjG3Z0pyVyupCAgDYflTtzhyZC0TJhJMjdWUEffamrlrm+HyoTIvoGZRoz8NQbvUi5m4i625khGolSQ2nV5QNyPT71kK1w+zTVPk5N8TeVDaTYCkW7ktCx3wR70Jb1xsR8j8qh1W/4jw3VxHOhij0IHnmkciWYGAZLJKrGPQylgoX4HIGRmoa1Mbe3kVdXwbra2LBiOw/f4VrkQg4OQfnTry+Ada752I32/L1NJxtTkEdvWujVJMW/G/U2MaKKWioGBKSlNLQB1N4Uw6rUp/pI+6L/1XmsvDWCL2h7jpXTtKZurMuGEbkHS2XI2Ac52+lRXw18QBHG9t0Z5LvSjQwjZpEVQH0bZJCqz4xvpOKf+ZbVuIXts0SXEMUatqugbi2kTUMGMxzWwWRmyw2z65IzTO6L9z55DTanDqJ29sXy38v8Afu6GDlm/jh4mlnaSdSynBikj/mxrK4ZVZFby7Np2+Z+0tWZHFtfC3I4izeytrjxBHPAWBcx99QCHyn5D0pu4fyVBwt04jcXINxqPsgaF5F6x31tGh6kmlc/CrVTlm8e9u5gyeyGyV0LRHT1MNpwmdpg/nbbs2mq9Gq5wk007Xr6/U5Y8YLt5L+ZpG8oMfSXAGpNPTaTAGkEsn6/KopahRJA7ANFrAkz/AG5wxwDnt5vuKtbxo5QDx2vEIpUmGhhchY3jKNkEHS2+klmH2qmi3vL3Gf1HrVJNW0ei0ji8aUfB194V8jW8cKzhlniEZ0h0TXpLdQZcDLYON/gAO1WnwyeNbIMTBF05TjWyg6JTsoXuwO35/OuTvAbnQqVsJJdI7QrIPKV7aQc5bH9v5fK8uQJVieQ9LhNvKp0LLaQ24kxsNZeWRWt3KNnsw8xAJG5y8kJylTNXDtS4HHxA49F7NNG0SxdRHAcIyagQRgxkZUkfEVwxXZPPV4ipe3RZpVEekytIZIxpyXSHyhQPdBYAZI7eUVxs1d9OmrspmpOke7gsuJUHoTpP32H6mnrikWx+9eLlq3XJuHI0ID5f8wA0n7k/pRf8WBzswGDjNNvoy80XLInHwMlLSUCqjwUtIaWgCecgc1x286XhigkuR5czPKuF06NSFQVVsZ7j12qx7rxyDtpjtZZJfdRUl1KxBOCD0tePtUd4VygrILgvoJWExoYInQKFHULavfLHt8O+aebziCp5UEUW2PwUVCfmSBmukd0TxmqzaTNltQcpfyfHsSPlHghnuYuNcVlhgCENbWIOrAU5QFAS777kY32ycbCdcT56nmncwySwWvSNuI107jWW9o93VHIyaF77YOO9U1ZcQGcnc571IIOYlQA5ApXLmfSNXSaFZGp5P6XhEvawjcG3lwyuCGVtww9e/eqE8VeQxaX0UIbTaSkNHM+ohUJw+oKpc9POTgE47Ak4qdcwc+gBJMDyujBmOPKCNYUZy2U1DHzrb4ycSWSyjlI1BF6oIxnW7pEignsDrZj/ALfzrjik93JsSioftKEs4cyaQ6oRko7EqNS7r5sZQnG32p95l5juG6EcwC3EWB1CuJGTuof+mQfOtfCOIQws5eLryBT09xpSUnIPwfGwz+lMV9dNI7SOSzH1Jz9h8BvTTVs6Rdlv8J54e+S3sW6cUMSh3UkB5Zh/LUL6IpGsn4qvp3gPPXLZhmkZBqhI14H9Ge6/MD/3amDhl0Y5Y5RkFWB2+Hr+masHj9yrxh8hwy5zk9jS0rxz46GFUo8ldLKQpUEgHGoenl7fvSSyE4zue29ZXaAMcdvhWnFNJ2jhQUtFFSSIaWkNLQBctvPcTW9q8EM88L3MXDImhXUrcRaMSJaDHZzH5voCc7Vhccg8VYQsOH8SYSSSRQkRZ1SQh2YL5s40wyFT2bQdJNR/wa8Ubjhf8TjgaMC5tTCplziG7GRBxGMiMkTRLJOq+n4pz2FTzmX/ABAT/wAPt7WKGK14ksfC4pL22ubSSJ14NIs1tIIEtesGaSNMo0jKNLaUHUOJbbMzD8L0+J8LkifLXJvFLmOKa3sb64ikha5ieOPytAjGPqAk7anVgo/q0tpBwcR22uZHN0JJEtDDq6iTq3X1qdBjWE4JYPhSD2qzk/xIdW5u5byy9ps2uuH3tja2d9JY+yy8KDeywCRIj7RBqZnZCAAzs6gHGKy5g51e5vbu/kW1S4uLqW6MiQxt0hcO0johbc6S+ATk7HfNU2IfUdqqJ77rhdo1us0s1zb3JRiiXBErtkDTJ0o1/BXVnA9QM01cy82mW2gs1yECIJiw950wVC75wDmmq74p1WPW6bH1mVMSnT23UgNttuDTZKgHZlb6Bh+4o2ohR55NdGaM0Zqx1CpBY3OLZQT21Y+maj+a2pJsFz5c1ScdyIYTnJLds9vpWus53yflWFWXQISjNGaM1JIGlpM0tAGNFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB//2Q==" class="_WCg" alt="Video for Music" onload="typeof google==='object'&&google.aft&&google.aft(this)" width="120" height="90"></g-img>
