Firefox 's Ping Attribute: Useful or Spyware?

An anonymous reader writes "The Mozilla Team has quietly enabled a new feature in Firefox that parses 'ping' attributes to anchor tags in HTML. Now links can have a 'ping' attribute that contains a list of servers to notify when you click on a link. Although link tracking has been done using redirects and Javascript, this new "feature" allows notification of an unlimited and uncontrollable number of servers for every click, and it is not noticeable without examining the source code for a link before clicking it."

Firefox's Ping Attribute: Useful AND Spyware

[eldavojohn]

This isn't a question, it's obviously a little of both. Sacrifice some information about the sites you visit to allow those who run the servers (anyone, really) some feedback and statistics.

It's simply the user's choice as to whether or not the pros outweigh the cons. And I'm sure the massive response that ensues on Slashdot will reveal that everyone values these pros and cons differently.

Doesn't seem to be much argument other than I think they should have a very simple way to disable this if the user so chooses. As with the iTunes fiasco, I would recommend Firefox be distributed with this option disabled.

Re:Firefox's Ping Attribute: Useful AND Spyware

[timeOday]

As with the iTunes fiasco, I would recommend Firefox be distributed with this option disabled.

I'm racking my brain to imagine why a user would ever want to enable it.

Re:Firefox's Ping Attribute: Useful AND Spyware

[heavy+snowfall]

As I see it this will only make it easier to avoid tracking. At the moment tracking links are often obfuscated like this one. With this new attribute and the ability to disable it you get a plain non-tracked destination URL.

Because of this, and it being mozilla-specific for now, websites that currently use tracking URL's will see no value in switching over.

As for privacy concerns, it's already quite easy to track people on the web. Those who avoid it now are more in the know and would probably just add this to the list of things to disable.

Re:Firefox's Ping Attribute: Useful AND Spyware

[kawika]

The blog is right that from a user perspective this is good because it makes the target page load faster and makes the tracking transparent. However, this gives the marketer or website even less control than they have now.

Today, ad or other link tracking is generally handled like this: The link target specifies a tracking page and passes in a magic word or number that specifies the campaign or other info (e.g., "go.php?id=123" or "click.asp?campaign=A1254S"). That page logs the click in some database and issues a redirect to the actual destination page. Sometimes the web server log acts as the "database" and the click stats are processed from the logs.

With this new scheme, idea is supposed to be that the href target would be the actual destination and there would be no need for the time-consuming redirect. The separate ping attribute would take care of notifying the server similar to what happens today. But now the target page is out in the open for the client to see, and it is not essential to use the ping URL at all! Once users start blocking ping URLs, as they inevitably will, this transparency means that click stats will be very unreliable.

Since a lot of revenue depends on click numbers, this outcome is bad for commercial web sites. Therefore, very few money links will ever use this scheme and will instead stay with the tried-and-true redirect pages.

Re:Firefox's Ping Attribute: Useful AND Spyware

[Art+Tatum]

You were moderated as funny, but it should've been insightful. I have a friend who describes the American political scene as two armies in trenches, shooting at straw men in no-man's-land.

Re:Firefox's Ping Attribute: Useful AND Spyware

[A+beautiful+mind]

Except that there are really one sides and they are employing a huge mirror...

Consider what may happen

[suso]

I think the first thing any browser developer should consider when adding a new tag or tag attribute to the DOM is "How can this be abused?" and explore that question to its fullest. Because all of you know that it will be abused and that users will implement it wrong or find new uses for it that the developers didn't intend. Some of them may be good, some bad.

Coming soon to a browser near you:

[Whiteout]

One ping-disabling Firefox extension.

It's great!

[ivan256]

Websites can do all that stuff with a redirect script on the server side and the user has no control or knowledge of who is being notified. If site developers start using the ping tag instead we can selectively disable it with an extension. It gives the user control where before there was none.

How is this an issue?

