Google tracking on Android

[Kusresa]

On Android there is a document request sent by Google after clicking a link under 'Videos' (by the way I'm opening the videos in the browser not in the Youtube app). I tried redirecting the link but that didn't work.

The document request URL is:

https://www.google.com/searchurl/rr.html#app=com.google.android.youtube&pingbase=https://www.google.com/&url=https://m.youtube.com/watch?v=example

I'm guessing it's also used to track clicks for things other than Youtube. Can this document request be stopped so the only request made is to the URL in the url parameter?

[Rob--W]

Can you provide the exact steps (original Google URL) to obtain this result? And just for reproducibility, which browser version and extension version are you using?

[Kusresa]

1. Disable opening videos to Youtube app or Disable Youtube app in Android app settings.
2. In Firefox address bar type in 'music video'
3. Google page loads, then click Videos header
4. After Google's Videos page loads, click on any link

On Firefox 58 Beta, latest version 4.20

[Rob--W]

I can't reproduce this. Can you share the URL of the search result page? "In Firefox address bar type in 'music video'" assumes that my default search engine is Google (it is not). Even if I select Google's search engine, I end up on a page where the source looks like a table containing:

<a href="/url?q=https://m.youtube.com/watch%3Fv%3D2Vv-BfVoq4g&amp;sa=U&amp;ved=0ahUKEwj6wcHF9c3YAhXJCsAKHW7JApMQuAIIDDAB&amp;usg=AOvVaw2aWJ5XdrMi1GIHdENnuJBe"><img src="https://img.youtube.com/vi/2Vv-BfVoq4g/default.jpg?h=69&amp;w=92&amp;sigh=__Y90Cs0FC3cFfxZ0hEDy7NSouOhA=" alt="Video voor music video" width="92" height="69" border="1" align="left"></a>

When I tap on a search result, I am immediately directed to a YouTube video.
For what it's worth, I am trying to reproduce this in a private tab.

[Kusresa]

URL is: https://www.google.com/search?q=music+video&prmd=ivmn&source=lmns&tbm=vid&sa=X&ved=...

One thing I just realized I forgot to mention, I'm using the "Chrome UA on Google" Firefox addon since Google's interface for Firefox is poor. I just tried with the default UA and like you I am redirected directly to a Youtube video. So I'm guessing it is only done on the layout showed to Chrome users.

[Rob--W]

I tried to reproduce with Chrome's UA override, set to Chrome Mobile (+Device toolbar), and see the following HTML:

<a class="_p6m" data-url="intent://www.youtube.com/playlist?list=PLFgquLnL59alCl_2TQvOiD5Vgm1hCaGSI#I…gle.nl;launchFlags=0x8080000;S.intent_description=Popular+Music+Videos;end" data-weburl="http://www.youtube.com/playlist?list=PLFgquLnL59alCl_2TQvOiD5Vgm1hCaGSI" href="#" jsaction="bct.cbz" data-ved="0ahUKEwjmx5jYgs7YAhUD_SwKHffWBEgQxa8BCCQwAA" ping="/url?sa=t&amp;source=web&amp;rct=j&amp;url=%23&amp;ved=0ahUKEwjmx5jYgs7YAhUD_SwKHffWBEgQxa8BCCQwAA&amp;usg=AOvVaw0VTJzWxrN8ZFOD4xbU2nov" oncontextmenu="google.ctpacw.cm(this)"> ... </a>

Upon pressing the mouse, the link (href) turns into:

/url?sa=t&source=web&rct=j&url=%23&ved=0ahUKEwjmx5jYgs7YAhUD_SwKHffWBEgQxa8BCCQwAA&usg=AOvVaw0VTJzWxrN8ZFOD4xbU2nov.

This is bogus, but different from what you are observing. I'll try spoofing the UA on Firefox mobile later.

[Rob--W]

I tried spoofing "Mozilla/5.0 (Linux; Android 6.0.1; SM-G928F Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36" as the User-Agent in Firefox (responsive design mode), and get the same effect as reported in https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-356693730

Are you able to reproduce this bug in a private tab (without cookies)?
I don't have the YouTube app on the mobile device for testing. Could it be that this redirect URL only appears when you have (at some point) opened the YouTube app?

[Kusresa]

I can reproduce this tracking link every single time - in normal/private browsing and with/without cookies (with the Chrome UA on Google addon enabled) .

I have disabled the Youtube App and it still happens. I think this occurs when you have an app installed on your Android (or even an app that can be installed on Android) when that app should according to Google be used to open the Google link because I have reproduced links which have a different values for the app= parameter (example: com.vevo. I have no VEVO app but in Google Videos Search it will show up as Youtube app or Vevo app under the link title so Google indicates which app they think a link should be opened with). Have also come across com.dictionary in normal Google search (not under Videos) when visiting a dictionary.com link which has no indicator of an app to open with (unlike the Vevo example).

[Rob--W]

Can you paste the exact URL that you are using to access the search results?

And just in case I cannot reproduce with that exact URL, can you:

1. Go to Firefox mobile > Settings > Advanced > "Remote debugging via USB" and enable this option.
2. Connect your Android phone with your computer via a USB cable.
3. Open Firefox's WebIDE (Shift + F8) (NOTE: Your Firefox Desktop version should be at least as high as Firefox Mobile. Since you're using Firefox Beta on mobile, consider using Firefox Beta or Nightly on desktop).
4. Click on "Install ADB helper" at "USB DEVICES" (at the right), and close + re-open WebIDE.
5. Click on your device that appears in the list at the right.
6. On your mobile phone, confirm the debugging request.
7. Select the tab with the Google search results.
8. Go to the tree view of DOM elements, and try to find the <a> element that contains a search result (similar to what I posted in https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-356693730 ).

Copy the HTML source of the <a> that you selected in the last step and share it with me (maybe by mail if you are concerned about sharing potentially private information; though you could use a private tab and not log in to avoid such undesired information leakage).
Just to make sure that we are looking at the same thing, also share a screenshot of the page.

[Kusresa]

URL: https://encrypted.google.com/search?q=Music&prmd=vin&source=lnms&tbm=vid&sa=X&ved=0ahUKEwjQkc2Qxd3YAhVDa7wKHTHwCY4Q