</div>
</div>
</div>
<div class="_Ahm">
<div class="_Dgm" style="-webkit-line-clamp:2">Rihanna - Don't Stop The Music</div>
<div class="_Cgm" style="margin-top:8px"><cite><span class="_zhm">YouTube app</span></cite><span class="_xhm"> - 8 years ago</span></div>
</div>
</div><span style="display:none" jsl="$t t-4Pexf-E8mU0;$x 0;" class="r-i95eUoE3rhlw"> </span></a>
I can see the difference between my data-url
from https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-356693730 :
intent://www.youtube.com/playlist?list=PLFgquLnL59alCl_2TQvOiD5Vgm1hCaGSI#I…gle.nl;launchFlags=0x8080000;S.intent_description=Popular+Music+Videos;end
and yours (I can see the exact same thing when I visit view-source:https://encrypted.google.com/search?q=Music&prmd=vin&source=lnms&tbm=vid&sa=X&ved=0ahUKEwjQkc2Qxd3YAhVDa7wKHTHwCY4Q ):
intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end
The latter includes the unwanted rr.html
URL that you've reported.
The next thing is to look for how data-url
ends up being used for the navigation (since it is certainly not a standard HTML attribute). I found a reference to cbz
in
https://encrypted.google.com/xjs/_/js/k=xjs.qs.en.JS1jr9u2HOM.O/m=aa,async,dvl,foot,ipv6,mu,sonic,d3l,tnv,bct,cyf,udlg,rQSi2,DiYNK/am=AIukGQPwkAPIHMWEZHBfIAR0AiA/exm=sx,elog,cdos,sb_mob,mbsf,hsm,r,qim,jsa,d,csi/rt=j/d=1/ed=1/t=zcms/rs=ACT90oHZi63iKfoX49u7rkNtFjLf5SphoA?xjs=s1 :
qs_Eh("bct",{cba:qs_eka,cbc:qs_gka,cbi:qs_hka,cbx:qs_cka,cbz:qs_fka},!0)
And qs_fka
is:
qs_fka = function(a, b) {
qs_Hh(a, b.ved || "", b.url || "", b.webur l| |"", b.lei, b.packageid || "", !0)
}
In the above snippet, variable a
is the <a>
element and b
is the a.dataset
object. So b.url
above maps to the value of the data-url
attribute. Then there is a lot of code (with a XMLHttpRequest
in between to track the click, and the navigation request finalizes with assigning the literal intent:
-URL with location.href = ...
