Filter out Dialog Insight trackers from URLs

[fmarier]

I found this in a Qtrade email:

<img alt="" width="3" height="2" src="http://link.mail.qtrade.ca/T/OFC4/T/5916/946.../1Enu....gif" />

It's a CNAME to ofsys.com:

$ dig link.mail.qtrade.ca
link.mail.qtrade.ca.	3078	IN	CNAME	secure.ofsys.com.
secure.ofsys.com.	1313	IN	A	208.91.248.10

and sure enough the final link ends up being decorated with extra query string parameters: oft_id, oft_k, oft_lk and oft_d. The unsubscribe link doesn't use any of these query parameters but both oft_id and oft_k are present in the path, the same ones used in the image tracker.

There are lots of examples in the wild. My best guess is that these parameters are useful in conversion tracking on external e-commerce platforms.

I found a landing page in a GitHub repo but it doesn't seem to have any real JS code running (other than an animation).

For user journey tracking:

• https://support.dialoginsight.com/fr/support/solutions/folders/1000227042/page/1?url_locale=fr
• https://support.dialoginsight.com/fr/support/solutions/articles/1000249545-ajouter-des-domaines-%C3%A0-un-site
• https://support.dialoginsight.com/fr/support/solutions/articles/1000249546-configurer-le-module-de-suivi-parcours

there is a Dialog Insight script to add the scripts looks like this one, as found on this website. The script is already in EasyPrivacy.

The full unminified source code was accidentally left online and so this is the full list of parameters they use:

    GetOfsysParameters : function()
    {
        return ["oft_id", "oft_k", "oft_lk", "oft_d", "oft_c", "oft_ck", "oft_campaign", "oft_ids", "oft_sk"];
    },

It seems like they can identify individual visitors based on any of the parameters, except for oft_campaign:

        for(var i = 0; i < ofsysParameters.length;i++)
        {
            var pName = ofsysParameters[i];                        
            if(typeof allValuesDic[pName] !== "undefined")
            {
                visitValue[pName] = allValuesDic[pName];

                if(pName == "oft_campaign")
                    continue;

                visitorIsIdentified = true;
                if(typeof visitorValue[pName] !== 'undefined')
                    delete visitorValue[pName];
            }
        }

This links to another tracker though I didn't find anything interesting there.

[stephendonner]

Verified PASSED using

Brave	1.39.51 Chromium: 100.0.4896.88 (Official Build) nightly (x86_64)
Revision	4450653bfa91182e85723d8f1dee64dd6ce40ed4-refs/branch-heads/4896@{#1086}
OS	macOS Version 11.6.5 (Build 20G527)

Steps:

1. installed 1.39.51
2. launched Brave
3. loaded https://brave.com/?oft_id=946&oft_k=1Enu&oft_lk=kea&oft_d=637

Ensured that the four (4) tracking parameters were dropped via an internal (Brave) redirect, ending up just https://brave.com/

[kjozwiak]

Verification PASSED on Samsung S10+ running Android 12 using the following build(s):

Brave | 1.39.109 Chromium: 102.0.5005.50 (Official Build) (64-bit)
--- | ---
Revision | f6e2cf8f59ec714bdcff8499991d55898875f287-refs/branch-heads/5005@{#648}
OS | Android 11; Build/RP1A.200720.012

STR/Cases used as per brave/brave-core#12893 (comment):

1. installed 1.39.109 Chromium: 102.0.5005.50
2. launched Brave
3. loaded https://brave.com/?oft_id=946&oft_k=1Enu&oft_lk=kea&oft_d=637 via brave://inspect

Ensured that the four (4) tracking parameters were dropped via an internal (Brave) redirect, ending up just https://brave.com/