https://i.imgur.com/oVJicZP.png

<a class="_p6m" data-url="intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end" data-weburl="https://m.youtube.com/watch?v=yd8jh9QYfEs" href="#" jsaction="bct.cbz" data-ved="0ahUKEwi68r7Nvd3YAhVNNbwKHQTXDnIQxa8BCCUwAQ" referrerpolicy="origin"><div class="g _Bhm"><div class="_V9p"><div class="_vhm"><div class="_Dhm"><span class="_Chm" style="padding-left:20px;padding-right:5px">3:54</span></div><div><g-img class="_whm" style="height:90px"><img id="uid_dimg_1" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAUDBBAOCggIDg8ICQgPCgoJCQoICgoKCQ4ICQ0NCgoICwoNChwLCA0PCgkJDRUQGh0dHx8fCg4WGBceGBAeHxIBBQUFCAcIDwkJDxYVEhMcGh0bGBoVGx4bHBceFhIVFRUXGBcVGBMSFRUXFxcVFxcaFRUXFhIVFRYVEhUdEhIVEv/AABEIAFoAeAMBIgACEQEDEQH/xAAcAAABBAMBAAAAAAAAAAAAAAAAAQUGBwIDCAT/xAA3EAACAQMCBAMGBAQHAAAAAAABAgMABBESIQUGEzEHIkEUMlFhcYEjkaGxFTNCUghicnPB0fD/xAAbAQACAwEBAQAAAAAAAAAAAAAABAECBQMGB//EACoRAAICAQQBAgQHAAAAAAAAAAABAhEDBBIhMUFRYQWx0fATIiMycoGR/9oADAMBAAIRAxEAPwDjKinazs1OhGV1kPaRpUSLT94/+alnF+RohF1o5GICFmDMjDIGcBwoAH2qUr6FM2uxYZKM/PRXtLU65F5RhuoZWaR4ZgxSMF49JbAOcFdTjfsPzpzbwqb2rp6ibTSGMmwbOMFcYx33z8KKZxyfFdPjm4TlTXt8vUrGipTz1wKK3MaI0kkjDJ1MhAAOPRc7n9qjXSONXpRQ3hzxywU49M10U423A5mAZY5WBGQVUnY9jXnvLF0IDpJGfTWrLn6ZG9VtHY81FZFaSpASislHegrQBjRS0YoASilpKAJ3wa5EVnJC1rLK7ZdHdepFqIwG7eXA+FevhUcQWEyQlGYZYB3KB9QCHps2BnOcU78N4FdaEu4D1ozF0ukZAmhyq+cKw0P6GmV+B3TMI5ZLa30nZWeJSGIxq0r3OKtTTPNPJjyN1NLm3+Z3fpXgz4Fwi2do4AHEk0czQyyPhUliLYXAHYFM5qXXFs5sBwt7mCO+UAyO7tjogsdPUAySEXf6fOoLJy1MzJChleOFXQTaSkQDMWk0v2K5diW39fSlh4O7NqYliVDhnJBaMt01k33wcZ+m9TCNk58MZtPfdO+eeea78V4GbnmxSK8lgj9xMJ3Jy6jzHJOT5s1v5S4eJp4oD7gw7/P4L+Z/StPN/Dnin/EUrghTq97UAC2oHfPmBz65yDXq8O74JexhvdOpSRjPl3GMnHoapltRe03NNTjG3Z0pyVyupCAgDYflTtzhyZC0TJhJMjdWUEffamrlrm+HyoTIvoGZRoz8NQbvUi5m4i625khGolSQ2nV5QNyPT71kK1w+zTVPk5N8TeVDaTYCkW7ktCx3wR70Jb1xsR8j8qh1W/4jw3VxHOhij0IHnmkciWYGAZLJKrGPQylgoX4HIGRmoa1Mbe3kVdXwbra2LBiOw/f4VrkQg4OQfnTry+Ada752I32/L1NJxtTkEdvWujVJMW/G/U2MaKKWioGBKSlNLQB1N4Uw6rUp/pI+6L/1XmsvDWCL2h7jpXTtKZurMuGEbkHS2XI2Ac52+lRXw18QBHG9t0Z5LvSjQwjZpEVQH0bZJCqz4xvpOKf+ZbVuIXts0SXEMUatqugbi2kTUMGMxzWwWRmyw2z65IzTO6L9z55DTanDqJ29sXy38v8Afu6GDlm/jh4mlnaSdSynBikj/mxrK4ZVZFby7Np2+Z+0tWZHFtfC3I4izeytrjxBHPAWBcx99QCHyn5D0pu4fyVBwt04jcXINxqPsgaF5F6x31tGh6kmlc/CrVTlm8e9u5gyeyGyV0LRHT1MNpwmdpg/nbbs2mq9Gq5wk007Xr6/U5Y8YLt5L+ZpG8oMfSXAGpNPTaTAGkEsn6/KopahRJA7ANFrAkz/AG5wxwDnt5vuKtbxo5QDx2vEIpUmGhhchY3jKNkEHS2+klmH2qmi3vL3Gf1HrVJNW0ei0ji8aUfB194V8jW8cKzhlniEZ0h0TXpLdQZcDLYON/gAO1WnwyeNbIMTBF05TjWyg6JTsoXuwO35/OuTvAbnQqVsJJdI7QrIPKV7aQc5bH9v5fK8uQJVieQ9LhNvKp0LLaQ24kxsNZeWRWt3KNnsw8xAJG5y8kJylTNXDtS4HHxA49F7NNG0SxdRHAcIyagQRgxkZUkfEVwxXZPPV4ipe3RZpVEekytIZIxpyXSHyhQPdBYAZI7eUVxs1d9OmrspmpOke7gsuJUHoTpP32H6mnrikWx+9eLlq3XJuHI0ID5f8wA0n7k/pRf8WBzswGDjNNvoy80XLInHwMlLSUCqjwUtIaWgCecgc1x286XhigkuR5czPKuF06NSFQVVsZ7j12qx7rxyDtpjtZZJfdRUl1KxBOCD0tePtUd4VygrILgvoJWExoYInQKFHULavfLHt8O+aebziCp5UEUW2PwUVCfmSBmukd0TxmqzaTNltQcpfyfHsSPlHghnuYuNcVlhgCENbWIOrAU5QFAS777kY32ycbCdcT56nmncwySwWvSNuI107jWW9o93VHIyaF77YOO9U1ZcQGcnc571IIOYlQA5ApXLmfSNXSaFZGp5P6XhEvawjcG3lwyuCGVtww9e/eqE8VeQxaX0UIbTaSkNHM+ohUJw+oKpc9POTgE47Ak4qdcwc+gBJMDyujBmOPKCNYUZy2U1DHzrb4ycSWSyjlI1BF6oIxnW7pEignsDrZj/ALfzrjik93JsSioftKEs4cyaQ6oRko7EqNS7r5sZQnG32p95l5juG6EcwC3EWB1CuJGTuof+mQfOtfCOIQws5eLryBT09xpSUnIPwfGwz+lMV9dNI7SOSzH1Jz9h8BvTTVs6Rdlv8J54e+S3sW6cUMSh3UkB5Zh/LUL6IpGsn4qvp3gPPXLZhmkZBqhI14H9Ge6/MD/3amDhl0Y5Y5RkFWB2+Hr+masHj9yrxh8hwy5zk9jS0rxz46GFUo8ldLKQpUEgHGoenl7fvSSyE4zue29ZXaAMcdvhWnFNJ2jhQUtFFSSIaWkNLQBctvPcTW9q8EM88L3MXDImhXUrcRaMSJaDHZzH5voCc7Vhccg8VYQsOH8SYSSSRQkRZ1SQh2YL5s40wyFT2bQdJNR/wa8Ubjhf8TjgaMC5tTCplziG7GRBxGMiMkTRLJOq+n4pz2FTzmX/ABAT/wAPt7WKGK14ksfC4pL22ubSSJ14NIs1tIIEtesGaSNMo0jKNLaUHUOJbbMzD8L0+J8LkifLXJvFLmOKa3sb64ikha5ieOPytAjGPqAk7anVgo/q0tpBwcR22uZHN0JJEtDDq6iTq3X1qdBjWE4JYPhSD2qzk/xIdW5u5byy9ps2uuH3tja2d9JY+yy8KDeywCRIj7RBqZnZCAAzs6gHGKy5g51e5vbu/kW1S4uLqW6MiQxt0hcO0johbc6S+ATk7HfNU2IfUdqqJ77rhdo1us0s1zb3JRiiXBErtkDTJ0o1/BXVnA9QM01cy82mW2gs1yECIJiw950wVC75wDmmq74p1WPW6bH1mVMSnT23UgNttuDTZKgHZlb6Bh+4o2ohR55NdGaM0Zqx1CpBY3OLZQT21Y+maj+a2pJsFz5c1ScdyIYTnJLds9vpWus53yflWFWXQISjNGaM1JIGlpM0tAGNFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB//2Q==" class="_WCg" alt="Video for Music" onload="typeof google==='object'&amp;&amp;google.aft&amp;&amp;google.aft(this)" width="120" height="90"></g-img></div></div></div><div class="_Ahm"><div class="_Dgm" style="-webkit-line-clamp:2">Rihanna - Don't Stop The Music</div><div class="_Cgm" style="margin-top:8px"><cite><span class="_zhm">YouTube app</span></cite><span class="_xhm"> - 8 years ago</span></div></div></div><span style="display:none" jsl="$t t-4Pexf-E8mU0;$x 0;" class="r-i95eUoE3rhlw"> </span></a>

