Need to write a bookmarklet that strips a Twitter URL down to the canonical form without s= and t= parameters (or maybe easier: no parameters at all)
Posted by jpluimers on 2023/12/12
Based on these tweets, I want to write a bookmarklet that at least removes the s= and t= parameters from Twitter URLs, maybe even all parameters (TODO: figure out if there are useful Twitter URL parameters first):
- [Wayback/Archive] Peter Suber on Twitter: “Many tweet URLs end with “
?s=03” (or another number like “?s=09“). Deleting these URL parameters causes no harm. Or at least the truncated URL loads the same tweet. What do these URL parameters mean and who uses them? @twitter, #twitter, #tweeps” - [Wayback/Archive] Peter Suber on Twitter: “@jpluimers @Twitter I’ve noticed that too. Sometimes the URL with the
t=parameter works as is and sometimes it doesn’t work until we delete the parameter.”
Even Jack Dorsey didn’t know they were introduced when he was still Twitter CEO. From the tweets below:
- The
sparameter seems to have to have to do with both the kind of sharing and the type of client used. - The
tparameter could correlate with the user ID.
There is a sort of bookmarklet below which goes through an external web-site (search for “unfurl”), but I want to do it purely client-side.
On the t parameter
- [Wayback/Archive] @luca@vis.social on Twitter: “There is a new URL parameter, when sharing Tweets:
?t=I copied links to several Tweets and it always stayed the same. My other accounts don’t have it yet, so I wasn’t able to confirm if it identifies the account. But when I switched back to this account, it changed.”
[Wayback/Archive] Markus (er/he) on Twitter: “Kopierte Twitter-Links sehen bei mir seit sehr kurzem so aus. Den rot markierten Teil gab’s vorher schon, der gelbe Teil ist neu. Mir wurde gesagt, @luca könnte wissen, was es damit auf sich hat. !B”
- [Wayback/Archive] @luca@vis.social on Twitter: “Could it identify a session? More testing needed. (The ?s= identifies the app where the URL is copied from. Android/iOS/Web and so on.)”
- [Wayback/Archive] @luca@vis.social on Twitter: “Each time, I switch between accounts back and forth, the value changes. While I’m in one account, it stays the same. Force quitting the app, creates a new one as well.
?t=2YTCjCNiphYQf-LFVHGNFA?t=S4piMogYT9kpB9Z2ClkbRA“ - [Wayback/Archive] @luca@vis.social on Twitter: “So far, it seems to be only tested on Android and only with few accounts. Not sure, if it could become a privacy issue. It may be possible to identify which account originally shared a URL to a Tweet by comparing it to other URLs with same hash.”
- [Wayback/Archive] FlaminSarge on Twitter: “@luca For those seeing this a year later like me, when you first load up Twitter on a desktop browser the page makes a request to
twitter.com/i/api/1.1/attribution/event.jsonand that returns a session_token which is the same as the `t=` value. If you hard refresh (Ctrl+Shift+R) a new token gets sent/set.”
- [Wayback/Archive] Reddit:
t=query in twitter URLs : Twitter - [Wayback/Archive] Twitter IDs | Docs | Twitter Developer Platform
- [Wayback/Archive] TweeterID – Twitter ID and username converter (note: I want to write a Bookmarklet for this too)
On the s parameter
- [Wayback/Archive] Peter Suber on Twitter: “Many tweet URLs end with “
?s=03” (or another number like “?s=09“). Deleting these URL parameters causes no harm. Or at least the truncated URL loads the same tweet. What do these URL parameters mean and who uses them? @twitter, #twitter, #tweeps”- [Wayback/Archive] Jeroen Wiert Pluimers @wiert@mastodon.social on Twitter: “@petersuber @Twitter A while ago, the android client started to use t= parameters as well, then for a while it didn’t and now those t= are back. For instance
twitter.com/lunasorcery/status/1449400981188382722“
[Wayback/Archive] Ada Lovecraft 🐀 on Twitter: “@PenLlawen”
[Wayback/Archive] Compiler Explorer:
G54Mb9Es3
gcc.godbolt.orgCompiler Explorer - Rust (rustc 1.55.0)pub fn add(a: u64, b: u16) { println!("{}", a + b);Note: somehow after posting the Tweet, both the
s=and thet=parameters got lost.- [Wayback/Archive] Peter Suber on Twitter: “@jpluimers @Twitter I’ve noticed that too. Sometimes the URL with the
t=parameter works as is and sometimes it doesn’t work until we delete the parameter.” - [Wayback/Archive] Jeroen Wiert Pluimers @wiert@mastodon.social on Twitter: “@petersuber @Twitter I’m have been writing a bunch of bookmarklets that help me with blogging, archiving in @waybackmachine/@archiveis and tweeting. Will incorporate your tips as there is a good chance of me running out of “bonus” life in the next few years.” / Twitter
- [Wayback/Archive] Peter Suber on Twitter: “@jpluimers @Twitter I’ve noticed that too. Sometimes the URL with the
- [Wayback/Archive] Stephen Hartley on Twitter: “@petersuber @Twitter Doesn’t look like we’re going to get an official response from @Twitter, although if you’ve not already seen it, there are some ideas here:
twitter.com/MattNavarra/status/1044147538922803201(and just to be meta, I deleted the s parameter from that URL! 😀)”
[Wayback/Archive] Matt Navarra on Twitter: “Why does twitter add ?s=21 to every tweet URL… even when it’s not a link to a video clip?”
