I’ve banned query strings

Posted by susam 19 hours ago

I’ve banned query strings(chrismorgan.info)

429 points | 230 commentspage 2

takethebus 2 hours ago|

I was just thinking about something like this. Instagram and TikTok are major offenders, not everyone wants their personal info blasted everywhere because they copied a link. It would be great to have an iOS shortcut that automatically removes them, it's something I'm going to look into.

hamdingers 15 hours ago||

While I don't take the author's hard stance, I do hate gratuitous query params that result in links that are thousands of characters long.

I use this bookmarklet to strip query params before sharing a link:

    javascript:(()=>navigator.clipboard.writeText(location.origin+location.pathname))();

susam 5 hours ago||

This corrupts a URL like:

  https://example.com/?p=20&utm_source=spam

to:

  https://example.com/

when in fact we want the following:

  https://example.com/?p=20

A possible improvement can be:

  javascript:(()=>{const u=new URL(location.href);[...u.searchParams.keys()].forEach(k=>{if(k.startsWith('utm_')){u.searchParams.delete(k)}});navigator.clipboard.writeText(u.href)})();

kittikitti 9 hours ago||

This is great! I love one-liners that are readable like this. This made me wonder if there are any extensions that run a script on every page load for a web browser. I'm currently experimenting with userscript managers and plan on including your code as an additional security measure against tracking.

zzo38computer 10 hours ago||

Query strings do have uses (such as for searching files and some other kind of dynamic files), but you shouldn't add them to URLs that should not expect them. So, I agree that they would be right to refuse requests with UTM and other stuff added like that.

I think 404 probably makes the most sense as the response if a query string is not expected but is present anyways, although 400 might also be suitable.

gtowey 18 hours ago||

"wander console" sounds like they're just web rings re-invented. In the era of forced feeds by giant corporations which consist of the things they want you to see, I've wondered if this old idea would make a comeback. Human curated content from trusted people seems like the only way forward.

SoftTalker 17 hours ago|

FTA: It is also a bit like web rings except that the community network is not restricted to being a cycle; it is a graph and it is flexible.

cosmicgadget 16 hours ago||

Is it not a random walk? Might sound pedantic but if there is graph structure I am interested.

susam 13 hours ago||

I'll start with the clarification that the moderators have changed the URL of the original post from <https://susam.net/no-query-strings.html> to <https://chrismorgan.info/no-query-strings>. Hopefully, this will prevent any confusion about why we are discussing random walks in a post about query strings. Now let me answer your question.

> Is it not a random walk? Might sound pedantic but if there is graph structure I am interested.

The network is a directed graph. Every Wander Console declares a few other consoles as its neighbours. The person setting up the console decides who they want to list as their neighbours. So if we call the network graph X, then the set of vertices is:

  V(X) = the set of all URLs that point to Wander Consoles

and the set of directed edges is:

  E(X) = {(u, v) in V(X) : u declares v as its neighbour}

The traversal between consoles is not strictly a random walk. If I could call it something, I would call it randomised graph exploration with frontier expansion. On each click of the 'Wander' button, the tool picks one console at random from the set of discovered consoles and visits that console. It then fetches the neighbours declared by that console and adds any newly discovered consoles to the set.

The difference from a random walk is that the next console is not chosen from the neighbours of the last visited console. It is chosen from the whole set of consoles discovered so far. In other words, each click expands the known part of the graph, but the console used for that expansion is selected randomly from all discovered consoles, not just from the last console visited.

elAhmo 2 hours ago||

Such a useless blog post and initiative. Author control his website, and if someone lands there by clicking a link, it is not user's fault.

peesem 16 hours ago||

edit: not true https://news.ycombinator.com/item?id=48077990

"I don’t like people adding tracking stuff to URLs" and "You abuse your users by adding that to the link" and "no unauthorised query strings" and "At present I don’t use any query strings" but for some reason ?igsh, which i'm pretty sure is an instagram tracking parameter, is allowed. weird

zahlman 15 hours ago|

?igsh doesn't get through for me, and I don't see any links on the page including it.

peesem 15 hours ago||

oh, it's uBlock Origin (non-lite) removing it without telling me at all. retracted

jameshart 15 hours ago||

There’s nothing ruder in hypertext etiquette than giving someone a link to navigate to someone else’s HTTP server, where you have manipulated that URL in some way unsanctioned by the server you are sending them to.