[Rob--W]

Thanks for sharing the HTML source. The same source, reformatted for readability is:

<a class="_p6m" data-url="intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end" data-weburl="https://m.youtube.com/watch?v=yd8jh9QYfEs" href="#" jsaction="bct.cbz" data-ved="0ahUKEwi68r7Nvd3YAhVNNbwKHQTXDnIQxa8BCCUwAQ" referrerpolicy="origin">
    <div class="g _Bhm">
        <div class="_V9p">
            <div class="_vhm">
                <div class="_Dhm"><span class="_Chm" style="padding-left:20px;padding-right:5px">3:54</span></div>
                <div>
                    <g-img class="_whm" style="height:90px"><img id="uid_dimg_1" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAUDBBAOCggIDg8ICQgPCgoJCQoICgoKCQ4ICQ0NCgoICwoNChwLCA0PCgkJDRUQGh0dHx8fCg4WGBceGBAeHxIBBQUFCAcIDwkJDxYVEhMcGh0bGBoVGx4bHBceFhIVFRUXGBcVGBMSFRUXFxcVFxcaFRUXFhIVFRYVEhUdEhIVEv/AABEIAFoAeAMBIgACEQEDEQH/xAAcAAABBAMBAAAAAAAAAAAAAAAAAQUGBwIDCAT/xAA3EAACAQMCBAMGBAQHAAAAAAABAgMABBESIQUGEzEHIkEUMlFhcYEjkaGxFTNCUghicnPB0fD/xAAbAQACAwEBAQAAAAAAAAAAAAAABAECBQMGB//EACoRAAICAQQBAgQHAAAAAAAAAAABAhEDBBIhMUFRYQWx0fATIiMycoGR/9oADAMBAAIRAxEAPwDjKinazs1OhGV1kPaRpUSLT94/+alnF+RohF1o5GICFmDMjDIGcBwoAH2qUr6FM2uxYZKM/PRXtLU65F5RhuoZWaR4ZgxSMF49JbAOcFdTjfsPzpzbwqb2rp6ibTSGMmwbOMFcYx33z8KKZxyfFdPjm4TlTXt8vUrGipTz1wKK3MaI0kkjDJ1MhAAOPRc7n9qjXSONXpRQ3hzxywU49M10U423A5mAZY5WBGQVUnY9jXnvLF0IDpJGfTWrLn6ZG9VtHY81FZFaSpASislHegrQBjRS0YoASilpKAJ3wa5EVnJC1rLK7ZdHdepFqIwG7eXA+FevhUcQWEyQlGYZYB3KB9QCHps2BnOcU78N4FdaEu4D1ozF0ukZAmhyq+cKw0P6GmV+B3TMI5ZLa30nZWeJSGIxq0r3OKtTTPNPJjyN1NLm3+Z3fpXgz4Fwi2do4AHEk0czQyyPhUliLYXAHYFM5qXXFs5sBwt7mCO+UAyO7tjogsdPUAySEXf6fOoLJy1MzJChleOFXQTaSkQDMWk0v2K5diW39fSlh4O7NqYliVDhnJBaMt01k33wcZ+m9TCNk58MZtPfdO+eeea78V4GbnmxSK8lgj9xMJ3Jy6jzHJOT5s1v5S4eJp4oD7gw7/P4L+Z/StPN/Dnin/EUrghTq97UAC2oHfPmBz65yDXq8O74JexhvdOpSRjPl3GMnHoapltRe03NNTjG3Z0pyVyupCAgDYflTtzhyZC0TJhJMjdWUEffamrlrm+HyoTIvoGZRoz8NQbvUi5m4i625khGolSQ2nV5QNyPT71kK1w+zTVPk5N8TeVDaTYCkW7ktCx3wR70Jb1xsR8j8qh1W/4jw3VxHOhij0IHnmkciWYGAZLJKrGPQylgoX4HIGRmoa1Mbe3kVdXwbra2LBiOw/f4VrkQg4OQfnTry+Ada752I32/L1NJxtTkEdvWujVJMW/G/U2MaKKWioGBKSlNLQB1N4Uw6rUp/pI+6L/1XmsvDWCL2h7jpXTtKZurMuGEbkHS2XI2Ac52+lRXw18QBHG9t0Z5LvSjQwjZpEVQH0bZJCqz4xvpOKf+ZbVuIXts0SXEMUatqugbi2kTUMGMxzWwWRmyw2z65IzTO6L9z55DTanDqJ29sXy38v8Afu6GDlm/jh4mlnaSdSynBikj/mxrK4ZVZFby7Np2+Z+0tWZHFtfC3I4izeytrjxBHPAWBcx99QCHyn5D0pu4fyVBwt04jcXINxqPsgaF5F6x31tGh6kmlc/CrVTlm8e9u5gyeyGyV0LRHT1MNpwmdpg/nbbs2mq9Gq5wk007Xr6/U5Y8