[Cryptography] Digression: "Letterlocking" and URLs and avoiding the spread of surveillance

Jon Callas jon at callas.org
Thu Jul 18 18:22:57 EDT 2019



> On Jul 18, 2019, at 10:26 AM
> 
> Fascinating story about physical security of communication in the pre-industrial world.
> 
> https://www.atlasobscura.com/articles/what-did-people-do-before-envelopes-letterlocking?utm_source=Atlas+Obscura+Daily+Newsletter&utm_campaign=7f707c590c-EMAIL_CAMPAIGN_2019_07_18_Not_NYC&utm_medium=email&utm_term=0_f36db9c480-7f707c590c-63217145&ct=t(EMAIL_CAMPAIGN_07_18_2019_Not_NYC)&mc_cid=7f707c590c&mc_eid=8437a3c9e4

List, I have a request for the future about pasting in URLs: please clean them up from tracking things.

I apologize for taking a specific previous post as my example here, but it's the proximate case for us. I, too, am a sinner too on this front. I try to do what I'm going to describe below and am often successful at it. Perhaps even usually successful.

Many URLs come with marketing tracking information in them. The base URL is everything up to the question mark, for example:

https://www.atlasobscura.com/articles/what-did-people-do-before-envelopes-letterlocking

And if you click that you get to the site and everything is copacetic. I ask that when you send a URL, you simply cut off the question mark and everything after it. Bonus points for verifying that it still works. QA is important. That's it. Please and thank you. Please do this all the time, but especially here on Cryptography.


=======

Yet let's look at what we trimmed. The rest of the URL is tracking information. Let me decompose the pieces:

utm_source=Atlas+Obscura+Daily+Newsletter
utm_campaign=7f707c590cEMAIL_CAMPAIGN_2019_07_18_Not_NYC
utm_medium=email
utm_term=0_f36db9c480-7f707c590c-63217145
ct=t(EMAIL_CAMPAIGN_07_18_2019_Not_NYC)
mc_cid=7f707c590c
mc_eid=8437a3c9e4

The first piece tells us the it came from the Atlas Obscure Daily Newsletter (duh), and I too get the daily newsletter. Great to see another lover of Atlas Obscura.

In the second one, the hard work of Captain Obvious tells us that there's some hex stuff that's interesting in that it's 36 bits, not obviously ASCII or UTF-8, and wow, an email campaign for people not in NYC. I clicked on the link in my own email blast and this string was the same for me as it is here. So it's probably the lookup tag for this campaign.

I'll leave the meaning of the third one as an exercise for all us readers.

The fourth one has that previous string surrounded by two other strings. Interestingly, the prefix 0 has an underscore as a separator and the rest of it in dashes. I think this tells us something about the development practices of the organization that made it.

That first string, f36db9c480, is the same in my URL, so I presume it is also something global at least across the campaign, too. The third digit string, 63217145, is interesting in that it's not obviously hexadecimal. The one in my URL is similar in that it starts with 629 rather than 632 and also appears to be decimal. I'm going to guess that it's an account number or something like that.

The fifth, "ct" element is so redundant that even Captain Obvious moves on.

The mc_cid element is our old pal here for a third time, and I'll guess that it's a Campaign ID.

The last mc_eid, and probably the ID of something starting with the letter E.

On my URL, my mc_eid was different from this one, but it was the same across another link in the same email, and also the same in an email from July 16 to me as well. I'm going to guess that it's an opaque token for my email address, on no other basis than the invariance in my case and that email starts with an "e".

When I look at a URL from the July 16 email I received, the mc_cid is different, which I suspect, as it's a different campaign. The mc_eid is the same, as I mentioned before. The campaign string is "EMAIL_CAMPAIGN_07_16_2019_Not_Chicago" which is interesting and leads me to guess that they're doing some sort of A/B testing across metropolitan areas. The thing I guessed was an account number (starting with 629 for me) was also constant across the two emails.

Thanks for reading this far. Again, please clean up URLs by deleting from the question mark forward. Please do it everywhere, but especially here.

	Jon




More information about the cryptography mailing list