You can’t just send arbitrary query string parameters to a server and assume they will just ignore them. Just like you can’t just remove query string parameters and assume the URL will work.

gojomo 14 hours ago||

In fact, you usually can just send arbitrary query string parameters to a server - that's why the behavior is so common, and often useful.

Most sites don't mind or break, some sites get value from the behavior in ways hard to replicate in other ways – and those sites that don't like such additions can easily ignore them. And a few lines of code will work better than ineffectually appealing to manners, when the freedom of the web's form of hypertext, and protocols, gives the outlink authors full freedom to craft URLs (and thus requests) however they like.

jameshart 14 hours ago||

Crafting outbound links with your own additions and handing them out to visitors to your site is similar to the practice of writing someone’s phone number on the door of a bathroom cubicle with ‘for a good time call:’ written above it.

You’re handing out someone elses’s contact details, but giving the person you hand them to a completely fabricated expectation for how the interaction will go.

abecode 14 hours ago||

My use case for this is making separate bookmarks in different folders for a single URL:

Example.com/interesting -> bookmark folder one

Example.com/interesting?dummy=t -> bookmark folder two

jameshart 14 hours ago||

Use #fragment identifiers then

sigseg1v 18 hours ago||

Adding query strings is one of those things that I think a lot of sites could get away with more easily if they were reasonable about it.

A link that is "https:// web.site" is fine.

A link that is "https:// web.site?via=another.site" is fine.

A link that is "https:// web.site?fbm=avddjur5rdcbbdehy63edjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63edaaaddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednzzddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63ednddjur5rdcbbdehy63edn"

is annoying as shit and I need to literally apologize to people after sending it if I forget to manually redact the query string. Don't abuse this.

culi 17 hours ago|

There are addons to remove unnecessary params from the worst offending sites:

https://www.google.com/search?q=clearurls+addon

franciscop 17 hours ago|||

Thanks for removing the rest on that google link, the one I get after switching to "images" and back to "web" is this monstrosity:

https://www.google.com/search?newwindow=1&sca_esv=8061bd9cb1...

Edit: which luckily and sensibly Hacker News cuts short since it's 463 characters

dredmorbius 16 hours ago|||

You can post the string as text (indent by 2+ spaces) to avoid that trimming.

Since the purpose is to show the full URL with trackers and other cruft, that's sensible here:

  https://www.google.com/search?newwindow=1&sca_esv=8061bd9cb19cd450&sxsrf=ANbL-n7S60ZBdf0lh5kQ8RojJdQpnM0S5w:1778353180297&q=clearurls+addon&source=lnms&fbs=ADc_l-aN0CWEZBOHjofHoaMMDiKpeTF8ggB1qASWZfpybz5TQZmqMiWOgtbP_iLwZE3_BsqFrIkjQk30pNpcyOJjgYT1NYhSr_eVWusunSdIYLAa1WWhJm7VPvRsNUkHss5YZDSVhzEth7KnRsP0kwdL-3ylxxDz_j5WL-QtjJdzQePIWAeCwn7532w9WuSzSqnY0V2tn342eEk_wDwxk45MDY_JuA-5CA&sa=X&ved=2ahUKEwjH3uLs8ayUAxUghP0HHVXuOeIQ0pQJegQICxAB&biw=1296&bih=711&dpr=2.22

And yeah, that's pretty awful.

In conclusion, Google must be destroyed.

culi 13 hours ago|||

Yeah I removed the rest of the link as an example of how much cleaner the urls can be with that addon haha. I was being meta

tomodachi94 10 hours ago|||

Newer versions of Firefox also have a "Copy Clean Link" option in the right-click menu.

https://support.mozilla.org/en-US/kb/enhanced-tracking-prote...

patrickdavey 9 hours ago|

"It’s my website: I can do what I want with it. "

Right on! It's so liberating having your own wee corner of the internet.

More comments...