YLt5L+ZpG8oMfSXAGpNPTaTAGkEsn6/KopahRJA7ANFrAkz/AG5wxwDnt5vuKtbxo5QDx2vEIpUmGhhchY3jKNkEHS2+klmH2qmi3vL3Gf1HrVJNW0ei0ji8aUfB194V8jW8cKzhlniEZ0h0TXpLdQZcDLYON/gAO1WnwyeNbIMTBF05TjWyg6JTsoXuwO35/OuTvAbnQqVsJJdI7QrIPKV7aQc5bH9v5fK8uQJVieQ9LhNvKp0LLaQ24kxsNZeWRWt3KNnsw8xAJG5y8kJylTNXDtS4HHxA49F7NNG0SxdRHAcIyagQRgxkZUkfEVwxXZPPV4ipe3RZpVEekytIZIxpyXSHyhQPdBYAZI7eUVxs1d9OmrspmpOke7gsuJUHoTpP32H6mnrikWx+9eLlq3XJuHI0ID5f8wA0n7k/pRf8WBzswGDjNNvoy80XLInHwMlLSUCqjwUtIaWgCecgc1x286XhigkuR5czPKuF06NSFQVVsZ7j12qx7rxyDtpjtZZJfdRUl1KxBOCD0tePtUd4VygrILgvoJWExoYInQKFHULavfLHt8O+aebziCp5UEUW2PwUVCfmSBmukd0TxmqzaTNltQcpfyfHsSPlHghnuYuNcVlhgCENbWIOrAU5QFAS777kY32ycbCdcT56nmncwySwWvSNuI107jWW9o93VHIyaF77YOO9U1ZcQGcnc571IIOYlQA5ApXLmfSNXSaFZGp5P6XhEvawjcG3lwyuCGVtww9e/eqE8VeQxaX0UIbTaSkNHM+ohUJw+oKpc9POTgE47Ak4qdcwc+gBJMDyujBmOPKCNYUZy2U1DHzrb4ycSWSyjlI1BF6oIxnW7pEignsDrZj/ALfzrjik93JsSioftKEs4cyaQ6oRko7EqNS7r5sZQnG32p95l5juG6EcwC3EWB1CuJGTuof+mQfOtfCOIQws5eLryBT09xpSUnIPwfGwz+lMV9dNI7SOSzH1Jz9h8BvTTVs6Rdlv8J54e+S3sW6cUMSh3UkB5Zh/LUL6IpGsn4qvp3gPPXLZhmkZBqhI14H9Ge6/MD/3amDhl0Y5Y5RkFWB2+Hr+masHj9yrxh8hwy5zk9jS0rxz46GFUo8ldLKQpUEgHGoenl7fvSSyE4zue29ZXaAMcdvhWnFNJ2jhQUtFFSSIaWkNLQBctvPcTW9q8EM88L3MXDImhXUrcRaMSJaDHZzH5voCc7Vhccg8VYQsOH8SYSSSRQkRZ1SQh2YL5s40wyFT2bQdJNR/wa8Ubjhf8TjgaMC5tTCplziG7GRBxGMiMkTRLJOq+n4pz2FTzmX/ABAT/wAPt7WKGK14ksfC4pL22ubSSJ14NIs1tIIEtesGaSNMo0jKNLaUHUOJbbMzD8L0+J8LkifLXJvFLmOKa3sb64ikha5ieOPytAjGPqAk7anVgo/q0tpBwcR22uZHN0JJEtDDq6iTq3X1qdBjWE4JYPhSD2qzk/xIdW5u5byy9ps2uuH3tja2d9JY+yy8KDeywCRIj7RBqZnZCAAzs6gHGKy5g51e5vbu/kW1S4uLqW6MiQxt0hcO0johbc6S+ATk7HfNU2IfUdqqJ77rhdo1us0s1zb3JRiiXBErtkDTJ0o1/BXVnA9QM01cy82mW2gs1yECIJiw950wVC75wDmmq74p1WPW6bH1mVMSnT23UgNttuDTZKgHZlb6Bh+4o2ohR55NdGaM0Zqx1CpBY3OLZQT21Y+maj+a2pJsFz5c1ScdyIYTnJLds9vpWus53yflWFWXQISjNGaM1JIGlpM0tAGNFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB//2Q==" class="_WCg" alt="Video for Music" onload="typeof google==='object'&amp;&amp;google.aft&amp;&amp;google.aft(this)" width="120" height="90"></g-img>
                </div>
            </div>
        </div>
        <div class="_Ahm">
            <div class="_Dgm" style="-webkit-line-clamp:2">Rihanna - Don't Stop The Music</div>
            <div class="_Cgm" style="margin-top:8px"><cite><span class="_zhm">YouTube app</span></cite><span class="_xhm"> - 8 years ago</span></div>
        </div>
    </div><span style="display:none" jsl="$t t-4Pexf-E8mU0;$x 0;" class="r-i95eUoE3rhlw"> </span></a>