.
So at no point is the URL assigned to the real HTML href
attribute, and that's why my extension is not preventing the link from being rewritten at the moment.
And the above logic (bct.cbz
) is invoked during a click
handler (with event.state == event.BUBBLING_PHASE
). So I guess that this particular issue can be fixed by intercepting the click
handler at the capturing phase and rewriting the data-url
attribute.
Published in v4.21. Verified using the following test:
document.body.innerHTML=`
<a data-url="intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end" href="#" onclick="alert(this.dataset.url)">test
</a>
`
browser_fallback_url=
is YouTube and not the Google redirect URL.Please update the add-on (e.g. by manually re-installing the add-on from AMO) and confirm whether this update fixes your issue.
Thanks Rob, can confirm it's now fixed!
Just by chance while testing, I also came across another tracking link (edit: think it is the same bogus one you mentioned previously). To reproduce, have JS disabled on google and 3rd parties, click an amp link in Google search (ones with the lightning icon next to them). To test you can google something like "car definition" and click on any link with the lightning icon (amp) next to them.
It sends a few requests upon clicking the search link but the tracking beacon URL is: https://encrypted.google.com/url?sa=t&source=web&rct=j&url=https://dictionary.cambridge.org/amp/english/car&ved=2ahUKEwjkntLkaKuNHjsFipQKHdtuAfsQFjAFegQUHnSX&usg=AOvVaw18NjgH_jKmloSJ1GSNByua&cf=1
I visited about:config
in Firefox 57 (desktop), changed javascript.enabled
to false
, visited https://encrypted.google.com and searched for "car definition"
. I didn't find any amp page. Can you share a link to the search results, and if applicable, the user agent that you are using (e.g. "Firefox 58 on mobile").
Also, by "tracking beacon URL", do you really mean a beacon, or just an ugly link (i.e. if you copy the link, the result is not the original but the long link with tracking identifiers)?
I'm using the Chrome UA on Google addon but the UA is Mozilla/5.0 (Linux; Android 6.0.1; SM-G928F Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36
Search dictionary cambridge truck
some amp links should be on the first page.
Edit: Seems you tested on Desktop, amp (mobile accelerated) links don't show up there. I'm using the same Android setup as before.
By tracking beacon URL I mean that the request type is beacon
. If you copy the link it is the original unredirected URL.
Could you paste the beacon URL that you're observing? I am already blocking beacon URLs that are known to only be used for tracking since https://github.com/Rob--W/dont-track-me-google/commit/bbe14c762f47e1f717cb7d134a84a5db12cf6c28 . If you do see a beacon that gets through, then I might have to extend the check.
It's the tracking link mentioned in https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-358507496
https://encrypted.google.com/url?sa=t&source=web&rct=j&url=https://dictionary.cambridge.org/amp/english/car&ved=2ahUKEwjkntLkaKuNHjsFipQKHdtuAfsQFjAFegQUHnSX&usg=AOvVaw18NjgH_jKmloSJ1GSNByua&cf=1
Are you sure that it's a beacon
request with that URL? That URL is normally used as an intermediate page to confirm redirection.
I checked the tracking link under Network
pane in Firefox's browser dev tools and it says that it is a beacon
request sent via POST
request method (though it seems there is no extra POST data parameters other than parameters in the tracking URL).
Rob, were you able to reproduce the beacon link?
I cannot reproduce it. Can you export the request (e.g. with the DevTools, "Save All as HAR") and send it to me?
It looks like a redundant request, but it does not look like a usual tracking URL (but who knows). If I repeat the request, I get the following reply (with curl):
$ curl -vv -X POST -H 'user-agent: Mozilla/5.0 (Linux; Android 7.0; SM-G928F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36' 'https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.collinsdictionary.com/amp/english/car&ved=2ahUKEwiu07iYpoHaAhVIXLwKHdB0APcQFjAEegQIBRAB&usg=AOvSSw0FE_73JZgPSAOGlRZrwhmA&cf=1' -H 'Content-Type: text/plain;charset=UTF-8' -H 'Content-Length: 0'
...
