On sharing TikTok videos.
On sharing TikTok videos.
This is an example of a share URL provided to you from TikTok when you click the "Share Link" button from the share menu:
https://www.tiktok.com/t/ABCDE1gHIJk2/
When you click that link, it will redirect you to a link like this:
https://www.tiktok.com/@fakename/video/1234567890101112131?_r=1&_t=1aB2CDe3fG
It has some extra bits at the end, so let me show you it's breakdown:
https://www.tiktok.com/@fakename/video/1234567890101112131 is the actual URL to the video you want to share. When you see a ? at the end of the URL, you are entering into the parameter zone.
?_r=1&_t=1aB2CDe3fG is not required to share the video, and it is the bit of data the app needs so it can present the popup you see after clicking the shared URL. When you click a shared URL a box appears before the video that says:
<Username> has shared you a video!
<Profile Image>
Do you want to watch & follow, or just watch?
[ Watch & Follow! ]
[ Watch ]
If your display name on TikTok is your whole name, well, everyone clicking the link now knows your name. If your TikTok username is a common username you use on the wider internet, well now you've linked that common username to the name you use here. If you're posting videos on your account that show your face... you get the idea.
So what should I do?
When you click the share button and get the link, open it in your phone or computer's browser first. Then, copy the part of the URL that is BEFORE the ? and share that link. There are also TikTok privacy front ends for TikTok like ProxiTok. One easy way to provide those links instead of a direct link is to use Farside.link. You do so by adding https://farside.link/ to the front of the TikTok URL. Like this: https://farside.link/https://www.tiktok.com/@fakename/video/1234567890101112131. Farside also works for things like Twitter, Reddit, Instagram, among others.
Anyway, hopefully this helps some people. Stay safe comrades.
Someone should make an issue for common referrer/tracking urls to be automatically scrubbed on submission. Would retain privacy and also help to disincentivize affiliate link spam.
.
I don't want to use my github account for opsec reasons
We already do some scrubbing on links, so you could add this to the
clean_urlsfunction in lemmy. Lmk when you have a PR for that.Their profile page is still under construction I'm not sure they would know how. But hopefully someone does because it's a solid suggestion. Maybe hexbear could add it then push it up.
It would be cool if it was possible to use https://github.com/ClearURLs/Rules/ as a rule source, either as a built in option or configurable with a config option.
Building it into the platform would be incredible
Also are images being scrubbed of metadata?
They are on hexbear, not sure if stock lemmy does.
Would also recommend the CleanURLs extension that tries to remove tracking elements from URLs you click. It's not 100% perfect, especially against those shortcut links, but the "Copy Clean URL" button when you right click makes it easy to share stuff without the tracking bullshit
appreciate the PSA, seeing more bad links with trackers shared lately
the new
share button also does this, and the youtube &si=trackeranother option if an obfuscated link from someone else, use a site like https://urlex.org/ to expand the url without opening the link and activating the tracking, then edit the url to generic
Anyone who uses TikTok should visit the privacy settings and turn off all the options under “Suggest your account to others”, especially the one for “People who open or send links to you”.
Since turning this off, my shared links don’t display my username anymore. There are still some parameters left, presumably for tracking, so the advice in this post is still applicable even with this setting turned off.
This is good advice, I've had those off long enough that I forgot I turned them off.
seriously important PSA. A whiff of convenience and people are completely disregarding opsec and allowing our community to be mapped out by these companies
This whole thread is full of very useful information. I love it. Thank you!
Any time comrade!
Do ? exclusively precede parameters? Like could we extend the site to drop parameters either automatically or optionally (opt in?). Seems like it would be easy w regex
I don't know shit about rust but I could fuck around and see if I could get it to work, it's about time I did something useful around here
Edit: we could easily do it for a subset of domains like tiktok and YouTube etc
? Is the part of the url that marks the start of the parameters section, which is a list of key=value pairs separated by &.
Some URLs require those to properly link to the resource you’re trying to share, they’re not entirely tracking data except on certain parts of sites like Twitter and apparently TikTok. For example YouTube uses the parameter “t” when you link to a specific timestamp in a video.
Edit: also do not use regex to parse a URL. Plenty of library code out there to do that without going down that dark path.
I avoid this issue by being too old to have a TikTok account.
Look at me, making history day at a time, a post about me showing my whole doodooass. Good post though, I'm ignorant about this kind of stuff and I'm sure others may be as well, and going forward there shouldn't be anymore issues (concerning tiktok at least)
Also, for discord embedding, you can take a link, heres an example from mobile:
https://vm.tiktok.com/ZPRodWuwK/(This link was generated using "copy link" from the share menu in a 2021 version of tiktok app, but I believe newer tiktok versions generate similar urls)
If pasted in discord, this will put up an image with a fake play button, that just pops up as an image when clicked. Not a proper embed.
You can make the following adjustments to make it embed just like vxtwitter does, with basic metrics and a proper watchable video that doesnt jump you to browser and try to open your app:
- Change the front bit from vm to www (if needed)
- add a vx to the front of the tiktok so it reads vxtiktok
- add a /t/ after the .com. It should look like this:
https://www.vxtiktok.com/t/ZPRodWuwK/In browser, this will redirect to a normal tiktok link. In Discord it will embed.
Depending on how you generate the initial link, you may not need to do all these adjustments.
that link has even more junk upon opening
https://www.tiktok.com/@/video/7362359406396263726?_r=1&_d=REDACTED&preview_pb=0&sec_user_id=REDACTED&share_app_name=musically&share_item_id=REDACTED&share_link_id=REDACTED&sharer_language=en&source=REDACTED×tamp=REDACTED&u_code=REDACTED_id=REDACTED&utm_campaign=client_share&utm_medium=android&utm_source=copycut everything after the ? first https://www.vxtiktok.com/@/video/7362359406396263726
the short links have your account info in them [redacted screenshot below with personal info removed] so anywhere on discord (or here) you share links can see it
Permanently Deleted