I can see the difference between my data-url from https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-356693730 :

intent://www.youtube.com/playlist?list=PLFgquLnL59alCl_2TQvOiD5Vgm1hCaGSI#I…gle.nl;launchFlags=0x8080000;S.intent_description=Popular+Music+Videos;end

and yours (I can see the exact same thing when I visit view-source:https://encrypted.google.com/search?q=Music&prmd=vin&source=lnms&tbm=vid&sa=X&ved=0ahUKEwjQkc2Qxd3YAhVDa7wKHTHwCY4Q ):

intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end

The latter includes the unwanted rr.html URL that you've reported.

The next thing is to look for how data-url ends up being used for the navigation (since it is certainly not a standard HTML attribute). I found a reference to cbz in
https://encrypted.google.com/xjs/_/js/k=xjs.qs.en.JS1jr9u2HOM.O/m=aa,async,dvl,foot,ipv6,mu,sonic,d3l,tnv,bct,cyf,udlg,rQSi2,DiYNK/am=AIukGQPwkAPIHMWEZHBfIAR0AiA/exm=sx,elog,cdos,sb_mob,mbsf,hsm,r,qim,jsa,d,csi/rt=j/d=1/ed=1/t=zcms/rs=ACT90oHZi63iKfoX49u7rkNtFjLf5SphoA?xjs=s1 :

qs_Eh("bct",{cba:qs_eka,cbc:qs_gka,cbi:qs_hka,cbx:qs_cka,cbz:qs_fka},!0)

And qs_fka is:

qs_fka = function(a, b) {
  qs_Hh(a, b.ved || "", b.url || "", b.webur l| |"", b.lei, b.packageid || "", !0)
}

In the above snippet, variable a is the <a> element and b is the a.dataset object. So b.url above maps to the value of the data-url attribute. Then there is a lot of code (with a XMLHttpRequest in between to track the click, and the navigation request finalizes with assigning the literal intent:-URL with location.href = ....
So at no point is the URL assigned to the real HTML href attribute, and that's why my extension is not preventing the link from being rewritten at the moment.

And the above logic (bct.cbz) is invoked during a click handler (with event.state == event.BUBBLING_PHASE). So I guess that this particular issue can be fixed by intercepting the click handler at the capturing phase and rewriting the data-url attribute.

[Rob--W]

Published in v4.21.
Verified using the following test:

1. Visit https://encrypted.google.com/robots.txt
2. Run the following snippet in the console:

document.body.innerHTML=`
<a data-url="intent://www.youtube.com/watch?v=yd8jh9QYfEs#Intent;scheme=http;package=com.google.android.youtube;S.browser_fallback_url=https%3A%2F%2Fencrypted.google.com%2Fsearchurl%2Frr.html%23app%3Dcom.google.android.youtube%26pingbase%3Dhttps%3A%2F%2Fencrypted.google.com%2F%26url%3Dhttps%3A%2F%2Fm.youtube.com%2Fwatch%3Fv%253Dyd8jh9QYfEs;S.android.intent.extra.REFERRER_NAME=https%3A%2F%2Fencrypted.google.com;launchFlags=0x8080000;S.intent_description=Rihanna+-+Don%26%2339%3Bt+Stop+The+Music;end" href="#" onclick="alert(this.dataset.url)">test
</a>
`

3. Click on the link and confirm that the URL after browser_fallback_url= is YouTube and not the Google redirect URL.

Please update the add-on (e.g. by manually re-installing the add-on from AMO) and confirm whether this update fixes your issue.

[Kusresa]

Thanks Rob, can confirm it's now fixed!

Just by chance while testing, I also came across another tracking link (edit: think it is the same bogus one you mentioned previously). To reproduce, have JS disabled on google and 3rd parties, click an amp link in Google search (ones with the lightning icon next to them). To test you can google something like "car definition" and click on any link with the lightning icon (amp) next to them.

It sends a few requests upon clicking the search link but the tracking beacon URL is: https://encrypted.google.com/url?sa=t&source=web&rct=j&url=https://dictionary.cambridge.org/amp/english/car&ved=2ahUKEwjkntLkaKuNHjsFipQKHdtuAfsQFjAFegQUHnSX&usg=AOvVaw18NjgH_jKmloSJ1GSNByua&ampcf=1

[Rob--W]

I visited about:config in Firefox 57 (desktop), changed javascript.enabled to false, visited https://encrypted.google.com and searched for "car definition". I didn't find any amp page. Can you share a link to the search results, and if applicable, the user agent that you are using (e.g. "Firefox 58 on mobile").

Also, by "tracking beacon URL", do you really mean a beacon, or just an ugly link (i.e. if you copy the link, the result is not the original but the long link with tracking identifiers)?

[Kusresa]

I'm using the Chrome UA on Google addon but the UA is Mozilla/5.0 (Linux; Android 6.0.1; SM-G928F Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36

Search dictionary cambridge truck some amp links should be on the first page.
Edit: Seems you tested on Desktop, amp (mobile accelerated) links don't show up there. I'm using the same Android setup as before.