> POST /url?sa=t&source=web&rct=j&url=https://www.collinsdictionary.com/amp/english/car&ved=2ahUKEwiu07iYpoHaAhVIXLwKHdB0APcQFjAEegQIBRAB&usg=AOvSSw0FE_73JZgPSAOGlRZrwhmA&cf=1 HTTP/2
> Host: www.google.com
> Accept: */*
> user-agent: Mozilla/5.0 (Linux; Android 7.0; SM-G928F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36
> Content-Type: text/plain;charset=UTF-8
> Content-Length: 0
>
< HTTP/2 200
< date: Fri, 23 Mar 2018 16:34:34 GMT
< pragma: no-cache
< expires: Fri, 01 Jan 1990 00:00:00 GMT
< cache-control: no-cache, must-revalidate
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=86400
< p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< server: gws
< x-xss-protection: 1; mode=block
< set-cookie: ......; expires=Sat, 22-Sep-2018 16:34:34 GMT; path=/; domain=.google.com; HttpOnly
< set-cookie: ......; expires=Tue, 25-Sep-2018 16:34:34 GMT; path=/; domain=.google.com
< alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
< accept-ranges: none
< vary: Accept-Encoding
<
<html lang="nl"><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"><title>Kennisgeving voor omleiding</title><style>body,div,a{font-family:Roboto-Regular,HelveticaNeue,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#00c}a:visited{color:#551a8b}a:active{color:red}div.mymGo{border-top:1px solid #bbb;border-bottom:1px solid #bbb;background:#f2f2f2;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style><script nonce="0jTvX8eIzYu4nwSWSvdhQw==">function go_back(){window.history.go(-1);return false;}
function ctu(oi,ct){var link = document && document.referrer;var esc_link = "";var e = window && window.encodeURIComponent ?encodeURIComponent :escape;if (link){esc_link = e(link);}
new Image().src = "/url?sa=T&url=" + esc_link + "&oi=" + e(oi)+ "&ct=" + e(ct);return false;}
</script></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Kennisgeving voor omleiding</b></font></div></div><div class="fTk7vd"> De pagina waarop u zich bevindt, probeert u naar <a href="https://www.collinsdictionary.com/amp/english/car">https://www.collinsdictionary.com/amp/english/car</a> te sturen.<br><br> Als u de betreffende pagina niet wilt bezoeken, kunt u <a href="#" onclick="return go_back();" onmousedown="ctu('unauthorizedredirect','originlink');">teruggaan naar de vorige pagina</a>.<br><br><br></div></body></html>
That is a very unusual reply to a beacon request. I would expect a very brief response, such as HTTP 204.
Perhaps this was the original URL under the link, and replacing the link lead to confusion in Google's front-end code? Is this POST request also triggered when you disable my add-on?
The HAR that you shared only includes the beacon request itself. I was hoping to find (1) the search result page (2) the scripts that generate the beacon request and (3) the beacon request itself, so that I can reproduce your thing (even if only by replaying the network responses in my browser). The next step is to perform an analysis similar to https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-358271012 to find the relation between the clicking/tapping on a search result and the resulting beacon request.
any chance that this add-on will get activated for the latest version of Firefox on Android? With the newer versions of FF most of the add-ons got deactivated.
This add-on will become available when general add-on availability is enabled in Firefox for Android (Fenix).
The first step towards general availability is offering the ability to do so on the bleeding edge version of Firefox, Firefox Nightly (https://play.google.com/store/apps/details?id=org.mozilla.fenix), as announced at https://blog.mozilla.org/addons/2020/09/02/update-on-extension-support-in-the-new-firefox-for-android/
This add-on will become available when general add-on availability is enabled in Firefox for Android (Fenix).
The first step towards general availability is offering the ability to do so on the bleeding edge version of Firefox, Firefox Nightly (https://play.google.com/store/apps/details?id=org.mozilla.fenix), as announced at https://blog.mozilla.org/addons/2020/09/02/update-on-extension-support-in-the-new-firefox-for-android/
Thank you for your feedback!
