What is a URL? – The letters “URL” stand for “Uniform Resource Locator” which is essentially an address for one particular web page. Every page has a different, unique address, or URL. We tend to be almost blind to links (URLs) because we don’t have to see them. Links are meant for clicking. Browsers hide all but the domain name from us and sneaky tracking redirects happen without our knowledge. Sometimes we literally put our business in danger because we don’t pay attention to links. Very often we are compromising our privacy by not viewing embedded email links before clicking them. You owe it to the safety of your business to understand what you are clicking on and where it is taking you before you click that link. If you are uncertain what it all means, we’ll break down the basics here.
All the Bits & Pieces of a URL
To understand what a URL is and what you are clicking – let’s take a closer look at the elements that make up URLs. But first – where is it? Some of us pay no attention to that link at all, but after the click, the final URL is visible in your browser address bar, at the top of your browser window. (Safari, Chrome, Firefox are most common browsers)
https:// – Most links or internet addresses begin with these odd letters, which stand for “Hypertext Transfer Protocol Secure”. The most important letter there is that final “S” which stands for “secure” and is an encrypted version of a page or document that nearly all websites have adopted. Look with suspicion on any link missing that final “S”. Browsers such as Apple Safari or Google Chrome show a lock in the address bar which allows you to click the lock to find out more about the security of the website you are on.
www. – Those three w’s are not necessary in most cases. You’ll find that if you leave the www. off, the website nearly always handles things behind the scenes whether you use www. or not. Not everyone knows this as you’ll still hear advertisers or newscasters say “double-u, double-u, double-u.domain.com” because they believe it is required. It’s not. You can usually ignore www and still land on the website where you expect to go. Those three w’s that often lead a web address or URL represent a subdomain. Subdomains are extensions of a website which are used for varied purposes, such as Google Docs (docs.google.com), GMail (mail.google.com), or Google Play (play.google.com). Suffice to say, the www is a holdover from the early days of the internet and many sites are dropping them (by technical means we won’t get into here).
domain name – If you own a website, you are more likely to understand a bit more about domain names because you have purchased one that represents your business name or company name. You can purchase a domain name here if you haven’t yet launched your business website. Our very own Website101.com domain name was first purchased back in January of 1999 to present tutorials (like this URL tutorial) for small business. Domain names are reserved for periods of time ranging from 1 year to 10 years and must be renewed continuously in order to keep control of that name.
Top Level Domain or TLD – .com, .net and .org, are all common TLDs, but you may have noticed that there are many more available (Here’s a complete list of all TLDs). We won’t go into all of them, but you may have seen several more, including .me, .io, .co, .edu (accredited Colleges and Universities only), .gov (U.S. government only), and country domains like .in (India), .co.uk (United Kingdom – limited to U.K only), .us (United States – available to all). There are literally hundreds of Top Level Domains. If you take note of those TLDs before visiting – you may save yourself time by avoiding risky sites based in Russia (.ru) or Pakistan (.pk). Or, if you don’t speak the language, it may help to know to expect Japanese at .jp web site TLDs or German at .de (Deutschland) TLDs.
Query Parameters – This is where things get complex for URLs. Many things can be determined if you simply look at the URL to take note if there are query parameters, usually following a question mark in a URL. We’ll discuss that further below, but let’s first figure out how to view query strings at the end of URLs. Why would it be difficult to see them? There are a few reasons, but the most common are because they are often encoded as hyperlinks under text, images or buttons in emails or on websites and clicking them takes you to the linked page without you seeing that URL at all. Secondly, browsers don’t display the full URL unless you click in the address bar to view them. Finally, your browser doesn’t show you when you’ve been redirected from one place to another, but it happens routinely. After a redirect, you are seeing a different URL than you clicked to get there. There are browser extensions that will show them to you after-the-fact if you want to watch that sneaky tracking take place.
