You must log in or register to comment.
This has absolutely nothing to do with enshittification. Bluesky doesn’t need that redirect to know what you’re clicking on. You’re already on their platform, they can already track every single click that you do while on Bluesky including navigating to outbound links. I’m a bit shocked that nobody here is calling that out to be honest
FUD is the name of the rage bait game.
I don’t know much about how any of this stuff works, so these are honest questions in good faith. But how did Bluesky know, before this change, that I clicked a link? Am I not just telling my browser to visit a website? I don’t really understand how it’s different from me copy-pasting the URL manually.
The same way that they know that you clicked on literally anything on their website.
It’s foundational to how the modern internet works (more specifically JavaScript)
For a more visual example, let’s say there is a button that makes an animation or changes color when you hover over it.
That is happening because of code running in your browser that was written by the website that served it to you, in order for the button to know to change, the code must know where your mouse is and if the mouse is hovering over the button.
Your browser, emits ‘events’ which the JavaScript code is able to interact with, these are things like keystrokes and mouse actions. The JavaScript running on the page can very trivially record these actions.
Every single way you interact with a website can be tracked, here is a commercial product that specializes in complete session recording (in theory to see how your users interact with your pages to make improvements: https://mouseflow.com/platform/session-replay-tool/
Am I not just telling my browser to visit a website?
Well yes, but actually no. You are clicking on a link, which, by default, will make the browser visit the website behind the link. But the website that shows you the link can have Javascript code in it, which runs in your browser and can, among other things, “intercept” clicks on anything and change what the clicks are doing.
This is how this redirect is happening in the first place. The links on Bluesky still point to the correct target site, but when you click one of them, JavaScript jumps in and changes the target of the navigation to the redirect domain. This is not necessarily to deceive you, it’s actually a good thing that you can still check the website you’ll end up at before you click, and you can still do things like right-click to copy the link manually this way.
That means that even without the redirect, JavaScript could for example not change the navigation target at all, and just send a tracking event to their servers in the background to let them know you clicked the link. This is how it works for most websites that use analytics. For the normal user this is totally invisible, and this is why I’m saying that bsky doesn’t need the redirect to track you. They could do that in a much less obvious way already. And for all we know, they probably are already doing that, as their privacy policy explicitly states that they can collect usage data like what links you click on.
All of this is pretty standard for any commercial service on the web, btw - knowing what your visitors/users are doing makes it much easier to see where your app might be having issues, what features need to be focused on to be improved, etc. It only gets shady if that data is also used for marketing or sold to third parties. And, to be fair, bsky’s privacy policy doesn’t really prevent them from doing that as far as I can tell. It’s just that all of this was already the case before the redirect, so it’s very unlikely that this specifically is suddenly a sign of oncoming enshittification.
Indeed. I have no doubt that BlueSky will eventually enshittify given that they are not truly non-commercial, but this is not an example of such a thing.
A centralized platform did something? Must be bad. The post title primes that reaction.
So why?
Facebook does the same, even in their own in-app browser to keep tracking you.
Just because they have other means of doing link tracking doesn’t mean they aren’t using this link proxying to track stuff.
I mean… Sure? They might, or they might not. My point is that pointing to this change as a sign of enshittification doesn’t make any sense, because it’s not changing anything about how they can track and exploit you. There’s nothing there to suggest that this is related to a change for the worse regarding enshittification.
If you want something to point to, take their privacy policy that allows them to collect your usage data and possibly use it for marketing purposes, not a random feature that likely has nothing to do with this.
Didn’t take long for the expected to happen.
This doesn’t even make sense.
If you are on their domain they can see the things you click on, this is how websites and cookies work.
This isn’t nefarious, it’s the raving delusions of a tech illiterate idiot.
No.
You can see a link was loaded in the page. Link tracking is still needed to know if the link was clicked.
It can be an “on click” JavaScript event, or a redirect to a tracking site.
No, if you click a link that brings you to or from a site your IP is logged
Navigating the internet requires having and disclosing your IP address.
Sorry
The destination logs the IP. The source doesn’t see the click, because it happens in your client, not in their site.