By tracking beacon URL I mean that the request type is beacon. If you copy the link it is the original unredirected URL.

[Rob--W]

Could you paste the beacon URL that you're observing?
I am already blocking beacon URLs that are known to only be used for tracking since bbe14c7 . If you do see a beacon that gets through, then I might have to extend the check.

[Kusresa]

It's the tracking link mentioned in https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-358507496

https://encrypted.google.com/url?sa=t&source=web&rct=j&url=https://dictionary.cambridge.org/amp/english/car&ved=2ahUKEwjkntLkaKuNHjsFipQKHdtuAfsQFjAFegQUHnSX&usg=AOvVaw18NjgH_jKmloSJ1GSNByua&ampcf=1

[Rob--W]

Are you sure that it's a beacon request with that URL? That URL is normally used as an intermediate page to confirm redirection.

[Kusresa]

I checked the tracking link under Network pane in Firefox's browser dev tools and it says that it is a beacon request sent via POST request method (though it seems there is no extra POST data parameters other than parameters in the tracking URL).

[Kusresa]

Rob, were you able to reproduce the beacon link?

[Rob--W]

I cannot reproduce it. Can you export the request (e.g. with the DevTools, "Save All as HAR") and send it to me?

[Kusresa]

har.zip

[Rob--W]

It looks like a redundant request, but it does not look like a usual tracking URL (but who knows). If I repeat the request, I get the following reply (with curl):

$ curl -vv -X POST -H 'user-agent: Mozilla/5.0 (Linux; Android 7.0; SM-G928F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36' 'https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.collinsdictionary.com/amp/english/car&ved=2ahUKEwiu07iYpoHaAhVIXLwKHdB0APcQFjAEegQIBRAB&usg=AOvSSw0FE_73JZgPSAOGlRZrwhmA&ampcf=1' -H 'Content-Type: text/plain;charset=UTF-8' -H 'Content-Length: 0'
...

> POST /url?sa=t&source=web&rct=j&url=https://www.collinsdictionary.com/amp/english/car&ved=2ahUKEwiu07iYpoHaAhVIXLwKHdB0APcQFjAEegQIBRAB&usg=AOvSSw0FE_73JZgPSAOGlRZrwhmA&ampcf=1 HTTP/2
> Host: www.google.com
> Accept: */*
> user-agent: Mozilla/5.0 (Linux; Android 7.0; SM-G928F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36
> Content-Type: text/plain;charset=UTF-8
> Content-Length: 0
> 
< HTTP/2 200 
< date: Fri, 23 Mar 2018 16:34:34 GMT
< pragma: no-cache
< expires: Fri, 01 Jan 1990 00:00:00 GMT
< cache-control: no-cache, must-revalidate
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=86400
< p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< server: gws
< x-xss-protection: 1; mode=block
< set-cookie: ......; expires=Sat, 22-Sep-2018 16:34:34 GMT; path=/; domain=.google.com; HttpOnly
< set-cookie: ......; expires=Tue, 25-Sep-2018 16:34:34 GMT; path=/; domain=.google.com
< alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
< accept-ranges: none
< vary: Accept-Encoding
< 
<html lang="nl"><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"><title>Kennisgeving voor omleiding</title><style>body,div,a{font-family:Roboto-Regular,HelveticaNeue,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#00c}a:visited{color:#551a8b}a:active{color:red}div.mymGo{border-top:1px solid #bbb;border-bottom:1px solid #bbb;background:#f2f2f2;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style><script nonce="0jTvX8eIzYu4nwSWSvdhQw==">function go_back(){window.history.go(-1);return false;}

function ctu(oi,ct){var link = document && document.referrer;var esc_link = "";var e = window && window.encodeURIComponent ?encodeURIComponent :escape;if (link){esc_link = e(link);}
new Image().src = "/url?sa=T&url=" + esc_link + "&oi=" + e(oi)+ "&ct=" + e(ct);return false;}
</script></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Kennisgeving voor omleiding</b></font></div></div><div class="fTk7vd">&nbsp;De pagina waarop u zich bevindt, probeert u naar <a href="https://www.collinsdictionary.com/amp/english/car">https://www.collinsdictionary.com/amp/english/car</a> te sturen.<br><br>&nbsp;Als u de betreffende pagina niet wilt bezoeken, kunt u <a href="#" onclick="return go_back();" onmousedown="ctu('unauthorizedredirect','originlink');">teruggaan naar de vorige pagina</a>.<br><br><br></div></body></html>

That is a very unusual reply to a beacon request. I would expect a very brief response, such as HTTP 204.

Perhaps this was the original URL under the link, and replacing the link lead to confusion in Google's front-end code? Is this POST request also triggered when you disable my add-on?

The HAR that you shared only includes the beacon request itself. I was hoping to find (1) the search result page (2) the scripts that generate the beacon request and (3) the beacon request itself, so that I can reproduce your thing (even if only by replaying the network responses in my browser).
The next step is to perform an analysis similar to https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-358271012 to find the relation between the clicking/tapping on a search result and the resulting beacon request.

