When you share a YouTube video using the share button it adds “si=some_unique_code” to the URL. If you don’t remove that it shows your personal account to anyone who receives it so that they can chat directly with you. For a lot of people this is their real name.

I’ve seen it all over Lemmy so I figured I’d mention it here! You only need the stuff before the question mark in the URL to let others see the video.

This can also be turned off in your YouTube settings under the privacy section. The setting is “channel visibility for shared links”. It will still add the si code for tracking though.

  • username@piefed.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    12 hours ago

    I share everything through URLCheck on Android. You can also set it as your default browser to clean every link you click as well.

  • partofthevoice@lemmy.zip
    link
    fedilink
    English
    arrow-up
    16
    ·
    3 days ago

    It should be common practice if you commonly share links. Try removing the query string (everything after and including the question mark). See if you get to the same page. If you do, don’t use the query string.

    Query string parameters are rather often used for tracking. Look for gclid parameters after you click a google ad, for example.

    • Dymonika@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 days ago

      The harder ones to bypass are Facebook and Reddit share URLs, which give zero indicator of their destination; it seems impossible as the recipient of such a URL.

      At least with bit.ly, one can add a + to the end of the URL and see data on it, including the original link (to then safely access without adding to its click counter).

      • partofthevoice@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 days ago

        Yeah, there are always ways… any service could easily generate unique paths that require a server-supplied redirection to the main target. Then the server just needs to stitch up (1) where was that link generated and (2) who arrived at the redirection page. Users would have no way to determine the target link without exposing themselves to being tracked.

        A platform like Reddit can do this too, by replacing the links you put in your comments/post, so they redirect to the original link. They can even make it continue displaying the original link, while actually linking to the redirect page.

        • Dymonika@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          17 hours ago

          Right, I’ve seen Slickdeals and I think Bing eventually take that on over the years: on-mouse-hover shows the original link, temporarily, until you actually right-click and copy, at which point the evil reveals itself lol.

          Hmm… now I wonder if a browser add-on could circumvent the right-click interaction and stealth-copy the originally displayed link… lol, it’s nuts how far into the weeds of privacy our guerrilla warfare has been getting.

  • ∃∀λ@programming.dev
    link
    fedilink
    English
    arrow-up
    32
    ·
    4 days ago

    The frequency with which I’ve seen the si attribute included in youtube links has made me painfully aware of just how many people are not using the internet the same way I do; they’re experiencing the internet through a handful of mobile apps, not through a web browser on the desktop.

  • Rimu@piefed.social
    link
    fedilink
    English
    arrow-up
    113
    arrow-down
    3
    ·
    edit-2
    3 days ago

    YSK PieFed automatically strips that out.

    Edit: posts only, not in comments.

  • chunes@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    ·
    4 days ago

    til people don’t reflexively strip out everything after the ? unless you know exactly what it’s doing

      • MonaySimpson@lemmy.ml
        link
        fedilink
        English
        arrow-up
        9
        ·
        4 days ago

        I’m preeeeety sure PipePipe is the successor. Or atleast a different fork with more updates.

        • Victor@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          4 days ago

          You are correct. Or, rather, not the successor but an independent fork (doesn’t necessarily adopt upstream changes).

          I don’t know what the hell I saw just the other day. I am 100% certain that I read that some GitHub project I was looking at said it was a fork of PipePipe, or in reverse, that “you should use NewPipe as it supersedes this repo”.

          🤨 I need to dive into my browser history…

          Edit: ah! It was PipePipe! I just misinterpreted this line:

          NewPipe, reimagined: faster, more stable, and packed with more features.

          I took this to mean:

          NewPipe is a reimagined fork of this project, which is faster, more stable, and packed with more features.

          🤦‍♂️💁‍♂️ D’oh.

  • The Velour Fog @lemmy.world
    link
    fedilink
    English
    arrow-up
    35
    ·
    4 days ago

    I remember telling this to people on reddit and getting downvoted to oblivion while redditors squawked “who tf cares bro”

    • asmr@feddit.nl
      link
      fedilink
      English
      arrow-up
      5
      ·
      4 days ago

      We set up a bot on r/asmr to reply to anyone posting a YouTube link containing the “si=” parameter, warning that it was likely a tracking ID that Google could potentially use to tie their YouTube account to their Reddit account with some degree of probability and suggesting that they delete their post and re-post without the si= parameter. Many were grateful for the warning and info but some didn’t care. We decided to disable the warning after a few weeks.