- [Wayback/Archive] Jeroen Wiert Pluimers @wiert@mastodon.social on Twitter: “@petersuber @Twitter A while ago, the android client started to use t= parameters as well, then for a while it didn’t and now those t= are back. For instance
- [Wayback/Archive] Dylan Smith on Twitter: “@Kerumen @GergelyOrosz Slight correction: different depending which option you choose from the share menu.”
- [Wayback/Archive] Nat Friedman on Twitter: “Use my script @jack! 😎”
- a
- [Wayback/Archive] ScorpionoxVoid on Twitter: “@MattNavarra I think it’s a tracker to determine where the share have originated. ?s=19 (from Android mobile devices) ?s=20 (from Windows devices) ?s=21 (from iOS devices I guess)”
- [Wayback/Archive] sweetness and light on Twitter: “@he_la_lee @cryptosawyer @MattNavarra there are new ones now i’ve seen 61 and something else. there is now a “T” parameter with each link. it seems to be unique to each tweet i’m guessing it’s T for tracking”
- [Wayback/Archive] Jacob Ford on Twitter: “@MattNavarra Trying to reverse engineer these! s=20: any share from web s=10: shared to Messages from iOS app s=21: copied to clipboard from iOS app”
- [Wayback/Archive] oh hey look a gopher on Twitter: “@GergelyOrosz FYI that link in the screenshot is acquired by the user tapping “Copy Link” button from the Twitter app on iPhone. That’s what the parameter “
s=46” means. It’s safe to also drop that from the final URL. Here’s where I got the s-parameter table to look up: …”
Observed values from the above tweets:
- s=10
- s=19 from Android mobile devices
- s=20 from Windows devices
- s=21 from iOS devices
- s=42
- s=46 from iPhone (copy)
Full s value list and better idea on the t parameter
From the “gopher” link above you can see that [Wayback/Archive] Unfurl v2022.11: Social Media Edition has a full list of all the s= values:
SPARAMETERSHARED FROM 01an Android using SMS 02an Android using Email 03an Android using Gmail 04an Android using Facebook 05an Android using WeChat 06an Android using Line 07an Android using FBMessenger 08an Android using WhatsApp 09an Android using Other 10iOS using Messages or SMS 11iOS using Email 12iOS using Other 13an Android using Download 14iOS using Download 15an Android using Hangouts 16an Android using Twitter DM 17Twitter Web using Email 18Twitter Web using Download 19an Android using Copy 20Twitter Web using Copy 21iOS using Copy 22iOS using Snapchat 23an Android using Snapchat 24iOS using WhatsApp 25iOS using FBMessenger 26iOS using Facebook 27iOS using Gmail 28iOS using Telegram 29iOS using Line 30iOS using Viber 31an Android using Slack 32an Android using Kakao 33an Android using Discord 34an Android using Reddit 35an Android using Telegram 36an Android using Instagram 37an Android using Daum 38iOS using Instagram 39iOS using LinkedIn 40an Android using LinkedIn 41Gryphon using Copy 42an iPhone using SMS 43an iPhone using Email 44an iPhone using Other 45an iPhone using Download 46an iPhone using Copy 47an iPhone using Snapchat 48an iPhone using WhatsApp 49an iPhone using FBMessenger 50an iPhone using Facebook 51an iPhone using Gmail 52an iPhone using Telegram 53an iPhone using Line 54an iPhone using Viber 55an iPhone using Instagram 56an iPhone using LinkedIn 57an iPad using SMS 58an iPad using Email 59an iPad using Other 60an iPad using Download 61an iPad using Copy 62an iPad using Snapchat 63an iPad using WhatsApp 64an iPad using FBMessenger 65an iPad using Facebook 66an iPad using Gmail 67an iPad using Telegram 68an iPad using Line 69an iPad using Viber 70an iPad using Instagram 71an iPad using LinkedIn
and also has this (which correlates with the reverse engineering below):
I don’t think anyone outside of Twitter knows exactly how the
tparameter is constructed, but from my observations it appears consistent per device for a time. I shared tweets via numerous methods in August from my phone and thetwas consistently the same. I did similar tests again in November, and thetvalue was again the same for different sharing methods, but it was different than from August. Maybe a software update or some other change on the device caused a change in thet“fingerprint”? With this in mind, I think seeing the sametvalues on multiple links suggests the same device was the sharing source. However, differenttvalues could still be from the same device, just over a longer time period.
