additional query string parameter strip list

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.

https://brave.com

Mozilla Public License 2.0

17.87k stars 2.34k forks source link

additional query string parameter strip list #40767

Open drzraf opened 2 months ago

drzraf commented 2 months ago

Platforms

all

Description

Suggested, but not sure how "personal" the (seemingly unique) identifier is:

_fbp + fbc
_gcl_au
hootPostID
hsctatracking
igshid (Instagram)
mkt_tok

fmarier commented 2 months ago

Thanks for sharing these, I will take a look at them. Do you happen to have example URLs where you've seen them in the wild? Or you found them in the documentation pages you linked to?

fmarier commented 2 months ago

These ones we already have:

hsctatracking

https://github.com/brave/brave-core/blob/29a27521a3df5463cf008edbd2113d405f05aaaa/components/query_filter/utils.cc#L71

igshid (Instagram)

https://github.com/brave/brave-core/blob/29a27521a3df5463cf008edbd2113d405f05aaaa/components/query_filter/utils.cc#L142

mkt_tok

https://github.com/brave/brave-core/blob/29a27521a3df5463cf008edbd2113d405f05aaaa/components/query_filter/utils.cc#L129

drzraf commented 2 months ago

These ones we already have:

Sorry, I overlooked the secondary listings in utils.cc

And yes, these QSP all hit my servers logs in a way or another (generally bypassing my query-string filters / invalidating caches) with their seemingly unique/random values. That's how I discover them (but I can't ensure they always convey personally identifiable information)

fmarier commented 2 months ago

Can you say more about how they're hitting your server? Are you driving traffic to your website using ads and newsletters? Or are you seeing these in the Referrers?