Earlier this year I wrote about how Gmail hijacks your link clicks, swapping the visible URL with a tracking URL hidden in the
data-saferedirecturl attribute of the HTML
anchor element. Fortunately, my browser extension StopTheMadness protects you from this Gmail "clickjacking". I don't use Facebook, so I hadn't noticed, but a StopTheMadness customer reported a similar problem happening there. On investigation, we found that links in Facebook DMs were using the
data-lynx-uri attribute to hide an
https://l.facebook.com/l.php tracking URL.
Today I've released StopTheMadness 16.1 in the Mac App Store to solve this problem. The Privacy website option, which is enabled by default in StopTheMadness, will now prevent Facebook from replacing a clicked link with their tracking URL. I'm always looking for new ways to protect you on the web!
click event, which Facebook uses as an opportunity to swap the URLs. And StopTheMadness also automatically removes
fbaid tracking parameters from the end of clicked links. So if you're going to use Facebook, I highly recommend using it with StopTheMadness installed!