[oxxm]

any chance that this add-on will get activated for the latest version of Firefox on Android? With the newer versions of FF most of the add-ons got deactivated.

[Rob--W]

This add-on will become available when general add-on availability is enabled in Firefox for Android (Fenix).

The first step towards general availability is offering the ability to do so on the bleeding edge version of Firefox, Firefox Nightly (https://play.google.com/store/apps/details?id=org.mozilla.fenix), as announced at https://blog.mozilla.org/addons/2020/09/02/update-on-extension-support-in-the-new-firefox-for-android/

[oxxm]

This add-on will become available when general add-on availability is enabled in Firefox for Android (Fenix).

The first step towards general availability is offering the ability to do so on the bleeding edge version of Firefox, Firefox Nightly (https://play.google.com/store/apps/details?id=org.mozilla.fenix), as announced at https://blog.mozilla.org/addons/2020/09/02/update-on-extension-support-in-the-new-firefox-for-android/

Thank you for your feedback!

[ale5000-git]

I can install add-ons on Firefox on Android but not this one. Why?

[Rob--W]

@ale5000-git See https://github.com/Rob--W/dont-track-me-google/issues/23#issuecomment-699625651 .

[ale5000-git]

I don't want to install nightly.
This add-on is set as recommended Firefox add-on like uBlock Origin, so why uBlock Origin can be installed now and this one no?

[Rob--W]

The list of recommended extensions on desktop is different from the list of available/recommended extensions on mobile.
There is more context at mozilla/addons#14058

[ale5000-git]

According to this comment Don't Track Me Google is currently in Recommended for Android but All recent versions except for the latest one are marked as compatible with Android.

Have I missed something?

[Rob--W]

According to this comment Don't Track Me Google is currently in Recommended for Android but All recent versions except for the latest one are marked as compatible with Android.

Have I missed something?

I did not mark the latest version as compatible because the add-on cannot be installed on Firefox for Android, because (copied from the comment that you quoted):

It is currently not on the latest compatibility collection, unless I'm looking at the wrong one.

What's your confusion about?

[ale5000-git]

Isn't compatibility collection built from add-on data set by you?

Or is there a place where I can vote to have it included?

[Rob--W]

Isn't compatibility collection built from add-on data set by you?

No, it is maintained by the editorial staff of the Add-ons team at Mozilla. The list is necessarily small because there is an implementation limit on the number of add-ons that the collection can contain.

Or is there a place where you can vote to have it included?

Anyone can nominate extensions to this email: amo-featured at mozilla dot org. The collection is currently in a fixed state until further Fenix plans roll out. That said, all received nominations are recorded in case the collection is expanded again.

PS. I am not only the developer of this extension, but I also work at Mozilla as an engineer in this team. I do however not seek nor get preferential treament. Additions in the collection are based on the needs of users.

[Rob--W]

Don't Track Me Google can be installed and used on Firefox for Android starting from next week, as announced at https://blog.mozilla.org/addons/2023/11/28/open-extensions-on-firefox-for-android-debut-december-14-but-you-can-get-a-sneak-peek-today/

I have confirmed that the add-on can already be used on pre-release versions, Firefox Beta and Firefox Nightly.

[bonanza123]

While the add-on can be installed via the collection trick, it is not listed as android add on the Mozilla page. Meaning it cannot be (easily) installed on regular installations.

@Rob--W is there maybe something you can do about it?

[Rob--W]

While the add-on can be installed via the collection trick, it is not listed as android add on the Mozilla page. Meaning it cannot be (easily) installed on regular installations.

Thanks for the reminder. This issue was caused by something that I reported at mozilla/addons#9423 and where I intentionally waited with fixing it manually in case the broken state was needed for investigation. After that issue was closed, it slipped through my mind to fix up the issue manually.

@Rob--W is there maybe something you can do about it?

TL;DR: Done!

I have now explicitly marked the add-on as compatible with Firefox for Android (120.0+ which is the minimum allowed version in AMO, despite the add-on being compatible with version 69.0 and up). I also fixed the desktop compatibility to 68.0 and up (instead of 48.0), because marking the add-on as compatible with Android means that it only works with version 69.0 and later, or (ESR) 68.2.0 and later. Because Firefox does not show the dot version to AMO, AMO has no way of distinguishing version 68.0 from 68.2.0+, so I just marked it as compatible with 68.0 in case anyone onf 68.2.0 or higher wants to install it.

If anyone tries to install the latest version of my add-on (4.28) in Firefox, the following support statuses apply:

• NOT Firefox 68.0 and earlier
• Firefox desktop 69.0+ and ESR 68.2.0+
• Fennec 68.x+ (which is an ancient version of Firefox for Android)
• Firefox for Android 79 - 112 (79 is the first release of Fenix, the latest Firefox for Android)
• NOT Firefox for Android 113 - 119 (because these versions recognize the gecko_android key that declares Firefox for Android support - added in https://bugzilla.mozilla.org/show_bug.cgi?id=1824237, added in version 4.28 of my extension by db36130)
• Firefox for Android 120 and later (as of writing, the current latest version of Firefox is version 125)