Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 's Ping Attribute: Useful or Spyware?

Posted by CmdrTaco on from the wear-your-foil-hats dept.

An anonymous reader writes "The Mozilla Team has quietly enabled a new feature in Firefox that parses 'ping' attributes to anchor tags in HTML. Now links can have a 'ping' attribute that contains a list of servers to notify when you click on a link. Although link tracking has been done using redirects and Javascript, this new "feature" allows notification of an unlimited and uncontrollable number of servers for every click, and it is not noticeable without examining the source code for a link before clicking it."

11 of 575 comments (clear)

  1. Very useful by dada21 · · Score: 5, Interesting

    This feature is extremely useful for any website that wants to give their users better content by parsing what they're going through. It also lets you figure out who is clicking advertisements (which are usually off site) and even gives you the ability to run a multitude of websites but aggregate all the statistics on one of your machines.

    Sure it can be abused -- I don't see why more of these abusive features can't be set up in a whitelist fashion. I'm already shocked that web browsers make it so difficult to white lists sites you feel are safe (or don't mind giving up some information to make your experience better).

    That comes to the point of this post -- how about a standard "setup" logo/button committee that helps create a "setup" web profile that sites can use to give the users options on how they want to be configured? We've got some standard buttons already (RSS feed, etc), why not one that users could be familiar with so that they can white list or opt-in to certain additional "anti-privacy" features?

    I know many websites (including a few of mine) could use more user information, and I don't see why we can't work to just setting a standard for how to do it.

  2. Extension by nes11 · · Score: 4, Interesting

    This is firefox we're talking about. There will be an extension available within the first day to strip out those attributes. Or even more likely a built-in option to not acknowledge them.

  3. You can already do this with Javascript by dmoen · · Score: 5, Interesting
    I would recommend Firefox be distributed with this option disabled.

    Are you also recommending that Firefox be distributed with Javascript disabled? Because this ping functionality is easy enough to implement in javascript. If ping is disabled by default, then nobody will have it enabled, which means that web developers will continue to do it the old fashioned way, and the ability to disable ping will be worthless.

    Doug Moen.

    --
    I have written a truly remarkable program which this sig is too small to contain.
    1. Re:You can already do this with Javascript by Hurga · · Score: 4, Interesting

      Are you also recommending that Firefox be distributed with Javascript disabled?

      I know that I HAVE JavaScript disabled (using the NoScript extension) for this and other reasons, and I don't want to have that functionality back whithout me noticing.

      Hurga

    2. Re:You can already do this with Javascript by TheSpoom · · Score: 4, Interesting

      Why would a web developer use the ping attribute now? AFAIK only Firefox supports it.

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
  4. Re:With or without your consent? by ivan256 · · Score: 4, Interesting

    Does this feature track and retain your surfing habits without your consent?

    No.

    Can you not opt-out of it?

    Disable the feature. Easy.

    It's not spyware by your definition. It has the added benefit of giving the user some control instead of being secretly tracked by the server side.

  5. Don't worry yet by courtarro · · Score: 5, Interesting
    "Quietly" refers to Mozilla's inclusion of this feature in the nightly trunk versions, not the official version available for download. That's hardly cause for concern. I'll bet most of the features added to nightlies are "quiet", so that's just a bit of fear mongering. It's a development version! I personally don't like the idea of pings that much, but I'm willing to bet it will have a UI to allow disabling when it's released to the masses. According to the bug request to implement it:

    We should try and do an experimental implementation of , to see if there are any unexpected real-world problems.

    That's what nightlies are for! We now see that it's a controversial tag (and they're probably already well-aware), so they're giving it a shot. Would you rather them just say "no, we don't like that potential standard, so we're not going to try implementing it"?
  6. Possible fix by spitzak · · Score: 5, Interesting

    Why not limit the ping to the server that made the current page? This should prevent people from embedding pings into blogs, and still allow the replacement of redirects for tracking where you go. I would think unless this is done, too many people will disable it for any real sites to use it, and it will *only* be used for nefarious purposes.

  7. Re:How is this different from by Bogtha · · Score: 4, Interesting

    How is this different from the web server logging every page and image you load?

    It's different because web server logs only record what you ask that server for. Web server logs don't record what you ask other servers for.

    This is essentially what the Referer header does, except in reverse. Instead of telling a new server where you have come from, it tells the old server where you are going.

    This is already possible with Javascript, and it was possible with CSS too - I'm not sure if it still is, but the technique was basically to suggest a local background image to style :active links - so when the link becomes :active (when it gets clicked on), the browser downloads the background image and you know the link was clicked.

    --
    Bogtha Bogtha Bogtha
  8. it's all about Google adwords by SethJohnson · · Score: 5, Interesting

    Why would a web developer use the ping attribute now?

    I think the main developer who would want to use it is Google with their adwords program. They're probably trying to minimize the bandwidth those redirects consume for all the clicking that happens on their ads. This is on top of the bandwidth of every page view requesting the ads to be embedded in the first place, which can't be avoided...

    Even if Google can shave off 6% of unneccessary redirects (all Firefox users), that's a big bandwidth savings.

    Seth

    --
    $5 / month hosted VPS on linux = awesome!
  9. Re:Don't like Firefox spyware? Use Konqueror by jacksonj04 · · Score: 4, Interesting

    This is an important point. An AJAX application will quite merrily send and recieve large quantities of data without you knowing - this is by design. It relies on being able to do things 'behind the user's back'.

    Think of it this way - if you had a popup every time a local application wanted to communicate with the hard disk, how quickly would you become angry?

    --
    How many people can read hex if only you and dead people can read hex?