Warning: Shared Links May Be Exposing Your Personal Data Online

Social media “copy link” features may not be as harmless as they appear, as a growing privacy concern suggests that shared URLs can silently carry embedded metadata tied directly to the user who shared them. According to recent findings, when users tap “copy link” on platforms like Instagram, TikTok, Telegram, Discord, Perplexity, Substack, Suno, and even ChatGPT, the generated URL may include hidden identifiers such as usernames, numeric user IDs, country signals, and timestamps, without any visible warning. This issue was highlighted through an open-source tool called Sharetrace, which can decode and extract this embedded information from shared links. In one demonstration on an Instagram Reel, Sharetrace reportedly revealed the sharer’s username, display name, numeric ID, and full profile URL, all from what looked like a normal link. The discovery, reported by investigative journalist Craig Silverman, raises serious concerns about digital privacy, especially for users who share content in public spaces, group chats, or with unknown recipients. It also poses risks for journalists, activists, researchers, and whistleblowers who depend on anonymity. While platforms often use tracking parameters for analytics, the inclusion of personally identifiable data goes further, effectively creating a digital fingerprint in every shared link. The open-source nature of Sharetrace now allows researchers to further investigate these hidden data trails.