Source: managed tens of thousands of sites and hundreds of thousands of servers for over 25 years.
Wow so you need an IP to navigate the web and every site you visit sees that IP?
Thanks for explaining what I just explained!
I’m going to educate you on what this is actually about.
You think it’s about tracking someone as they go about the web.
The article is about BLUE SKY tracking the links you click on their site. Two totally different things.
I host a page, you load the page and it has 5 links on it. You can click on any, all or none of the links and my server would have no knowledge of it because after the page has loaded that’s our communication finished. All my server can log is that you loaded the page with the links on it and they were sent to you. What you do with that is up to you.
JS or manipulating the links would allow me to track which ones you have clicked.
No, if you click a link that brings you to or from a site your IP is logged
No, clicked links that bring to a site do not log your IP. For that you would have to add some sort of JavaScript to intercept the click and then have some JavaScript execute a HTTP Request that passes that information (eg: HTTP POST). Then the IP can be grabbed via that request by the receiving server. Or more importantly, a tracking cookie.
When clicking a link, the browser may add to Origin header on the HTTP request (HTTP HEAD/GET) that goes to the link’s server. Or the link itself can have UTM parameters, but there’s no guarantee that ever gets back to the original server.
But the point is if you have a page with 1000 links on it, the server that serves you the page doesn’t know which one you clicked without JavaScript or reframing the link to go elsewhere, which is why this post exists.
Put perfectly. Had I not been on mobile…I would have written it just as lazily as I did.
Thanks for taking the time.
So why are they hiding it by changing the link with client-side code? Might not be nefarious, but why?
Most probably so that people don’t hover over the link and see that it doesn’t match, which might confuse them if they don’t know how redirects work.
Whatever gets them to see the truth
Never follow social media to a second location.
sometimes follow social media to a second location.
There is a legitimate reason for this: it’s the only way to provide content creators with evidence of how many people actually clicked on the link.
The downside is that there is so many ways that a feature like this can be abused by BlueSky in ways that can hurt users.
Yeah, it’s literally the second step of enshittification, where platforms stop allocating value to users and start allocating them to publishers. This is still Bluesky expanding out its surveillance apparatus, something it will have every incentive to abuse later on like other platforms before it.
There is no way it isn’t already being abused, there are zero guard rails on it
Fucking typical, a move that hurts the platform long-term is being cheered for by ignorant idealists while the makers of its demise are already salivating and cartoonishly rubbing their hands in glee
Why do content creators need to see how many clicks they get?
It’s how a number of them get paid.
I think I would like to go back to social media before people were getting paid for it
I don’t know. I’m happy that some very talented and knowledgeable people create content that makes my life a little better, and that they are able to do that thanks to the various forms of monetization.
Thats the fediverse!
No, it’s not the only way. You could track the click with JavaScript.
The user can also block your tracking scripts. Besides, the user can share the link with friends, and you won’t be able to track them this way. I’m sure there are many other reasons why having a middleware is de-facto the industry standard.
The user can also block the URL target rewriting. Not sure what’s your point though, I said it’s not the only way, not that there are better ways.
The content creators themselves could use a link that goes through a counter if they really need it, no?
it’s the only way
lol. Citations needed. Pretty sure this is JavaScript 101.
Trust me bro, we are not tracking you. Please trust me bro!
That’s incorrect.
BlueSky relies on JavaScript to run (try turning it off and loading their site, it won’t even render). Click-through traffic is almost exclusively measured by JavaScript (e.g. Google ad “events”). This is the same as measuring other stats, like whether you lingered on a post before scrolling past it, or whether you opened another tab, or whatever.
Proxy links are absolutely a method of measuring traffic, and they’re a method that works even when the site has JavaScript disabled - but since that’s not how Bsky works, it’s not relevant.
Yeah that’s what I was thinking. There’s a bunch of ways to track what users are doing without needing to use referral links.
Seems to me the referral links are there to prevent honey cookie shenanigans.
As predicted… And people piled on me here when I question why they were falling head over heels over bluesky when it was yet another techo bro platform
I thought about it but lemmy seems more genuine.
