What is with the new URLs on facebook.com?

Firefox recently started stripping out tracking URLs [0] and the most prevalent one is Facebook with it's ?fbclid= so it looks like they're encoding it straight into the URL now to bypass that, Medium does similar also.

[0] https://www.engadget.com/firefox-can-now-automatically-remov...

This is Facebook actively circumventing their users' explicit requests to not be tracked :) They have no respect for you

It appears the the old urls still exist, they are just sort of hidden.

Your VICE link is also here, for example:

https://www.facebook.com/VICE/posts/6037626766270531

Edit: To find the old style url, use /plugins/post.php with the new style url passed as a url encoded param value for "href", like: https://www.facebook.com/plugins/post.php?href=https%3A%2F%2...

Then, there's a timestamp like "10 minutes" ago in the returned page that leads to the old url.

I imagine you could make a browser plugin out of that.

Along these lines, someone else mentioned that Tiktok embeds direct tracking into URLs already.

Twitter recently started adding a 't=' param to their share links [0] as well, and I can only guess that it's some kind of similar tracking scheme. From watching browser traffic it appears to be generated when you click the share button, but I might be wrong about that.

[0] https://twitter.com/NanoRaptor/status/1548301612246249474?s=... - the first thing in my feed. Link works fine without any of the query params, of course.

I don’t have any super-special insight here, but FBID is facebook’s global integer ID namespace (fun fact: Zuckerberg’s account is 3, back in the day he was always getting random friend requests from people’s unit tests). Don’t know what a “p”-FBID is.

I know symmetric encryption is reasonably cheap these days, but anything times “Facebook edge requests” is a lot, I bet any of the cryptographers on here could find out pretty quickly what’s in that blob.

I have a feeling Facebook looks at URLs as an unfortunate requirement for running their walled garden in browsers. The more opaque, the better for their business.

I'm 90% certain the old number was an FBID. The new one looks like a different FBID encoding scheme - possibly with the type info included ('p') to reduce the overhead of a second data fetch.

FBIDs are a globally unique id system that they've been using for almost as long as they've been around, if not actually from the beginning.

Here's how a browser could counteract this privacy-busting measure:

When the user clicks one of these links, the browser could open it in a headless tab and wait for the URL to change to a non-facebook URL. The browser then remembers that URL, closes the headless tab, and navigates to the underlying URL with tracking parameters stripped.

I noticed TikTok does something similar. For example, if you copy a link to a creator's page while logged in, your profile is encoded into the URL and your name and photo are displayed alongside the linked content. It's two steps to fix it - open the encoded link yourself, remove the extra data, then send the cleaned link.

https://www.ghacks.net/2022/07/17/facebook-has-started-to-en...

Oh it’s nothing, just something to make your life easier. Oh, and to make your life better as well. Just ignore it and keep using Facebook.

I don't understand. If click on it.... and? How will that make me less private? Or how will it hurt me in any way?

I wonder if this is related to why mbasic.facebook.com links are regularly breaking now.

Cannot somebody reverse engineer it?

People still use Facebook