Reverse engineering to understand the URL parameters
This is a cool start of a long thread: [Wayback/Archive] 闩长丂廾闩ㄚ on Twitter: “Let’s reverse Twitter App (LIVE)” / Twitter
[Wayback/Archive] Ian Coldwater on Twitter: “it’s Saturday morning so I’m reverse engineering Twitter for funsies, as one does” / Twitter
- [Wayback/Archive] 闩长丂廾闩ㄚ on Twitter: “Context, original tweet was deleted by the Tweet Author:”
- [Wayback/Archive] technerd 🇮🇳🇺🇦 on Twitter: “@64_BlT what i have found is ‘s’ value and position in the url changes when it is done through app or web client. top one is from app bottom one is from web client”
The full thread is at [Wayback/Archive] Thread by @onosmosis_ on Thread Reader App, with some highlights (and especially links to tools used):
- Let’s look at an actual Twitter Share link from my web client:
twitter.com/64_BlT/status/1573724090816667648?s=20&t=KEFyG5hyGQnxyUuILUGbDw- …
- We could reverse the Twitter web app with relative ease, but I decided to go with the Android app as I’ve worked with them in the past. I have downloaded the latest Twitter app (APK) and used JadX and loaded the APK.
- JadX is a dex to java ‘decompiler’ that works equally well for APK files:
- …
- On L#68. we can see the match. This looks promising because it appears to be the one we’re looking for (syntax-wise).
- We also got a clue that ‘t’ must correspond to the ‘timecode’
- …
- Now that we know that ‘t’ must be a timecode, we can search for ‘timecode’ or similar strings. However, it being a generic term, I’ll skip it for now, but will revisit this once I’ve explored it further.
- …
- The numbers t/3600, t × 3600/60 and %60 are coincidentally the math one would do to convert a value to seconds, minutes and hours.
- …
- Clue/Inference #3: This ‘t’ value corresponds to some timestamp value encoded via a possibly reversible way such that Twitter can when the tweet was shared (externally) and when it is being viewed.
- …
- After all, this provides 2 valuable pieces of information to Twitter:
- By seeing when the Tweet was shared outside and when the Tweet is being viewed and comparing the time (at the server-side), Twitter can know:
- a) when a Tweet goes viral,
- b) Which tweets are popular,
- c) If an old or new tweet that’s getting some attention and using share time.
- *3 pieces of information
- …
So it might be that the t= parameter is just an obfuscated time code to correlate session timestamps and for instance optimise timeline generation.
Stripping the URL parameters (some solutions work for any URL with parameters)
In addition to the above Python script by Nat Friedman (which only works on MacOS as it depends on [Wayback/Archive] pasteboard · PyPI) many replies to the above tweets included tips or tools for stripping URL parameters. Some of them (including Nat’s one):
- MacOS: [Wayback/Archive] nat/twtrnotrack: Quick script to automatically remove tracking cookies from Twitter links in your macos clipboard
- iOS: [Wayback/Archive] Elliot Williams on Twitter: “@GergelyOrosz This has been bothering me too. I recently made a quick iOS Shortcut to do this from the share sheet:”
[Wayback/Archive] Elliot Williams on Twitter: “Today I made a super simple iOS Shortcut which strips the query params off of Twitter links (and others), neatening them up and removing the tracking IDs, if you’re into that sort of thing. You can get it here: …”
- Brave: [Wayback/Archive] Save Invest Repeat 📈 on Twitter: “@GergelyOrosz @Brave Browser does it automatically. “Copy clean link” feature in Brave: 1. Right-click the URL bar. 2. Select “Copy clean link” 3. When you paste the URL, all the unnecessary text on the end will be gone. For Andriod/iOS Twitter app – manually have to do it.”
