There are a few things we cyborgs need to know to stay safe online—and as a developer I've seen this particular topic cause a lot of confusion, it's also less talked about even among technical people.
We all know what a URL is: it's that thing you put in the bar at the top of the browser when you want to go to a specific website (youtube.com, notdefined.tech, etc.).
It's also how you get to a site by clicking a link on a page or in an email. However, it's those links that you click that are a little bit different (usually) than the ones that you type out.
How much more often do you see a huge URL full of garbled words and characters than a simple link with just the domain name?
https://www.notdefined.tech/?21968109=hlw&s5m0p507=7FDf2a5sdfY937tE3Vjh93W&Type=Upload%20File&Project+Title=Upload+file+to+library&Brand=BRAND&Description=See+attached
vs.
https://www.notdefined.tech/
The difference is that the first URL above has URL parameters. These give URLs extra powers for the website owners and can also clue you in on potential risks or privacy concerns.
For the sake of your security, if nothing else gained from this email, please, please read your URLs before you click on them.
Did you know?
Hover over links in your browser and it will show a little box at the bottom of the screen so that you can read the URL before you click.
Here are some tips to reading the URL and we'll look at how these URL components work for or against you.
How to Read URLs
Secure Connection
We've got a couple of parts at the very beginning:
https:// or http://
This is called the protocol and the only difference between the two examples is the s in https. People will tell you the s stands for secure, and that's true, but that doesn't mean "safe." Secure simply refers to encryption the site uses as you and the website send data back and forth.
Make no mistake, you want to be visiting websites with that s in the https, but you must keep reading the URL to make a better determination of safety.
Domain Name
Next, we have the domain name:
www.notdefined.tech
It's the name of the website. It's the most recognizable part and often gives you a good indication of where you are headed.
This is where scammers get tricky. It's a common phishing scam to get domain names that are super close the real domain of a popular website to trick you into using the scam site.
Can you spot the wrong domain?
arnazon.com amazon.com
Structure
After the domain, we have the page structure or path:
/blog/how-to-read-urls/
This is your wayfinder inside the website—in fact it acts the exact same way your computer's file structure, though the File Explorer / Finder often hides the path or makes it less prominent. The internet is just a bunch of documents within folders (technically).
The path can help you understand what kind of content you are accessing. For example, /blog/ means you're looking at blog content, while /products/ would be a section of the site that lists the products available.
The vast majority of sites follow a logical page structure, starting with a large topic and followed by related, more specific sub-topics:
/<content-type>/<specific-content>/
/food/pizza/
/food/pizza/new-york-style/
Use this part of the URL to orient yourself—are you in a deep topic (maybe you see several / with multiple topics or content types)? Are you on the home page (no words surrounded by /)?
Parameters
Then come the URL parameters:
?subject=See+attached
When you see the ? you know that you’ve reached the end of the actual URL and everything after that is extra information.
Pro tip: if you want to subvert a marketing team, you can just copy the link you want to visit, then delete anything after the
?in the URL, then put it in your browser. It's a lot of work, but it may be worth it in certain cases.
They are often used to track information about your behavior or where you came from, and they can also pass data between pages. URL parameters can contain sensitive information such as session IDs, which can be exploited if shared or exposed.
Usually, though, these parameters are more likely to do with marketing. For example, you may see UTMs frequently in URLs:
?utm_source=facebook&utm_campaign=new+york+pizza
This means you can read your URL and discover what companies are tracking and what might be useful to know for your own privacy. The example above can be read:
"This URL was found on Facebook (utm_source), and was a part of the New York Pizza campaign (utm_campaign)"
There are 5 typical UTMs:
- utm_source: Identifies the source of traffic, like a search engine, a newsletter, or social media site.
- utm_medium: Describes the marketing medium, such as email, CPC (cost-per-click), or social.
- utm_campaign: Names the specific campaign that's running (e.g., summer_sale, product_launch).
- utm_term: Used for paid search to note the keywords for an ad.
- utm_content: Differentiates similar content or links within the same ad. For example, if you have two links in a single email, you can use utm_content to tell which of them was clicked.
Extra Powers
One thing to note is that if you see the utm_ parameters, you know that it's a marketing link. However, sometimes websites will use other parameters to unlock content, perform special actions, or make it possible for you to automate certain things.
For example, I have created several links that will auto-fill a request form in my project management software at work. All I had to do was read the URL and figure out the patterns that the software uses—turns out if I put parameters with the same name of the form field, I could have it open a form with pre-filled content, making it faster to make certain requests.
Here's an example you'll run into all the time: search!
Say you're looking for my YouTube channel, so you go to YouTube and search for not defined tech. You'll be sent to this URL:
https://www.youtube.com/results?search_query=not+defined+tech
You can see the words you typed in the search bar are now inside the URL.
FYI: spaces break URLs, which is why the spaces have been replaced with + in the URL.
CYBORG
I know this is a very technical email, and I'm very impressed you made it this far—I hope I didn't bore you to death.
I do think that understanding this is pretty important, even if you don't see yourself as a technical person, because you are using the internet.
Understanding a bit more about the things we use every day can help us avoid tricks and scams, but can also help us make sense of new information as you surf the web.
One more special treat for those who made it to the end:
Shortcut Setup
If you're dying to automate something with URL parameters, you can set up a search shortcut in Chrome:
Go to this URL (you'll notice it's a little different than normal—it's your computer's specific chrome settings): chrome://settings/searchEngines
You should see a page similar to this:
Click the "Add" button inside/near the "Site Search" section. We're going to set up a search shortcut so that you can quickly search YouTube without having to go to the site, find the search bar, and type in your search.
We'll fill out the pop-up form like this:
Name: YouTube
Shortcut: yt (this can be whatever you want to type in the URL bar for this shortcut)
URL with %s in place of the query: https://www.youtube.com/results?search_query=%s
You'll remember from the example we looked at earlier that YouTube's search URL looked like this:
https://www.youtube.com/results?search_query=my+search+here
What this shortcut does it takes whatever you type in the URL bar and puts it where we inserted %s which is the placeholder Chrome is looking for.
How you use the shortcut
Now that we've added our shortcut, we can type the shortcut we set in the URL bar in Chrome:
Hit the TAB key and the URL bar will change to say "Search YouTube":
Now you can type something you want to search as though you were already on the YouTube site in their search bar. You can use spaces here, Chrome will take care of converting it to a URL-safe parameter, so you don't have to worry about that.
Hit ENTER and you'll go straight to the search results page:
Rinse and repeat for any other search site you use frequently!