  • Victor@lemmy.world
    link
    fedilink
    English
    arrow-up
    37
    ·
    4 days ago

    Always remove those search parameters before pasting links, even to my friends. F—k these big tech platforms, I’m not giving you any sharing data!

    • Crescent@fedinsfw.app
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      4 days ago

      Same here, the awful thing is if they click on it, they cannot see the comments under the video and can only “reply” to you. Not sure what that should do, since the link has already been shared.

  • daniskarma@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 days ago

    You should also known that TikTok does this by default and the generated code is impossible to remove afaik, it’s part of the video identifier.

    So when sharing a tiktok video always download it and share the file.

    • irelephant [he/him]@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 days ago

      I recommend downloading it anyway, since that doesn’t require people to use tiktoks site, but if you paste the vm link yourself into a browser, it’ll redirect to the canonical link, without the tracker.

  • JordanZ@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    4 days ago

    Along similar lines be careful of the images you post if you location tag your photos. A lot of the larger websites will strip the location data by default but some do not. I’ve saved a handful of photos from reviews off the internet and now have people’s home addresses where the photo is of the product in their living room or whatever.

    If you go to the ‘map’ section of your photos app it arranges them by location.

    You can turn location tagging off globally when photos are taken or usually when you go to share a photo there is an option buried in a menu to strip location data(on mobile).

  • AlteredEgo@lemmy.ml
    link
    fedilink
    English
    arrow-up
    21
    ·
    4 days ago

    It would be great if link cleaning and auto-mirroring was part of the lemmy UI itself.

    • schnurrito@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      18
      ·
      4 days ago

      The problem is that there is an almost infinite way to design these kinds of URLs, so maintaining a database of what should be stripped out isn’t trivial.

    • locuester@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 days ago

      Yeah, would be best within particular client implementations. Not core Lemmy tho. Too many ways to do this and high maintenance.

    • ExperimentalGuy@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 days ago

      I think that would probably be a client implemented feature, not a Lemmy one. I also don’t design social medias, so I don’t really know.

      • AlteredEgo@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 days ago

        Yeah “lemmy-ui” is the official web app for lemmy. There might be other web frontends or clients that already do this.

  • cereals@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    31
    ·
    4 days ago

    On android, urlcheck is a great app to modify URLs before sharing or opening. For this problem, you can use the json editor, and add the following two entries with small a regex I wrote:

      "shorten Youtube": {
        "regex": "^https?:\/\/(?:[a-z0-9-]+\\.)*?youtube\\.com\/(.*)&.*",
        "replacement": [
          "https:\/\/youtube.com\/$1"
        ],
        "enabled": true
      },
      "shorten Youtu.be": {
        "regex": "^https?:\/\/(?:[a-z0-9-]+\\.)*?youtu\\.be\/([^?]*)?.*",
        "replacement": [
          "https:\/\/youtube.com\/watch?v=$1"
        ],
        "enabled": true
      },
    

    A button to shorten the link appears in urkcheck when the pattern matches. You can all auto shorten them by replacing “enabled”: true
    With
    “automatic”: true

    • codapine@lemmy.zip
      link
      fedilink
      English
      arrow-up
      6
      ·
      4 days ago

      Wow. This is awesome. Thank you! I will have to see if the dev has a donate button.

      FWIW I had to noodle with the spacing of your json after copying from Lemmy (Voyager android app) but I got it to work. Thanks for sharing!

    • Null User Object@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      4 days ago

      That’s a great extra layer of protection, but people shouldn’t rely on it and get/stay in the habit of always removing the tracking code themselves.

      • Buddahriffic@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 days ago

        Yeah, it’s easily possible to set it up to save the original link somewhere hidden. Same reason why you shouldn’t reuse passwords because it’s trivial to set up a site to look like it’s doing it right from the outside but actually saves all passwords in plaintext for owners, admins, or disgruntled staff to look at later and see if it logs in to your email.

  • asmr@feddit.nl
    link
    fedilink
    English
    arrow-up
    9
    ·
    4 days ago

    Since 4 March 2026 I am seeing “is=” in some YouTube links instead of “si=”, also with the 16 character ID.

  • Krompus@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 days ago

    FYI on desktop you can right click on the video and select “Copy video URL”, it doesn’t include the tracker string. Wish they’d let us remove it from the Share button, I’ve simply removed that button with uBlock Origin.

    It’s also missing from my patched YouTube app’s Share on Android, not sure if that’s one of the patches.

    • Dymonika@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 days ago

      Yeah, that’s certainly a patch. NewPipe, PipePipe, etc. all also remove ?si=.