Facebook Redirect Fixer

Reclaim your privacy


There's a reason why Facebook is free. Every time you post a status update, upload a picture or click a link, facebook stores that information and uses it for targeted advertizing.

Facebook Redirect Fixer helps stop facebook from knowing which external links you click (and visit) on their website. I recommend using Facebook Redirect Fixer (for protecting your browsing habits) in combination with Privly (for protecting your content) to reclaim your privacy on facebook.

How does it work?

To understand how Facebook Redirect Fixer works, it's important to understand how facebook collects your data.

When you click on an external link on a regular website, your browser connects directly to the external link. However, when you click on an external link on facebook, your browser is instructed to connect to a facebook server which first logs the website that you're trying to visit and then requests your browser to visit the external web page. For example, every external link you click on facebook takes your browser to this page:

http://www.facebook.com/l.php?u=[the website you want to visit]&h=[SecurityCode]

  • The code present in l.php on facebook.com stores the website against your account name in their internal database.
  • u is a parameter sent to l.php which contains the website that you intend to visit.
  • h is a parameter sent to l.php which contains a security code. If this code is not present or is incorrect, facebook will display a message that looks like this:

Facebook external link warning

Facebook also uses this redirection service as a security measure to warn users about potentially visiting a harmful website. If you share a link to one of your friends, a security code is sent as the h parameter to l.php so that the warning shown above is bypassed.

This is a great feature from a security standpoint, but it comes at the cost of privacy. Unfortunately, it gets much worse.

Since the only way for facebook to ensure that it knows which websites you click is to format every external link to look like the url in the address bar in the screenshot, it must change the actual location of the link you share. But if it does that, a user would know where a URL is really pointing to simply by hovering your mouse over a link and looking at your browser tooltip for the actual location of the link. "For your convenience", facebook adds the following event handlers for every external link that you post on facebook. Click the thumbnail too see the details.

Facebook redirection swap

Facebook Redirection Fixer removes any redirection attempt on facebook using an injected script. Since there usually are quite a lot of external links on facebook, this redirection killer only activates when you hover your mouse over a link to avoid causing performance problems.

Where do I get Facebook Redirection Fixer?

Can I really trust this extension?

Yes. The source code for Facebook Redirect Fixer is available on GitHub for each browser so you can see how it really works.

Can I use your source code to create browser extensions to fix redirections on other websites (like Google, Twitter, etc.)?


Known Issues

  • None at the moment. Let me know if you find something.