This has absolutely nothing to do with enshittification. Bluesky doesn’t need that redirect to know what you’re clicking on. You’re already on their platform, they can already track every single click that you do while on Bluesky including navigating to outbound links. I’m a bit shocked that nobody here is calling that out to be honest
I don’t know much about how any of this stuff works, so these are honest questions in good faith. But how did Bluesky know, before this change, that I clicked a link? Am I not just telling my browser to visit a website? I don’t really understand how it’s different from me copy-pasting the URL manually.
Am I not just telling my browser to visit a website?
Well yes, but actually no. You are clicking on a link, which, by default, will make the browser visit the website behind the link. But the website that shows you the link can have Javascript code in it, which runs in your browser and can, among other things, “intercept” clicks on anything and change what the clicks are doing.
This is how this redirect is happening in the first place. The links on Bluesky still point to the correct target site, but when you click one of them, JavaScript jumps in and changes the target of the navigation to the redirect domain. This is not necessarily to deceive you, it’s actually a good thing that you can still check the website you’ll end up at before you click, and you can still do things like right-click to copy the link manually this way.
That means that even without the redirect, JavaScript could for example not change the navigation target at all, and just send a tracking event to their servers in the background to let them know you clicked the link. This is how it works for most websites that use analytics. For the normal user this is totally invisible, and this is why I’m saying that bsky doesn’t need the redirect to track you. They could do that in a much less obvious way already. And for all we know, they probably are already doing that, as their privacy policy explicitly states that they can collect usage data like what links you click on.
All of this is pretty standard for any commercial service on the web, btw - knowing what your visitors/users are doing makes it much easier to see where your app might be having issues, what features need to be focused on to be improved, etc. It only gets shady if that data is also used for marketing or sold to third parties. And, to be fair, bsky’s privacy policy doesn’t really prevent them from doing that as far as I can tell. It’s just that all of this was already the case before the redirect, so it’s very unlikely that this specifically is suddenly a sign of oncoming enshittification.
The same way that they know that you clicked on literally anything on their website.
It’s foundational to how the modern internet works (more specifically JavaScript)
For a more visual example, let’s say there is a button that makes an animation or changes color when you hover over it.
That is happening because of code running in your browser that was written by the website that served it to you, in order for the button to know to change, the code must know where your mouse is and if the mouse is hovering over the button.
Your browser, emits ‘events’ which the JavaScript code is able to interact with, these are things like keystrokes and mouse actions. The JavaScript running on the page can very trivially record these actions.
Every single way you interact with a website can be tracked, here is a commercial product that specializes in complete session recording (in theory to see how your users interact with your pages to make improvements: https://mouseflow.com/platform/session-replay-tool/
Indeed. I have no doubt that BlueSky will eventually enshittify given that they are not truly non-commercial, but this is not an example of such a thing.
With JavaScript you can track your precise mouse cursor movements. Many analytics products even offer that as an “session replay” feature to check how a user moved their mouse, or to see heatmaps of where people are pointing to.
Tracking actual clicks is obviously much more trivial.
Yes, you absolutely can, and it’s super simple. Click listeners are one of the most basic things you can do with JavaScript, and there’s nothing special about a elements that would make them not work. The only way to stop it from the user’s side is to disable JavaScript in their browser, but that comes with the downside of the majority of websites and apps just plain not working anymore.
I mean… Sure? They might, or they might not. My point is that pointing to this change as a sign of enshittification doesn’t make any sense, because it’s not changing anything about how they can track and exploit you. There’s nothing there to suggest that this is related to a change for the worse regarding enshittification.
If you want something to point to, take their privacy policy that allows them to collect your usage data and possibly use it for marketing purposes, not a random feature that likely has nothing to do with this.
This has absolutely nothing to do with enshittification. Bluesky doesn’t need that redirect to know what you’re clicking on. You’re already on their platform, they can already track every single click that you do while on Bluesky including navigating to outbound links. I’m a bit shocked that nobody here is calling that out to be honest
FUD is the name of the rage bait game.