[Idimmu+Xul]

A lot of websites use redirect pages to get this exact same information, and off the top of my head I imagine it is pretty simple to notify multiple urls of where you are going using some tricky javascript and even cookies and referrers can be used across sites to track visitors. This is just making a very common, and needlessly complex, mechanism infinitely simpler for the web developer.

It's a C-O-N-spiracy

[blazerw11]

So, I don't mean to go all "Senstionalist Title" on your ass, but the post links to a mozilla blog explaining how they've added this feature to the TRUNK. Announcing a new feature in a blog is not quite a press release, but it's a hell of lot more forthcoming that what "quietly added" implies. Also, it's been added to the Trunk, so it's not likely to actually show up in any Mozilla build for a while, much longer, if ever, in a release. This is really the way to add something like this. Put it in to see where and how it will be used and whether that's good or bad.

Not very useful

[everphilski]

1. Javascript does it already

2. Now you alienate any user using another browser

3. Mozilla team is pulling an IE (implementing their own extensions... read the blog... "w3c doesn't have to make all the rules" ... if Microsoft said that /. would be up in arms)

Facts of the matter

[Panaflex]

One, this is in the trunk builds - NOT the released versions.

From a technical POV it's actually nicely thought out, as it separates logically the intended action and the "log."

I'm sure that Google, Yahoo, and others are BEGGING for this. I've worked in Design and Dev at two of the biggest travel sites - it's a huge problem tracking clicks. If we could remove our tracking javascript then users would get a MUCH snappier web site.

But we can't because our advertisers specify that we must have third party click/view audits that "verify" our intended audience numbers.

On the one hand, I know (having designed and built some of the auditing and log analysis systems) that we're tracking every click on our sites. We do use cookies. And the tag would bring it all out in the open instead of buried 3 layers deep in javascript.

But from an individual POV, it's like acknowledging that they really ARE watching me. And I am now consenting to that.

Solution: In my mind, the big(and little) sites could offer users the "option" of using the ping tag for a nicer user experience. It would be disabled by default, and a web site would have to specifically request and get permission from the user before the browser would "unlock"

Just me $0.02

Will sites really use this?

[Shimmer]

Assuming that IE implements the same feature, will sites use this? If clients can turn it off, I suspect that web sites won't trust it. This is something that is most accurately done on the server, and I think that's where it will stay.

Re:With or without your consent?

[spectrumCoder]

Disable the feature. Easy.

This kind of misses the point. If Firefox is to become a mainstream internet browser, it needs to be anti-spyware and usable from a clean install onwards. Making it the ideal browser for the tweakers, where it's at its most usable after multiple options have been changed and several extensions installed, is not going to make it the browser of choice for the general public.

As far as grabbing market share goes, it's the default settings that make the difference.

Re:You can already do this with Javascript

[Hard_Code]

Ever heard of cross-site scripting? "ping" needs at the least to be implemented in such a fashion that only the originating site can get a ping. Any pings to non-originating site should either be blocked wholesale or at least present the user a dialog (Site A is attempting to convey information about your browsing to Site B).

Re:Don't like Firefox spyware? Use Konqueror

[grahamlee]

In some instances, it may render web pages even better than Firefox, since Konqueror passed the Acid2 test.

Acid2 only measures the particular edgecasitis that the Acid2 authors managed to think of - web developers seem capable of introducing many more. What's needed isn't more acid tests but a W3-approved regression suite.

Re:You can already do this with Javascript

[mrsbrisby]

Consider a simple redirect URL.

Which can be easily bypassed.

Bypassed? That may demand definition, for example,

Where does http://tinyurl.com/161 go?

How about http://freshmeat.net/redir/cexec/57387/url_homepag e/?

How do you know without making a URL connection?

Oh sure, you can ignore links that look like that, and even block them. Nobody's suggesting that you cannot block PING-requested URLs.

But bypassed? What exactly could you mean by this?