Ultimately I don't think they can. How would they handle a link like `https://ex... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thomaslord on June 8, 2023 \| parent \| context \| favorite \| on: iOS 17 automatically removes tracking parameters f... Ultimately I don't think they can. How would they handle a link like `https://example.com/password_reset?prid=ZXhhbXBsZWNsaWNraWQ`? I'm sure somebody will figure out a way to use multiple seemingly-legitimate parameters to get the same result. Why use ?click_id=aqNERjsdfyqe when you can use ?category=10612550&subcategory=5929127&page=4257344 and transfer the same data without arousing suspicion?

neop1x on June 9, 2023 [–]

Websites can use a single lengthy encrypted parameter to encode everything (query params and tracking data). And then what.. will they break all website links by removing the parameter?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact