How to Stop Social Media Platforms From Tracking You When You Share Posts
When you hit the share button on social media apps such as Instagram, Facebook, or Threads, these sites tack on a tracker to the link you're sharing. This tracker means that Instagram can tell who you've shared the link with, and it likely uses this information to further optimize its algorithm for ads. While the tech here is sneaky, it is easy to remove tracking information from these links.
How do social media tracking links work?
It's actually pretty easy to spot a link that has trackers. To check it out, copy the link to any Instagram post and paste it somewhere safe, like your notes app. A normal Instagram link looks like this:
The same link with tracking has a bunch of additional characters at the end:
Every character after that ? is used to identify that your profile shared the link. While this example highlights Instagram, the same thing happens on many other apps and websites. Facebook, Threads, Reddit, YouTube, Amazon, and many others use some kind of tracking parameters in links to see how people arrived at a certain post or a page. These trackers have some legitimate use cases, such as tracking affiliate links to pay commissions or keeping tabs on social media traffic.
In some cases, however, these tracking links serve no purpose other than to identify who shared the link with you, and who you're sharing links with. That can be used to identify people you're close to, which in turn, helps social media giants deliver targeted ads to you and your friends or loved ones. It can also compromise your privacy, since someone opening your link will see your account was the one to originally share it—even if you don't share that link directly with them.
How to remove tracking links
The easiest way to remove tracking links is to manually delete the tracker from the URLs. This is quite easy to do on desktop browsers, where you have larger screens that let you see and delete tracking parameters from long URLs. In the case of Instagram, you can safely delete the part after the ? in most URLs. The same often applies to links from other social media sites too.
To automate this process on desktop, you can use the built-in Copy Clean Link feature in Firefox, as well as similar features in browsers like Brave. Just right-click any link and select Copy Clean Link to remove its tracking parameters. You can also use uBlock Origin to remove tracking from URLs. In the extension's settings, go to Filter lists and enable URL Tracking Protection. The ClearURLs extension for Firefox or Microsoft Edge used to be a good option here, but it hasn't been updated in a while, and it may break some links, so I'd recommend avoiding it.
If you have an iPhone, you can install the Anonymize Meta Sharing shortcut, which removes tracking parameters from Facebook, Instagram, and Threads links. Just copy the link, run the shortcut, and it'll give you a tracking-free version of the same URL. If you're on Android, or want an alternative on iOS, there's also a simple website called URL Clean that removes tracking from links. You can use it to remove some kinds of tracking, but you should note that it breaks some URLs.
via Lifehacker (author: Pranay Parab)
When you hit the share button on social media apps such as Instagram, Facebook, or Threads, these sites tack on a tracker to the link you're sharing. This tracker means that Instagram can tell who you've shared the link with, and it likely uses this information to further optimize its algorithm for ads. While the tech here is sneaky, it is easy to remove tracking information from these links.
How do social media tracking links work?
It's actually pretty easy to spot a link that has trackers. To check it out, copy the link to any Instagram post and paste it somewhere safe, like your notes app. A normal Instagram link looks like this:
https://www.instagram.com/reel/DVrMKVVAaBi/The same link with tracking has a bunch of additional characters at the end:
https://www.instagram.com/reel/DVrMKVVAaBi/?igsh=cGd5cGx4enJmcThuEvery character after that ? is used to identify that your profile shared the link. While this example highlights Instagram, the same thing happens on many other apps and websites. Facebook, Threads, Reddit, YouTube, Amazon, and many others use some kind of tracking parameters in links to see how people arrived at a certain post or a page. These trackers have some legitimate use cases, such as tracking affiliate links to pay commissions or keeping tabs on social media traffic.
In some cases, however, these tracking links serve no purpose other than to identify who shared the link with you, and who you're sharing links with. That can be used to identify people you're close to, which in turn, helps social media giants deliver targeted ads to you and your friends or loved ones. It can also compromise your privacy, since someone opening your link will see your account was the one to originally share it—even if you don't share that link directly with them.
How to remove tracking links
The easiest way to remove tracking links is to manually delete the tracker from the URLs. This is quite easy to do on desktop browsers, where you have larger screens that let you see and delete tracking parameters from long URLs. In the case of Instagram, you can safely delete the part after the ? in most URLs. The same often applies to links from other social media sites too.
To automate this process on desktop, you can use the built-in Copy Clean Link feature in Firefox, as well as similar features in browsers like Brave. Just right-click any link and select Copy Clean Link to remove its tracking parameters. You can also use uBlock Origin to remove tracking from URLs. In the extension's settings, go to Filter lists and enable URL Tracking Protection. The ClearURLs extension for Firefox or Microsoft Edge used to be a good option here, but it hasn't been updated in a while, and it may break some links, so I'd recommend avoiding it.
If you have an iPhone, you can install the Anonymize Meta Sharing shortcut, which removes tracking parameters from Facebook, Instagram, and Threads links. Just copy the link, run the shortcut, and it'll give you a tracking-free version of the same URL. If you're on Android, or want an alternative on iOS, there's also a simple website called URL Clean that removes tracking from links. You can use it to remove some kinds of tracking, but you should note that it breaks some URLs.
via Lifehacker (author: Pranay Parab)
The Voice Training Log on My Coros Watch Has Changed My Workouts for the Better
via Lifehacker (author: Beth Skwarecki)
via Lifehacker (author: Beth Skwarecki)
Telegraph
The Voice Training Log on My Coros Watch Has Changed My Work…
We may earn a commission from links on this page. The feature I love most on the Coros Pace 4 right now is one that I didn’t even notice at first. I knew that it had an extra button compared to the Pace 3, and I knew that I could use it to drop “voice pins”…
Amazon Will Give You a $200 Gift Card When You Buy the New Samsung Galaxy S26
via Lifehacker (author: Daniel Oropeza)
via Lifehacker (author: Daniel Oropeza)
Telegraph
Amazon Will Give You a $200 Gift Card When You Buy the New S…
We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication. It hasn't even been a month since Samsung announced the new Galaxy S26 lineup of phones, and the flagship version, the Galaxy S26…
Update Chrome Immediately to Fix This Zero-Day Exploit
If you're a Chrome user, this is your reminder not to ignore available security updates. Google is pushing an emergency patch for a zero-day vulnerability that has been exploited in the wild, and a second zero-day has been identified and is expected to be fixed in a future update.
As a reminder, zero-days are security vulnerabilities that have been actively exploited or publicly disclosed before the developer releases an official fix. These latest Chrome bugs are the second and third zero-days addressed so far in 2026—Google patched the first back in February.
What this Google Chrome patch fixes
The vulnerability addressed with the current update is labeled as CVE-2026-3910 and is an inappropriate implementation in V8, Google's JavaScript and WebAssembly engine. The flaw was reported by the Google Threat Analysis Group on March 10, though no additional details as to how it has been exploited have been released.
Google initially planned to patch a second zero-day, labeled CVE-2026-3909, with this update, an out-of-bounds write weakness in the 2D graphics library (Skia). When exploited, attackers could crash Chrome or execute code remotely. The fix for that vulnerability is now expected in a future update.
What Chrome users need to do
Google released a Stable Channel update on March 12, so you should ensure you are on the latest version of Chrome: 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux. It could take several days or even weeks to roll out to everyone, so install it as soon as you see the option. You can check your version via the Chrome menu > About Google Chrome.
If you regularly quit and restart your browser, the update will be applied automatically—or you can do it manually by tapping the three dots in the top-right corner of the browser window. You'll need to restart Chrome to finalize the update.
via Lifehacker (author: Emily Long)
If you're a Chrome user, this is your reminder not to ignore available security updates. Google is pushing an emergency patch for a zero-day vulnerability that has been exploited in the wild, and a second zero-day has been identified and is expected to be fixed in a future update.
As a reminder, zero-days are security vulnerabilities that have been actively exploited or publicly disclosed before the developer releases an official fix. These latest Chrome bugs are the second and third zero-days addressed so far in 2026—Google patched the first back in February.
What this Google Chrome patch fixes
The vulnerability addressed with the current update is labeled as CVE-2026-3910 and is an inappropriate implementation in V8, Google's JavaScript and WebAssembly engine. The flaw was reported by the Google Threat Analysis Group on March 10, though no additional details as to how it has been exploited have been released.
Google initially planned to patch a second zero-day, labeled CVE-2026-3909, with this update, an out-of-bounds write weakness in the 2D graphics library (Skia). When exploited, attackers could crash Chrome or execute code remotely. The fix for that vulnerability is now expected in a future update.
What Chrome users need to do
Google released a Stable Channel update on March 12, so you should ensure you are on the latest version of Chrome: 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux. It could take several days or even weeks to roll out to everyone, so install it as soon as you see the option. You can check your version via the Chrome menu > About Google Chrome.
If you regularly quit and restart your browser, the update will be applied automatically—or you can do it manually by tapping the three dots in the top-right corner of the browser window. You'll need to restart Chrome to finalize the update.
via Lifehacker (author: Emily Long)
How to Spot 'Living Off the Land' Computer Attacks
I write frequently about the threat of malware and how threat actors are using it to do everything from steal personal information to fully take over users' devices or add them to botnets. These malicious programs spread through various forms of phishing, ClickFix attacks, malvertising, and even apps that have been vetted and approved by Apple and Google.
However, as users (and security tools) have gotten better at identifying the signs of a malware infection and savvy enough to avoid them in the first place, some cybercriminals have changed tactics: Living Off the Land (LOTL) attacks exploit built-in system utilities and tools that may be less likely to raise red flags.
How Living Off the Land attacks work
As Huntress describes, LOTL refers to using local resources instead of importing new ones from outside. Rather than sneaking custom-built malware onto a user's machine, attackers exploit tools like PowerShell, Windows Management Instrumentation (WMI), built-in utilities, and trusted applications such as Microsoft Teams for malicious purposes. Antivirus programs are unlikely to flag these tools as suspicious—in most cases, they aren't—because they blend in to normal system processes and are supposed to be there.
By hijacking legitimate tools, threat actors are able to access systems and networks, execute code remotely, escalate privileges, steal data, or even install other forms of malware. The PowerShell command-line interface allows file downloads and command execution, making it a popular tool for bad actors, along with WMI, though Unix binaries and signed Windows drivers are also frequently exploited.
LOTL attackers may employ exploit kits, which can spread fileless malware via phishing or other forms of social engineering, as well as stolen credentials and fileless ransomware to gain access to native tools. Malwarebytes Labs recently identified a campaign spread through fake Google Meet updates to exploit a legitimate Windows device enrollment feature—run via an attack server hosted on a reputable mobile device management platform.
How to detect an LOTL attack
Many tactics for identifying, addressing, and preventing LOTL attacks are targeted at organizations with large infrastructures to defend, but individual users can (and should) also be vigilant to this type of threat. As always, look out for signs of phishing and other forms of social engineering that bad actors use to steal credentials and gain access to networks and devices. Be wary of unsolicited communication containing links, notifications about software and security updates, and anything that provokes curiosity, anxiety, urgency, or fear. Install security updates as soon as they're available to keep vulnerabilities from being exploited.
When it comes to detecting LOTL specifically, Huntress advises looking for unusual behavior rather than just suspicious files or programs—for example, tools running outside of their normal contexts or in unexpected patterns as well as unusual network connections from systems utilities. Monitor and log usage of commonly exploited tools, and audit any remote access tools and device enrollments.
via Lifehacker (author: Emily Long)
I write frequently about the threat of malware and how threat actors are using it to do everything from steal personal information to fully take over users' devices or add them to botnets. These malicious programs spread through various forms of phishing, ClickFix attacks, malvertising, and even apps that have been vetted and approved by Apple and Google.
However, as users (and security tools) have gotten better at identifying the signs of a malware infection and savvy enough to avoid them in the first place, some cybercriminals have changed tactics: Living Off the Land (LOTL) attacks exploit built-in system utilities and tools that may be less likely to raise red flags.
How Living Off the Land attacks work
As Huntress describes, LOTL refers to using local resources instead of importing new ones from outside. Rather than sneaking custom-built malware onto a user's machine, attackers exploit tools like PowerShell, Windows Management Instrumentation (WMI), built-in utilities, and trusted applications such as Microsoft Teams for malicious purposes. Antivirus programs are unlikely to flag these tools as suspicious—in most cases, they aren't—because they blend in to normal system processes and are supposed to be there.
By hijacking legitimate tools, threat actors are able to access systems and networks, execute code remotely, escalate privileges, steal data, or even install other forms of malware. The PowerShell command-line interface allows file downloads and command execution, making it a popular tool for bad actors, along with WMI, though Unix binaries and signed Windows drivers are also frequently exploited.
LOTL attackers may employ exploit kits, which can spread fileless malware via phishing or other forms of social engineering, as well as stolen credentials and fileless ransomware to gain access to native tools. Malwarebytes Labs recently identified a campaign spread through fake Google Meet updates to exploit a legitimate Windows device enrollment feature—run via an attack server hosted on a reputable mobile device management platform.
How to detect an LOTL attack
Many tactics for identifying, addressing, and preventing LOTL attacks are targeted at organizations with large infrastructures to defend, but individual users can (and should) also be vigilant to this type of threat. As always, look out for signs of phishing and other forms of social engineering that bad actors use to steal credentials and gain access to networks and devices. Be wary of unsolicited communication containing links, notifications about software and security updates, and anything that provokes curiosity, anxiety, urgency, or fear. Install security updates as soon as they're available to keep vulnerabilities from being exploited.
When it comes to detecting LOTL specifically, Huntress advises looking for unusual behavior rather than just suspicious files or programs—for example, tools running outside of their normal contexts or in unexpected patterns as well as unusual network connections from systems utilities. Monitor and log usage of commonly exploited tools, and audit any remote access tools and device enrollments.
via Lifehacker (author: Emily Long)
《镖人》长影评:「武侠片的新标杆」 (评论: 镖人:风起大漠)
EmotionalEarth评论: 镖人:风起大漠
评价: 力荐
via 豆瓣最受欢迎的影评 (author: EmotionalEarth)
Invalid media: image
EmotionalEarth评论: 镖人:风起大漠
评价: 力荐
via 豆瓣最受欢迎的影评 (author: EmotionalEarth)
Invalid media: image
毁童年式的改编 (评论: 呼啸山庄)
Blade Runner评论: 呼啸山庄
评价: 很差
via 豆瓣最受欢迎的影评 (author: Blade Runner)
Invalid media: image
Blade Runner评论: 呼啸山庄
评价: 很差
via 豆瓣最受欢迎的影评 (author: Blade Runner)
Invalid media: image
Nathan Rogers-Hancock 评《Etoile Violette》 (机翻) (评论: Etoile Violette)
两只青蛙跳下锅评论: Etoile Violette
评价: 推荐
via 豆瓣最受欢迎的影评 (author: 两只青蛙跳下锅)
Invalid media: image
两只青蛙跳下锅评论: Etoile Violette
评价: 推荐
via 豆瓣最受欢迎的影评 (author: 两只青蛙跳下锅)
Invalid media: image