- Manually: [Wayback/Archive] Davide Di Stefano on Twitter: “@GergelyOrosz I usually change the parameters with random things, in the hope that someday some analytics person will be confused “why is there a ‘
uckyou’ value in the ‘f’ parameter?”” - Bookmarklet: [Wayback/Archive] oh hey look a gopher on Twitter: “@GergelyOrosz FYI that link in the screenshot is acquired by the user tapping “Copy Link” button from the Twitter app on iPhone. That’s what the parameter “
s=46” means. It’s safe to also drop that from the final URL. Here’s where I got the s-parameter table to look up: …”
[Wayback/Archive] Unfurl v2022.11: Social Media Edition
[Wayback/Archive] Twitter parser – full list for the sharing code parameter · Issue #162 · obsidianforensics/unfurl
[Wayback/Archive] abs.twimg.com/responsive-web/client-web/main.ea5f3cf9.js (search for
,71:)
- [Wayback/Archive] obsidianforensics/unfurl: Extract and Visualize Data from URLs using Unfurl
…
- There is an online version at https://dfir.blog/unfurl. Visit that page, enter the URL in the form, and click ‘Unfurl!’.
- You can also access the online version using a bookmarklet – create a new bookmark and paste
javascript:window.location.href='https://dfir.blog/unfurl/?url='+window.location.href;as the location. Then when on any page with an interesting URL, you can click the bookmarklet and see the URL “unfurled”.…
Note I modified the Bookmarklet into
javascript:open('https://dfir.blog/unfurl/?url='+window.location.href);which translatestwitter.com/64_BlT/status/1573724090816667648?s=20&t=KEFyG5hyGQnxyUuILUGbDwintohttps://dfir.blog/unfurl/?url=https://twitter.com/onosmosis_/status/1573724090816667648?s=20&t=KEFyG5hyGQnxyUuILUGbDw.- [Wayback/Archive]
dfir.blog/unfurl
- MacOS: [Wayback/Archive] Andy Day on Twitter: “@GergelyOrosz I wrote this as a way to strip tracking params on desktop: …”
- iOS [Wayback/Archive] secondstate ᵍᵐ on Twitter: “@GergelyOrosz Yeah, f*ck that, I made these a few months ago, works great with a few extra steps: Copy: … Share: …”
- iOS: [Wayback/Archive] oh wow on Twitter: “@GergelyOrosz if you long press on the share button (on iOS at least), it automatically strips it” / Twitter
More generic comments on URL parameters and privacy
- [Wayback/Archive] Gergely Orosz on Twitter: “When you share a tweet, the URL copied contains a parameter
?t=XYZ. This is the encoded user ID of the person who shared this tweet (aka your user ID). Twitter can track this way who views the link that you shared elsewhere. To maintain privacy, manually delete this parameter.”- [Wayback/Archive] Bryan Haggerty on Twitter: “@dylanatsmith @CamThePerson @imranpasha321 @Kerumen @GergelyOrosz I used to bug the PM about this, because it never made much sense from an analytics standpoint–it only gets counted when someone clicks the link that was shared. So it’s not a 1:1 of popularity of share method. This was better tracked client side.”
- [Wayback/Archive] peter on Twitter: “@GergelyOrosz Also since the encoded user ID appears to be the same for every tweet you share, if many are shared publicly they can be tied back to you.”
- [Wayback/Archive] Wael Al-Hasnawi on Twitter: “@GergelyOrosz I noticed the change early on and I always do that. But smart reminder for those who didn’t know. Same thing with Instagram with the sharing ID.”
- [Wayback/Archive] Wael Al-Hasnawi on Twitter: “@GergelyOrosz Now that I think about it, they may change it soon to create and generate URLs using an endpoint parameter in the path, kind of a reference value that refers back-end to the source tweet ID, and displays it to the user Like aliases if you want.”
Queries
- [Wayback/Archive] twitter s parameter – Google Search
- [Wayback/Archive] twitter t parameter – Google Search
- [Wayback/Archive] decode twitter user id – Google Search
- [Wayback/Archive] “bookmarklet” convert twitter id username – Google Search
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment