Automating Privacy: Building Trackless Links for Safari with declarativeNetRequest
These articles are AI-generated summaries. Please check the original sources for full details.
Trackless Links: Building a Safari Extension for Automatic URL Cleaning
Alexander Loth developed Trackless Links to intercept and clean URLs before they reach destination servers. The system utilizes Safari’s declarativeNetRequest API to process a ruleset matching dozens of tracking patterns on-device.
Why This Matters
Tracking parameters serve as persistent identifiers that link user activity across platforms, often leaking context during link sharing. Trackless Links moves privacy enforcement to the edge by using native content blocking APIs, ensuring that matching logic happens within Safari’s process without external dependencies. This technical implementation eliminates the latency and privacy risks associated with cloud-based URL cleaning services while maintaining a minimalist footprint.
Key Insights
- Trackless Links utilizes the declarativeNetRequest API to strip parameters like utm_source and fbclid before server requests occur, 2026.
- On-device processing ensures Safari’s content blocker handles URL matching natively, avoiding external dependency risks.
- The extension incorporates the CRED-1 dataset, featuring 2,672 domains with five independent trust signals for site flagging.
- CRED-1 is based on doctoral research on AI-driven disinformation at Frankfurt University of Applied Sciences, 2026.
- The tool supports major tracking patterns from platforms including Facebook (fb_action_ids), Google (gclsrc), and TikTok (ttclid).
Working Examples
A typical tracked URL containing multiple marketing and platform-specific parameters.
https://example.com/article?utm_source=twitter&utm_medium=social&utm_campaign=spring2026&fbclid=IwAR3x...The cleaned URL after stripping tracking baggage.
https://example.com/articlePractical Applications
- Use case: Privacy-conscious browsing on iOS and macOS to prevent cross-site tracking via URL decoration.
- Pitfall: Manual URL cleaning is prone to human error, resulting in shared links that still contain unique tracking identifiers.
- Use case: Identifying low-credibility domains using the CRED-1 dataset integrated into the Safari extension.
- Pitfall: Relying on cloud-based URL cleaners can expose browsing history to the service provider; on-device processing mitigates this.
References:
Continue reading
Next article
Mastering Grafana: A Technical Guide to Open-Source Monitoring and Observability
Related Content
Automating Policy-Gated Releases: Building SwiftDeploy for Observable DevOps
SwiftDeploy evolves into a policy-gated system using OPA to block releases if disk space is under 10GB or error rates exceed 1%.
Building 22 Serverless Dev Tools: A Zero-Backend Architecture Guide
Developer TateLyman built 22 client-side utilities using Next.js 14 and Web Crypto API to eliminate data tracking and achieve zero-cost hosting.
OpenAI Privacy Filter: Building a Production PII Redaction Pipeline
Learn to implement a production-grade PII detection pipeline using the OpenAI Privacy Filter to automatically identify and redact sensitive data like API keys and personal addresses.