How to View Embedded Links – On a desktop computer, using a mouse, while viewing an email, hover over a link and simply right-click and hold for a pop-up menu with a list of choices. Those choices will vary depending on your computer, browser or operating system, but among the options is usually “Copy Link” which allows you to paste the link into the address bar of your browser or to share in an email or document. (Touch screen tablets and phones allow you to touch and hold to get the same drop-down menu, rather than tapping links.) The first thing you’ll notice when you try right-clicking and copying links in emails – is that when you paste the link into an address bar or document, that it doesn’t point where you thought it would, but instead is a long string of tracking data that sends you first to a tracking site, sets cookies, records link information from that link, and finally, redirects you to the expected destination. You won’t see this happening if you just click the link because it happens too quickly to perceive it. Some email clients (or webmail sites) allow you to simply hover your mouse cursor over email links and see the destination URLs.
Why Look at Links? Tracking, Redirects, Downloads, Danger
There are multiple ways to link from one page on a website to another page or another website. If you don’t know where a link will take you, then you are trusting the website or the email you received to send you to a safe website. But it also raises your awareness of the level of tracking that is going on. A simple example is to go to Google and do a search for anything that interests you, then right-click the link of your choice among those results and copy that link. What you’ll see is that Google wants to track your search query, which link you clicked and where you are going. Here’s an example of one of the search results from a Google search for “URL Tracking“:
Tracking Data – The first thing to notice above is that red question mark following google.com/url?, which is followed by query parameters Google uses to track details of your search and record which link you clicked on of the ten organic results available on the page. If you clicked on a paid search ad, the tracking is shared with the advertiser, if you clicked an organic result, Google records your search query and uses it to adjust and customize the type of results they serve to you in future searches. They’ll also use that click to adjust their algorithm for searches done by others. What you click alters, by a tiny fraction, how Google ranks things for others. The fascinating thing is the number of things tracked. Finally, Google sends you to the site you wanted after recording all of that data.
Dangerous Email Links – The fact that all that tracking, recording and redirecting is going on without your knowledge can present some danger to anyone unaware that clicking a link can send them to unsafe or even dangerous web sites or trigger downloads of malware. That simple click can easily grant access to hackers if the email is malicious. This is why you’ve probably heard (workplace security recommendations) or the warning from your employer NOT to click on links in emails. That is how hackers gain access to company data and install ransomware to shut down business web sites to hijack and lock down servers and demand ransom to decrypt and release company data. If you carefully view links before clicking them, it may prevent financial loss to your business.
Privacy Concerns – Now that you’ve reviewed the basics of tracking URLs and redirects – consider taking a look at a few email newsletter links from things you subscribe to. It can be literally any nationwide company or online industry newsletter. Right-click a link within that newsletter, copy the link, paste into your browser address bar and look at the domain name there. If the company is using their own tracking and redirects, you’ll see some indicator in the URL like a subdomain named track.company.com/url? or tracking may be outsourced to the email provider, which can be an entirely unrecognizable domain, but it will often include “track” or “redirect” in the URL and if not in the domain, then in query parameters following the question mark or among many ampersands (&) which separate several elements such as your email address, encoded demographics, your IP address location, which link you clicked and your profile.
Hack That URL For Privacy – If you’d like to visit linked pages without being tracked, you can hack the URL to remove the tracking elements. If you see bits of the page you’d like to visit and want to go there without being monitored, simply copy that portion of the URL which takes you to a destination while removing the stalker query parameters. This is a little difficult sometimes if the URL includes a lot of subdirectories because those must be URL encoded by replacing slash mark “/” with the three characters “%2F”. Separately, you’ll notice that what follows the https “://” looks messy with “%3A%2F%2F”. You’ll recall earlier that you can drop https://www from most domains and it will still work. So remove it and copy from the expected domain name and everything up to the inevitable question mark. Then remove everything after the question mark, and finally, replace every remaining “%2F” with a single slash / mark and then hit “enter” or “go” in your browser. No tracking happens now. You are now a privacy hacker. 🙂
You are now armed to understand how much tracking is done within URLs you click, that redirects, cookies and stalking is going on when you click on embedded email links and that you can stop that tracking if you want to hack those URLs. A bit more safety and privacy can be yours if you want it. At the very least, you now know what was happening without your knowledge before you read this tutorial. Share this URL tutorial with your business team.