I can install add-ons on Firefox on Android but not this one. Why?
I don't want to install nightly. This add-on is set as recommended Firefox add-on like uBlock Origin, so why uBlock Origin can be installed now and this one no?
The list of recommended extensions on desktop is different from the list of available/recommended extensions on mobile. There is more context at https://github.com/mozilla/addons/issues/14058
According to this comment Don't Track Me Google is currently in Recommended for Android but All recent versions except for the latest one are marked as compatible with Android.
Have I missed something?
According to this comment Don't Track Me Google is currently in Recommended for Android but All recent versions except for the latest one are marked as compatible with Android.
Have I missed something?
I did not mark the latest version as compatible because the add-on cannot be installed on Firefox for Android, because (copied from the comment that you quoted):
It is currently not on the latest compatibility collection, unless I'm looking at the wrong one.
What's your confusion about?
Isn't compatibility collection built from add-on data set by you?
Or is there a place where I can vote to have it included?
Isn't compatibility collection built from add-on data set by you?
No, it is maintained by the editorial staff of the Add-ons team at Mozilla. The list is necessarily small because there is an implementation limit on the number of add-ons that the collection can contain.
Or is there a place where you can vote to have it included?
Anyone can nominate extensions to this email: amo-featured at mozilla dot org
. The collection is currently in a fixed state until further Fenix plans roll out. That said, all received nominations are recorded in case the collection is expanded again.
PS. I am not only the developer of this extension, but I also work at Mozilla as an engineer in this team. I do however not seek nor get preferential treament. Additions in the collection are based on the needs of users.
Don't Track Me Google can be installed and used on Firefox for Android starting from next week, as announced at https://blog.mozilla.org/addons/2023/11/28/open-extensions-on-firefox-for-android-debut-december-14-but-you-can-get-a-sneak-peek-today/
I have confirmed that the add-on can already be used on pre-release versions, Firefox Beta and Firefox Nightly.
While the add-on can be installed via the collection trick, it is not listed as android add on the Mozilla page. Meaning it cannot be (easily) installed on regular installations.
@Rob--W is there maybe something you can do about it?
While the add-on can be installed via the collection trick, it is not listed as android add on the Mozilla page. Meaning it cannot be (easily) installed on regular installations.
Thanks for the reminder. This issue was caused by something that I reported at https://github.com/mozilla/addons/issues/9423 and where I intentionally waited with fixing it manually in case the broken state was needed for investigation. After that issue was closed, it slipped through my mind to fix up the issue manually.
@Rob--W is there maybe something you can do about it?
TL;DR: Done!
I have now explicitly marked the add-on as compatible with Firefox for Android (120.0+ which is the minimum allowed version in AMO, despite the add-on being compatible with version 69.0 and up). I also fixed the desktop compatibility to 68.0 and up (instead of 48.0), because marking the add-on as compatible with Android means that it only works with version 69.0 and later, or (ESR) 68.2.0 and later. Because Firefox does not show the dot version to AMO, AMO has no way of distinguishing version 68.0 from 68.2.0+, so I just marked it as compatible with 68.0 in case anyone onf 68.2.0 or higher wants to install it.
If anyone tries to install the latest version of my add-on (4.28) in Firefox, the following support statuses apply:
gecko_android
key that declares Firefox for Android support - added in https://bugzilla.mozilla.org/show_bug.cgi?id=1824237, added in version 4.28 of my extension by https://github.com/Rob--W/dont-track-me-google/commit/db36130a78946b1ca852299df340be8055b2b629)
On Android there is a document request sent by Google after clicking a link under 'Videos' (by the way I'm opening the videos in the browser not in the Youtube app). I tried redirecting the link but that didn't work.
The document request URL is:
https://www.google.com/searchurl/rr.html#app=com.google.android.youtube&pingbase=https://www.google.com/&url=https://m.youtube.com/watch?v=example
I'm guessing it's also used to track clicks for things other than Youtube. Can this document request be stopped so the only request made is to the URL in the
url
parameter?