outbound link wrapper

From IndieWeb
(Redirected from link obfuscation)


outbound link wrapper is a domain and service used by a site (like a social media silo) to create links from that site to other sites, using that domain for such links instead of the URL to the actual link to another site.

Some outbound link wrapper are also link shorteners.

When use of a link wrapper also hides the actual outbound link (not displayed or easily inspectable by users), it’s also considered link obfuscation, and the mechanism itself a link obfuscator.

Purpose

Link wrappers are used for the following ostensible purposes by the sites that operate them:

  • Analytics on outgoing link clicks
  • Removing HTTP referrers to prevent receiving websites from knowing the origin of the incoming visit
  • Quickly preventing users from following links that go to harmful/malicious webpages

Examples

Criticism

Adds an additional point of failure to the web

Some of the link shorteners, such as href.li, tend to go down fairly often, or are blocked by privacy-preserving browser extensions, causing people to be unable to easily follow those links.

Not actually necessary for analytics

Outgoing link tracking would be better-served with a simple JavaScript library that tracks link-clicking behavior; this would prevent spurious clicks from being detected by search agents (e.g. web crawlers), and would also make it much easier for users to disable these unwanted intrusions into their privacy.

Not necessary for referrer removal

Standard HTML provides rel="noreferrer" for this purpose, as a standards-based mechanism which the vast majority of browsers support at this time.

Makes link-sharing much more difficult

Adding a wrapper to an outgoing link means that a user trying to copy a destination URL will end up needing to clean up the link in order for it to actually be readable, and if the link isn't cleaned up, then it ends up affecting the analytics anyway.

Not necessary for threat mitigation

A JavaScript library could be used to change the browser behavior to consult a link for safety before trying to visit it, and this isn't even strictly necessary as every major browser has built-in link threat protection at this point anyway.

Breaks Webmention and rel="me"

Webmention and RelMe both require that the link from the source page be exact, to simplify the validation of the link. It would be a major burden to require the validating endpoint to query every link on the source page to verify that it redirects properly.

Enables blocking or delaying navigation to other sites

Outbound link wrappers enable silos to selectively block or slow down access to sites they dislike for any reason.

For example, in 2023 August, Twitter/X added a five-second wait to resolving t.co links to specific websites like the New York Times, Facebook, Instagram, Threads, Substack, Bluesky, and Reuters:

See Also