A centralized platform did something? Must be bad. The post title primes that reaction.
I don’t know much about how any of this stuff works, so these are honest questions in good faith. But how did Bluesky know, before this change, that I clicked a link? Am I not just telling my browser to visit a website? I don’t really understand how it’s different from me copy-pasting the URL manually.
Well yes, but actually no. You are clicking on a link, which, by default, will make the browser visit the website behind the link. But the website that shows you the link can have Javascript code in it, which runs in your browser and can, among other things, “intercept” clicks on anything and change what the clicks are doing.
This is how this redirect is happening in the first place. The links on Bluesky still point to the correct target site, but when you click one of them, JavaScript jumps in and changes the target of the navigation to the redirect domain. This is not necessarily to deceive you, it’s actually a good thing that you can still check the website you’ll end up at before you click, and you can still do things like right-click to copy the link manually this way.
That means that even without the redirect, JavaScript could for example not change the navigation target at all, and just send a tracking event to their servers in the background to let them know you clicked the link. This is how it works for most websites that use analytics. For the normal user this is totally invisible, and this is why I’m saying that bsky doesn’t need the redirect to track you. They could do that in a much less obvious way already. And for all we know, they probably are already doing that, as their privacy policy explicitly states that they can collect usage data like what links you click on.
All of this is pretty standard for any commercial service on the web, btw - knowing what your visitors/users are doing makes it much easier to see where your app might be having issues, what features need to be focused on to be improved, etc. It only gets shady if that data is also used for marketing or sold to third parties. And, to be fair, bsky’s privacy policy doesn’t really prevent them from doing that as far as I can tell. It’s just that all of this was already the case before the redirect, so it’s very unlikely that this specifically is suddenly a sign of oncoming enshittification.
The same way that they know that you clicked on literally anything on their website.
It’s foundational to how the modern internet works (more specifically JavaScript)
For a more visual example, let’s say there is a button that makes an animation or changes color when you hover over it.
That is happening because of code running in your browser that was written by the website that served it to you, in order for the button to know to change, the code must know where your mouse is and if the mouse is hovering over the button.
Your browser, emits ‘events’ which the JavaScript code is able to interact with, these are things like keystrokes and mouse actions. The JavaScript running on the page can very trivially record these actions.
Every single way you interact with a website can be tracked, here is a commercial product that specializes in complete session recording (in theory to see how your users interact with your pages to make improvements: https://mouseflow.com/platform/session-replay-tool/
Indeed. I have no doubt that BlueSky will eventually enshittify given that they are not truly non-commercial, but this is not an example of such a thing.
So why?
Facebook does the same, even in their own in-app browser to keep tracking you.
I don’t think that is true, iirc you can’t track simple clicks on HTML
aelements.with javascript you can just use an onclick.
With JavaScript you can track your precise mouse cursor movements. Many analytics products even offer that as an “session replay” feature to check how a user moved their mouse, or to see heatmaps of where people are pointing to.
Tracking actual clicks is obviously much more trivial.
Apart from using JavaScript, there’s also a way to track links in HTML
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#ping
TIL, thanks for sharing
Yes, you absolutely can, and it’s super simple. Click listeners are one of the most basic things you can do with JavaScript, and there’s nothing special about
aelements that would make them not work. The only way to stop it from the user’s side is to disable JavaScript in their browser, but that comes with the downside of the majority of websites and apps just plain not working anymore.Just because they have other means of doing link tracking doesn’t mean they aren’t using this link proxying to track stuff.
I mean… Sure? They might, or they might not. My point is that pointing to this change as a sign of enshittification doesn’t make any sense, because it’s not changing anything about how they can track and exploit you. There’s nothing there to suggest that this is related to a change for the worse regarding enshittification.
If you want something to point to, take their privacy policy that allows them to collect your usage data and possibly use it for marketing purposes, not a random feature that likely has nothing to do with this.