No karma. No nothing. Just info.
This was more a Twitter vs BlueSky comparison… not against Lemmy, not sure I understand your comment
Oh, there is so much more you can do with this “functionality”. Welp, anyone who trusts bluesky even an inch better prepare to be deeply disappointed.
“It’s better than the Nazi one” major selling point. The bar is so low, it’s under Satan’s foot.
Oh, there is so much more you can do with this “functionality”.
Like what? What would this redirect be able to do that they couldn’t already do just with their normal website/app?
This is not enshittification. Many other knowledgeable users who actually know what they’re talking about have explained why.
deleted by creator
I don’t really see how. Other AppViews and custom clients don’t do this. Its just a few lines of javascript in the frontend.
Anybody know what the real reason for this is?
All websites can track how often a link is clicked, and what the link is, and who clicked it (especially if you have an account).
Probably so bluesky can get affiliate money, either changing affiliate links with their own a’la honey or just tracking them to report to advertisers how much traffic is going through their platform to garner deals.
In other words, money
Not sure why they have it go through a redirect like that; you can just trap click events and do whatever with them, including sending tracking info back before sending the user to the new page.
So far no one seems to know what the real reason is. That is why there is a lot of guessing.
They said themselves its for publishers to track outgoing clicks.
Most companies implement for malicious link control. They can actively scan as needed and they can prevent users from going to any links deemed malicious. It also adds tracking for amount of clicks on a specific URL. There are more nefarious uses that others have stated redirection for paid links to them and user profile building for ad targeting
I’m thinking they’d want to control misuse of the platform. Someone links malware and it is shared enough, they may want to be able to intercept that. At least, that’s what I’d want to be able to do.
Even if it didn’t go to bluesky.app first before the actual link, clicks on it can still be made to be tracked. It’s trivial to do it much more discreetly.
It is definitely tracked, but I would guess that turning it into a bluesky link has other uses, not all nefarious, such as: link previews, caching, dealing with dead links.
I, for one, am shocked that moving from one corporate owned social media to another corporate owned social media didn’t fundamentally change anything.
Well for one, most of the nazis stayed behind.
The current marketing strategy for Bluesky is to target disaffected left-of-center people.
This isn’t because Bluesky is the one moral company in all of capitalisim. Instead, it’s because they see an opportunity to grow their userbase (and income) by messaging to people who are likely to leave Twitter. It’s no different than the thousands of companies that put up Pride Month banners and then a month later they take them down and continue donating to right-wing politicians.
Bluesky isn’t your ally, they’re just the current company that is pandering to you.
I’m not saying they’re my ally or the solution to the internet. They’re a platform that is currently not containing as many nazis.
If a bar I’m in has aggressively drunk dudes in it, I can just go to the next bar over and have a good time. That bar doesn’t have to be fundamentally impervious to aggressive drunk dudes for this to be true and useful.
I mean, I’ve heard a enough words from Popper to know that there’s only two amounts of Nazis: none and too many for me.
I don’t think Bluesky has none
fuck it’s almost like the world runs on capitalism
Yeah, we need to do something about that.
state funded internet service and social media?
Ideally people funded.
Honestly not much of a functional difference between modern states and corporations.
States just do their best to pretend to be democratic while also being mechanisms of control and furthering the siphoning of all material wealth to the rich.
Yes even the social democratic states work like that, and it’ll get way more obvious soon.
The state is publicly funded, but yeah, it is better if the public can solve a problem without the state or without oligarchs like Elon involved.
Late reply but that would be a good start. I really wish something like cjdns would take off. A decentralized, p2p, and fully encrypted IP routing service that is open source and freely available could be used to build a truly free and secure Internet instead of relying on corporate ISPs to provide bandwidth.
This is for publishers. They announced this openly.
What is wrong wth a fucking discount code to show where you hot the referral.
I refuse all cookies everywhere and the internet works just fine.
I use duckduckgo. It shows the sites I’ve visited, and tracking attempts. And, yes, there are tracking attempts from bluesky. There are no tracking attempts from lemmy.ca
