Here are more efficient methods to filter URL parameters, but they may break website functionality. A more detailed explanation of these can be read from AdGuard.
If you want to block all URL tracking parameters for one specific website, such as TELUS, add this static filter rule:
||telus.com^$removeparam
If you want to whitelist one parameter on eBay but remove everything else, use this instead:
||ebay.com^$removeparam=~_nkw
If you just want to block all URL parameters, period:
Just throwing an idea out there but maybe one could remove all URL parameters except for whitelisted domains with legitimate parameters i.e. where the domain does actually support some kind of lookup or query via GET parameters (query string) and you trust the domain and you know what the legitimate parameters of that query are.
See my post above yours for a static filter rule with eBay showcasing that exact situation. Also, if you are interested in the nitty gritty details of how most of eBay’s tracking URL parameters work, see these two articles below.
Indeed, much like the recommended method for input sanitation is to use an allowlist rather than a blocklist, I think the same should apply here if there is concern from any person.
It is a common mistake to use block list validation in order to try to detect possibly dangerous characters and patterns like the apostrophe ' character, the string 1=1, or the <script> tag, but this is a massively flawed approach as it is trivial for an attacker to bypass such filters.
Allow list validation is appropriate for all input fields provided by the user. Allow list validation involves defining exactly what IS authorized, and by definition, everything else is not authorized.
Well my strict security practices already presanitize my web browsing experience: I only have Matomo Campaign Tracking; Urchin Tracking Module; and eBay as justified entries for URL parameters. Even then, it is clear that the way I use eBay is pretty limited already, and that I do not use all of the available search filters; what I use right now is enough for my needs, but may be subject to change in the future.
action - Action, used with the value “create” during the “Buy It Now → Check out as guest” process; bypasses the other URL parameters and processes mentioned below
cartid - Cart ID, used during the “Go to checkout → Continue as guest” process
guestCheckoutEligible - The value “true” is used to authorize the “Go to checkout → Continue as guest” process
item - Item ID, used during the “Add to cart” process
srt - ? (maybe something like “Seller Reference Tracker”), required along with the item URL parameter during the “Add to cart” process
This will allow you to buy the item(s) immediately or to add items to your cart for checkout. I have not had any justification to purchase anything from eBay yet to confirm and verify that the entire checkout process works, but I will do so when an opportunity occurs later in the future.
The eBay checkout process works with these static filter rules, although the URL states the transaction has succeeded while the HTML content itself states there is an error. I have received a confirmation email nonetheless, but I may continue to add more whitelisted URL parameters in the future for a more pleasant shopping experience as well as to reassure confidence with the entire process.
_dmd - Allows listings to change between List and Grid View.
LH_ALL - Left Hand All, presents all listings.
LH_Auction - Left Hand Auction, presents all auction listings.
LH_BIN - Left Hand Buy It Now, presents all Buy It Now listings.
LH_ItemCondition - Left Hand Item Condition, presents specified item conditions (New, Used, Not Specified, etc.)
LH_PrefLoc - Left Hand Preferred Location, presents listings specified by country (Canada Only, North America, Worldwide, etc.)
Post-transaction:
itemId - Item ID, used when viewing your order details.
transId - Transaction ID, used when viewing your order details.
itemid - Item ID, used when viewing your order’s tracking information.
transid - Transaction ID, used when viewing your order’s tracking information.
This is good enough for now until I order another product in the future. I am aware that hash is somehow ignoring uBlock Origin, so I will eventually get around to addressing it.
I took a look at their documentation and their rule catalog files.
To briefly compare and contrast between the methodologies:
I use an allowlist, whereas they use a blocklist with exceptions.
My rules are for services outside of Big Tech, whereas their rules are designed for users who directly continue to use Big Tech services (Amazon, Bing, Facebook, Google, Reddit, X, etc).
My eBay allowlist is well defined and fairly comprehensive for guest checkout, whereas their eBay blocklist only blocks 4 URL parameters.
_ssn - Seller Number, used when looking at other products by the same seller.
token - Token, used as a unique identifier when updating email preferences (such as unsubscribing).
Here is an untested value:
sessionid - Session ID, very likely used after completing the checkout process to show your order.
I watched someone else make an order on eBay and noticed the sessionid URL parameter after completing the checkout process, so I am assuming that it is required to display your order. Actual testing is needed to confirm this.
This consolidates and whitelists all LH URL parameters, so now you can use the remaining search filters; I assume that this is the only purpose for them. I could optimize _, item and trans, but I need to carefully examine the URL to determine it is safe to do so.
I may order something with guest checkout sometime soon to confirm that these static filter rules continue to work as intended.
I figured out the issue with the hash URL parameter being ignored by uBlock Origin: since hash includes item as its value, it gets excluded. Here is a temporary solution for that by using two static filters:
I have fully confirmed that these uBlock Origin static filter rules work with eBay’s guest checkout. For reference, here are all of the static filter rules from this thread I currently use:
OK, I’ve looked into your method of cleaning URLs just a little bit. For me, it is outside of my current ability to zero in on the perfect level of blocking the URL tracking data the way you do it. I definitely need a curated (open source) list of URL tracking to be cleaned for me. At least for now, that is best for me.
I do use youtube and sometimes i use google search, ebay, amazon, and even twitter just a very small amount of the time. I actually mostly only use FreeTube over RiseupVPN for my youtube consumption. I also use Odysee and Bitchute also over VPN for other video content.
My thinking about these sites is that I am already logged in, and if ClearURLs blocks some, or most of their URL tracking, then it works good enough for me. I don’t use social media at all, unless you count the once a week I click on twitter. I don’t post on twitter, and I hardly ever comment on twitter. I only singned up after Elon took over twitter. I’m no fanboy of Elon, and I don’t trust him, or twitter, it’s just the only social media that I even use at all.
I found another URL cleaner…
It is also open source so I added the extension next to CleanURLs as a second level of cleaning.
Until I learn more, these two cleaners will be better than me trying to clean by myself.
One thing I considered was to copy their definitions, modify them and post on my own domain and link to them instead. Maybe I could remove their opinions for my own, but at least have a starting point that at least works.
@arkenfox makes arguments against ClearURLs and Neat URL in their user.js wiki:
Instead, they suggest enabling AdGuard URL Tracking Protection, which can be found in uBlock Origin’s dashboard → Filter lists → Privacy. The rules themselves can be found here: