Slashdot Mirror
Firefox 's Ping Attribute: Useful or Spyware?
An anonymous reader writes "The Mozilla Team has quietly enabled a new feature in Firefox that parses 'ping' attributes to anchor tags in HTML. Now links can have a 'ping' attribute that contains a list of servers to notify when you click on a link. Although link tracking has been done using redirects and Javascript, this new "feature" allows notification of an unlimited and uncontrollable number of servers for every click, and it is not noticeable without examining the source code for a link before clicking it."
This isn't a question, it's obviously a little of both. Sacrifice some information about the sites you visit to allow those who run the servers (anyone, really) some feedback and statistics.
It's simply the user's choice as to whether or not the pros outweigh the cons. And I'm sure the massive response that ensues on Slashdot will reveal that everyone values these pros and cons differently.
Doesn't seem to be much argument other than I think they should have a very simple way to disable this if the user so chooses. As with the iTunes fiasco, I would recommend Firefox be distributed with this option disabled.
My work here is dung.
I think the first thing any browser developer should consider when adding a new tag or tag attribute to the DOM is "How can this be abused?" and explore that question to its fullest. Because all of you know that it will be abused and that users will implement it wrong or find new uses for it that the developers didn't intend. Some of them may be good, some bad.
At least for childbirth. Bring in the machine that goes, PING!
If brevity is the soul of wit, then how does one explain Twitter?
One ping-disabling Firefox extension.
kind of abusive, no? I'm just imagining slashdotting more than one server... hum? another issue is the pre fetch directive on firefox... i'm starting to think my bandwidth is out of my control..
This feature is extremely useful for any website that wants to give their users better content by parsing what they're going through. It also lets you figure out who is clicking advertisements (which are usually off site) and even gives you the ability to run a multitude of websites but aggregate all the statistics on one of your machines.
Sure it can be abused -- I don't see why more of these abusive features can't be set up in a whitelist fashion. I'm already shocked that web browsers make it so difficult to white lists sites you feel are safe (or don't mind giving up some information to make your experience better).
That comes to the point of this post -- how about a standard "setup" logo/button committee that helps create a "setup" web profile that sites can use to give the users options on how they want to be configured? We've got some standard buttons already (RSS feed, etc), why not one that users could be familiar with so that they can white list or opt-in to certain additional "anti-privacy" features?
I know many websites (including a few of mine) could use more user information, and I don't see why we can't work to just setting a standard for how to do it.
This is firefox we're talking about. There will be an extension available within the first day to strip out those attributes. Or even more likely a built-in option to not acknowledge them.
How is this different from the web server logging every page and image you load?
Is the concern that the 'ping' comes from your browser and not any proxy server you may be using? In most cases your proxy server is also your NAT server so the 'ping' isn't going to give much of anything about your IP....
Of course this should be disabled by default, I just don't see this as a huge privacy issue.
v2sw7CUPhw5ln6pr5Pck4ma7u7LFw0m6g/l7Di5e6t5Ab6TH.
Websites can do all that stuff with a redirect script on the server side and the user has no control or knowledge of who is being notified. If site developers start using the ping tag instead we can selectively disable it with an extension. It gives the user control where before there was none.
Check out: https://bugzilla.mozilla.org/show_bug.cgi?id=31936 8
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
as i read the summary i became overcome with fear when the updates are available dialogue popped up at the bottom of my screen. coincidence....?
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
This will make it easier for Ramius to declare his intention is to defect.
Are you also recommending that Firefox be distributed with Javascript disabled? Because this ping functionality is easy enough to implement in javascript. If ping is disabled by default, then nobody will have it enabled, which means that web developers will continue to do it the old fashioned way, and the ability to disable ping will be worthless.
Doug Moen.
I have written a truly remarkable program which this sig is too small to contain.
Does this feature track and retain your surfing habits without your consent?
No.
Can you not opt-out of it?
Disable the feature. Easy.
It's not spyware by your definition. It has the added benefit of giving the user some control instead of being secretly tracked by the server side.
A lot of websites use redirect pages to get this exact same information, and off the top of my head I imagine it is pretty simple to notify multiple urls of where you are going using some tricky javascript and even cookies and referrers can be used across sites to track visitors. This is just making a very common, and needlessly complex, mechanism infinitely simpler for the web developer.
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
So, I don't mean to go all "Senstionalist Title" on your ass, but the post links to a mozilla blog explaining how they've added this feature to the TRUNK. Announcing a new feature in a blog is not quite a press release, but it's a hell of lot more forthcoming that what "quietly added" implies. Also, it's been added to the Trunk, so it's not likely to actually show up in any Mozilla build for a while, much longer, if ever, in a release. This is really the way to add something like this. Put it in to see where and how it will be used and whether that's good or bad.
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
Wikileaks, no DNS
.. but this is one of the cases where the Open Source model works well. Any truly paranoid geek out there can pull down the source tree and watch all of the changes to any of the crap the FF developers decide to throw in. They can then apply their own patches-of-paranoia and remove untrusted suspect code, build it and run it behind however many firewalls and proxies they have set up.
1. Javascript does it already
... if Microsoft said that /. would be up in arms)
2. Now you alienate any user using another browser
3. Mozilla team is pulling an IE (implementing their own extensions... read the blog... "w3c doesn't have to make all the rules"
My first thought was "How can you track clicks with a ping?". After RTFA, it's not literally a ping to some server, it's a request to a URI, most probably an HTTP request that will contain request parameters indicating what link was clicked.
Second of all, this is not any more of a privacy intrusion than previously existed. It was always possible to track clicks within a single website via cookies, and clicks on external links (i.e. banner ads) by using a redirect first. If the author of the website wants to track what you're doing, he's already got the means, and he's had them for years.
There are 2 kinds of people in this world. Those that can keep their train of thought,
We should try and do an experimental implementation of , to see if there are any unexpected real-world problems.
That's what nightlies are for! We now see that it's a controversial tag (and they're probably already well-aware), so they're giving it a shot. Would you rather them just say "no, we don't like that potential standard, so we're not going to try implementing it"?It could enable a user comments vs people who actuall RTFA statistic. Knowing slashdot it would crash on a divide by zero error offcourse.
But wait a minute, a infinite number of pings? So the story submitter himself can also add his pings? Knowing the quality of slashdot editors (HA!) any story submitter would know who read what links in his article. Do I want him to know?
Imagine that someone puts a goatse.cx link on a forum. You don't of course admit that you been tricked but the next post is a record of all the pings the link submitter received proving that all of slashdot wanks to the goatse man.
The abuse of this feature is clear and the benefits? If slashdot really cared to know wich external links are followed or not then that is their business isn't it?
Do I really want websites to know wich external links I follow? I think this is a solution looking for a problem and in the few cases where a website needs to know the users need for privacy is superior.
Bad mozilla. This is something I would have expected of MS or the old Netscape. Now go sit in a corner and don't come out until you stop adding crap features that tattle on me without informing me.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
If this can't be disabled (in preferences, about:config, or easily in the source, or via some extension/Greasemonkey script) then I'm sticking with the current 1.5 build, or possibly off to Opera or Epiphany.
Jesus if this was put into MSIE then people would be writing to their MP/senator by now!
I cannot think of any good use for this.
People who run servers do not need that specific kind of stats, their server logs should be good enough. Only marketing (aka spyware) types would want this kind of info.
#include <sig.h>
One, this is in the trunk builds - NOT the released versions.
From a technical POV it's actually nicely thought out, as it separates logically the intended action and the "log."
I'm sure that Google, Yahoo, and others are BEGGING for this. I've worked in Design and Dev at two of the biggest travel sites - it's a huge problem tracking clicks. If we could remove our tracking javascript then users would get a MUCH snappier web site.
But we can't because our advertisers specify that we must have third party click/view audits that "verify" our intended audience numbers.
On the one hand, I know (having designed and built some of the auditing and log analysis systems) that we're tracking every click on our sites. We do use cookies. And the tag would bring it all out in the open instead of buried 3 layers deep in javascript.
But from an individual POV, it's like acknowledging that they really ARE watching me. And I am now consenting to that.
Solution: In my mind, the big(and little) sites could offer users the "option" of using the ping tag for a nicer user experience. It would be disabled by default, and a web site would have to specifically request and get permission from the user before the browser would "unlock"
Just me $0.02
I said no... but I missed and it came out yes.
Assuming that IE implements the same feature, will sites use this? If clients can turn it off, I suspect that web sites won't trust it. This is something that is most accurately done on the server, and I think that's where it will stay.
The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
Disable the feature. Easy.
This kind of misses the point. If Firefox is to become a mainstream internet browser, it needs to be anti-spyware and usable from a clean install onwards. Making it the ideal browser for the tweakers, where it's at its most usable after multiple options have been changed and several extensions installed, is not going to make it the browser of choice for the general public.
As far as grabbing market share goes, it's the default settings that make the difference.
Can we please, please, keep politics out of this? I would rather discuss the FF issue, than listen to a flame war about politics.
It would be just as easy to defeat this technology (if you did not want it), by using it against itself.
Any developer with a small amount of time on their hands can easily develop a firefox extension or greasemonkey script that will take all of the ping tags out of the page that is rendered to the user.
"Problem" solved.
Why not limit the ping to the server that made the current page? This should prevent people from embedding pings into blogs, and still allow the replacement of redirects for tracking where you go. I would think unless this is done, too many people will disable it for any real sites to use it, and it will *only* be used for nefarious purposes.
I find this so odd. What is wrong if I want to see how many people click a link on my website? I can think of a lot of none evil uses for it. Think of it like P2P why should you eliminate a perfectly useful technology just because it can be abused?
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Sure, the basic functionality can be duplicated with javascript. However, tying this behavior explicitly to a "ping" attribute makes it much easier to identify and block/disable the behavior. If someone doesn't want to mess around with a NoScript extension, script whitelists, etc... then this makes life easier.
Look at it this way: I'm lazy. I don't want to be a security/privacy Nazi about any/every script on webpages I view. However, if there's an "easy" way to block something I view as potentially abusive, this ping attribute could easily be disabled.
Which makes me think that if other users are lazy like me and just want to disable "ping", this feature would likely be dead-in-the-water, and designers who want to track users would continue to use Javascript.
I only post comments when someone on the internet is wrong.
If they're going to go any further with the "ping" feature, there should be a function (enabled by default) that prompts you before pinging the servers.
No, it's not really that simple. This is much like the difference between first-party cookies and third-party cookies. In fact, I'd be happy if they decided to limit them at that level of granularity. I honestly wouldn't mind first-party pings. This provides--as you correctly note--nothing more than they can already collect now. It does, however, significantly enhance the developers' ability to directly collect stateful click-through information.
On the other hand, I'd say third-party pings are no less (and no more) evil than third-party cookies in terms of privacy. It seems to be a fairly common practice to disable third-party cookies while leaving first-party cookies enabled. I would certainly like the option to specify my preferences at that level.
Personally, I don't trust Firefox anymore. No matter how many times I disable "check for updates" it keeps checking for updates. No matter how many times I tell it to stop checking automatically for updates or upgrades for my extensions, it refuses to stop. Yes, I have used the preferences. I have tried manually setting them with about:config. Nothing will make it stop checking. This has been happening since the 1.5 beta and is persistent in 1.5 final.
It also appears to be impossible to install it without the "report to your master" feature (which is supposed to report crashes). It can be disabled (supposedly) later, but in the install you used to be able to uncheck it, now it's grayed out and gets installed by default every time.
Then there's the whole automatically prefetching links that you MAY click on in order to "speed up" the browsing. There's no way to tell if it's even doing this unless you are watching your network connection carefully, but it's ridiculous and it's hard to make it stop.
No application should be using the network connection without my explicit permission on each and every action. Typing a URL or clicking a link is permission, I'm TELLING it to go fetch that data. But doing crap in the background without asking me is just dishonest.
From the article:
"Websites even employ "onmousedown" event handlers that change the href attribute at the very last second before a click occurs. This makes it so that hovering over the link displays the location that you want to go to, but it still ends up taking you someplace else."
Gee, thanks for handing the spyware creators, spammers, and phishers even MORE ammunition. Let's trick the user into thinking he's clicking on one thing, and at the last minute send data to another URL. YES! Let's make it MORE difficult for users to trust their online banking applications (etc.)!!!
Comment removed based on user account deletion
I see it mentioned in a working group, but I see no confirmation this is part of any final adopted spec.
That's my only concern... that Mozilla is once again off on a path of implementing stuff before the spec is adopted, and we're going to have "Best if using Mozilla" icons showing up on websites.
Acid2 only measures the particular edgecasitis that the Acid2 authors managed to think of - web developers seem capable of introducing many more. What's needed isn't more acid tests but a W3-approved regression suite.
I agree that would be the reason to enable it.
But it's a lousy scenario. There shouldn't *be* expensive, hidden redirects, and we're just encouraging what I consider (at best) stupid. even (worse) anti-social, possibly evil behavior.
I'm completely in favor of progress, but it seems the net is always taking at least one step back (in some cases a few dozen) for every step forward.
We should be encouraging content providers to produce clean web page sthat do what we expect them to do, simply, instead of to be ever more complex, sneaky, tricky marketing tools. or worse.
I never realized before why URLs wouldn't show up in the status bar on fark. After reading your comment, though, I allowed javascript to change the status bar and the issue was fixed. I think in the case of fark they aren't trying to be sneaky so much as user-friendly. The redirect URLs are unreadable because of the URL-encoding of the link destination. I don't particularly care that fark knows when I click an external link from their site, but I do enjoy the ability to see a readable URL by hovering over links with the mouse.
Why would a web developer use the ping attribute now?
I think the main developer who would want to use it is Google with their adwords program. They're probably trying to minimize the bandwidth those redirects consume for all the clicking that happens on their ads. This is on top of the bandwidth of every page view requesting the ads to be embedded in the first place, which can't be avoided...
Even if Google can shave off 6% of unneccessary redirects (all Firefox users), that's a big bandwidth savings.
Seth
$5 / month hosted VPS on linux = awesome!
I'd say implementing something in a draft by the WHATWG is a far cry from making up their "own" standard.
n g
One of the goals of the WHATWG is to refine proposals through feedback and submit them to the W3C.
http://whatwg.org/specs/web-apps/current-work/#pi
----- If communism is a system where the government owns business, what do you call a system where business owns govern
You would think so. Starting with cookies, though, there's always been a major component of web design and development which hinges on deliberately obfuscating important events from the user.
I don't want to get too heavy into tin-foilery over this. It would be difficult to support a claim that these pings and cookies are used for anything but the most innocuous of data mining and profiling pursuits. Here is where a natural danger sense comes into play, though: if people are being so careful not to draw attention to the extra activities of the software then just what are they hiding?
fast as fast can be. you'll never catch me.
If you add this to your userContent.css, links that have a ping attribute will be green:
a[ping] {
color: green !important;
}
You could also do something like this:
a[ping] {
-moz-opacity: 0.5 !important;
}
a[ping]:hover {
-moz-opacity: 1 !important;
}
so that the links would be transparent until you hover over them
My server
This is already happening. Most comercial sites ALREADY track all of the link clicks on their sites. The majority of them use 302 redirects so, you can't turn them off.
k ing2 +service
The only thing use of this attribute would do is make transparent what has ALREADY been happening for years.
When I worked at a media company, we had a cluster of servers dedicated to link tracking. All links on the site would send you here, and it would send you a 302 to your destination. Try disabling redirects, and you will see the web stop working.
Whats wrong with the idea of not hiding the tracking that is already happening?
As for stats, people want to know is you clicked on a linked image instead of linked text. They want to know what colors get clicked on more.
Did I mention many, many sites already do this?
the technology to do is is pervasive:
Perl CGI
http://www.google.com/search?q=perl+cgi+link+trac
PHP
http://www.google.com/search?q=php+link+tracking
All kinds of stuff
http://www.google.com/search?q=%22link+tracking%2
----- If communism is a system where the government owns business, what do you call a system where business owns govern
My question is where did this idea come from? Is it in an HTML standard somewhere? If not, they shouldn't have bothered putting it in IMHO. How can I tell my friends that Firefox aims to be more standards compliant if the Mozilla team is putting in proprietary HTML features?
Arguing about vi versus Emacs is like arguing whether it's better to make fire by rubbing sticks or banging rocks.
> what's wrong with the gnome file dialog?
The most obvious problem is that, unlike the old
XUL file browser, they don't use the current Firefox
theme. This makes them look completely out of place
on screen.
More importantly, the design of the new file browser
is fundamentally broken; it's been dumbed down to the
point of unusability. There's no obvious place to type
filenames rather than using the mouse, the display of
the directory tree is non-standard, clicking on
"Browse for other folders" in the save dialog triples
the size of the window and often moves the cancel/save
buttons off the bottom of the screen, etc.
The disaster that is the new GTK file browser is the
main reason that I'm still using GTK1 versions of
Mozilla etc.
Do not confuse this feature with spyware. Tracking cookies have always been used by advertising companies, yet they can be disabled. But I'd rather stick with tracking cookies than having to navigate through sites with embedded flash because the sponsors require them to. This "cookies = spyware" is just paranoia to me.
Anyway, if a website gives you a "ping" attribute, what prevents the same site from obfuscating the link and doing some redirections? It's EXACTLY THE SAME! If there can be any abuse, it's because the attribute is provided BY THE WEBSITE'S CONTENT. And who controls the website content?
One major abuse I could see are phishing sites, but if you already entered a phishing site it's your own fault, and I *REALLY* doubt a bank site would add ping attributes to their website.
In comparison, SPYWARE steals resources, bandwith, CPU and Memory, and makes your system unstable, stealing also YOUR VALUABLE TIME.
So, no, the ping attribute is NOT SPYWARE. I think the article submitter was too sensationalist by putting this in the headline.
This is an important point. An AJAX application will quite merrily send and recieve large quantities of data without you knowing - this is by design. It relies on being able to do things 'behind the user's back'.
Think of it this way - if you had a popup every time a local application wanted to communicate with the hard disk, how quickly would you become angry?
How many people can read hex if only you and dead people can read hex?
> You would think so. Starting with cookies, though, there's
> always been a major component of web design and development
> which hinges on deliberately obfuscating important events
> from the user.
Still using cookies as an example, progress has been towards better "cookie privacy". Items like blocking 3rd party cookies by default, a clear "clear all information" button, limits which override cookie expiries, etc. all give the user more control over his/her privacy.
To add this "ping" feature w/o also providing control over its use to users is rather surprising since, otherwise, Firefox has been moving in the right direction.
This is not just surprising, but incredibly disappointing.
Saying that you'd stop using Firefox if this is deployed is like saying you'd stop going to Wal-Mart if they have cameras watching you ... but wait ... they do. Face it. You're on the web. You're being tracked. OMG! Slashdot is tracking me now!!1!!1
... as a tool to improve user experience, this is a GREAT idea. decouple the link tracking from the target page loading. however, until it's adopted in a standard way by all browsers, it's useless. this can already be done in numerous ways thru javascript, proxy pages, inventive link creation, mod-rewrite ... there are as many ways to track user clicks as there are competent developers.
but seriously
sure, make it disableable. additionally, make it configurable to set the maximum number of PINGs per click. and lastly, limit the URLs to the originating site only.
"Glory is fleeting, but obscurity is forever." - Napoleon Bonaparte
IMHO this isn't a fault of WhatWG, but of the FF developers thinking they should run ahead and implement any draft before it has been considered carefully.
This sig is intentionally left blank
I'm already testing and I'm about to release a NoScript version (1.1.3.6) which neutralizes this lovely ping attribute on untrusted sites, and offers also an user-accessible option, not implemented by Firefox (yet?), to disable it globally. I hope this will calm down the tinfoil hats ;)
There's a browser safer than Firefox, it is Firefox, with NoScript
I just want to ask: What functionality does this give to me, as a user, that couldn't be entirely implemented on the server side without requiring anything to happen behind my back?
I use the web to view content. Ceding the argument of complex layouts (graphics, frames, fonts, etc.) there is no content that I've viewed in the last 8 years which requires any functionality on my browser's part beyond what I could get from lynx. What does this ping bring to me, as a user, and why should I care to have it at all?
AJAX doesn't impress me either. Webapps, while nice for jobs and web-coders (everyone needs to make a living somehow), should die. There's a better and more secure way to do everything which any web-app does.
fast as fast can be. you'll never catch me.
Not everyone views the web as "read-only", so to speak.
I use quite a few sites as tools that give me access to data or features provided by someone that I wouldn't normally have access to. Examples include bank sites and stock brokerage firm sites.
One additional response to your comment: how about providing insight as to the "more secure" alternatives to AJAX that provide the same functionality and fill the same niche rather than simply saying it "should die".
"I have no special gift, I am only passionately curious." - Albert Einstein
Couldn't a crafty webmaster load up a javascript on an adwords page to add all the adwords links as ping fields to all the links on the page via the DOM? Then all the links on the page would generate adwords clicks right?
Does this protocol check for duplicate links in the ping? What happens if I put like 10 or 100 of the same link in the ping. With a popular enough website I could innundate other websites with garbage ping requests.
---k--
</stupid>
Communication between an application and my hard drive should not result in data leaving my immediate "control zone" (or at least one would hope). That same sort of activity occuring over a public network to an unknown destination is more insecure by orders of magnitude.
Your point is valid that AJAX functionality poses many of the same issues as this Firefox "feature", but I politely refute your hypothetical example.
1. It can already be turned off via about:config (RTFA), and if it actually makes it into Firefox 2.0 there will probably be a checkbox in Preferences.
2. As a guy with a website, I'm actually curious as to which links people click on to leave. Server logs will tell me which pages on my site are most popular and where visitors are coming from, but they won't tell me where they're going unless I go to the effort of creating a redirect script and linking through that -- and while I'm curious, I don't care enough to go to that effort. (Though advertisers and sites with marketroids do care, and have gone to the effort -- often sneakily.)
Windows users should just wait a short while, until KDE 4 is release. Due to the recent QT 4 changes, it has been anticipated that Konqueror will run natively on Windows.
The Konqueror codebase is far cleaner than that of Gecko and Firefox. Not only that, but QT may prove to be superior for writing efficient crossplatform applications.
Cyric Zndovzny at your service.
I know that this will be extraordinarily out of the box type thinking which was discarded back around '95 when the intarweb was used to create a huge marketing bubble...
Use your imagination and come up with something which doesn't involve HTTP and port 80. I know, it's tough because there's so little out there. Looking at the internet today one would think that HTTP and port 80 were the whole reason behind designing desktop computers.
And, again... what functionality does this new ping give to _ME_, the user who bought this hardware and is paying the electric bill to run this browser? If I were to talk with the author of the code for this little snippet what explanation would he be able to give to justify that _I_, the user, want this?
fast as fast can be. you'll never catch me.
There are a couple things wrong with your statement here:
First, the purpose of web standards is not to hand the power to bless things to one organization, but rather to ensure that new technologies and features are implemented and used in a clear, interoperable fashion by browser developers and web designers. So if the people on both ends of the web (the companies and groups which build the browsers, and the designers and developers who build web sites) can get together and agree on a standard way to implement and use a new feature, why not let them do it instead of complaining that it hasn't been blessed by some grand high muck-a-muck at the W3C?
Second, the W3C's authority exists only through consensus. If they lose the consensus of the big players in the web industry, they lose their authority. This is what's already partially begun to happen; the W3C is currently working on XHTML 2.0, which has some major issues:
Because of this, the W3C is in serious danger of losing its consensus and its relevance, which means it's also in serious danger of losing its authority. The WHATWG was founded, basically, with the idea of ending the stagnation of web technology (the last standardized version of an HTML language was published six years ago, and the last standardized version of CSS was published eight years ago) and implementing features that will make web design and development easier all around (think things like expanded form controls, additional useful DOM properties and methods, etc.), and so far it's not doing too bad a job of that.
Think of the distinction like this:
The big advantage of web apps is that they don't require installation.
.Net and Hailstorm a few years back (funny how people didn't like it much). Web apps are the "right now" solution which can get this type of app running and in use today.
Sure, you can come up with a zero-install app with roaming profiles running on a distributed, remotely-accessible platform using something other than HTTP and a web browser -- but you'd need to set up the infrastructure and get the platform installed on as many PCs as possible. That's the next-gen "right" solution, and I recall Microsoft talking about this type of thing with
The alternative is the same stuff happening on the client side, as it is right now, but through more user-hostile means. Think hidden frames and DIVs, transparent GIFs, JavaScript being used to make arbitrary requests, and all that junk.
ping gives a less user-hostile alternative to all of that miscellany -- and one that the users can actually easily turn off. It's a Good Thing. Embrace it.
...or more specifically the comments below:
Out of interest, how did you implement the 'informed user' requirement? ("When the ping attribute is present, user agents should clearly indicate to the user that following the hyperlink will also cause secondary requests to be sent in the background, possibly including listing the actual target URIs.")
Posted by: Malcolm at January 17, 2006 12:14 PM
The UI component of this feature is currently unimplemented. We did not see that as a blocker to enabling this on the trunk (development) builds of Firefox. I hope to test out Ian's suggestion of adding the pings to the status bar shortly.
The feature is currently enabled by default in Firefox, but disabled for Thunderbird.
Posted by: Darin at January 17, 2006 12:33 PM
Acid2 only measures the particular edgecasitis that the Acid2 authors managed to think of - web developers seem capable of introducing many more. What's needed isn't more acid tests but a W3-approved regression suite.
Too rigid. I developed a fairly complex layout for a website that was IE, Firefox, Opera and W3C-compliant (hardest of all after IE compatibility, you'd be surprised how forgiving browsers really are). Strangely enough it had a small rendering bug on Safari and I presume Konqueror as well. Anyway, Firefox and Opera were almost to the pixel identical. When they all pass ACID2 I think you have to really go out of your way to make it render differently on W3C-compliant pages. If your page isn't valid (X)HTML/CSS, then expect things to behave odd. What is needed is better tools to create compliant pages - I've seen so many broken tools that should have been put to death long ago.
Kjella
Live today, because you never know what tomorrow brings
I would agree if you could demonstrate the usefulness of AJAX outside of a web browser. AJAX may, in itself, be a fantastic design. The question still remains, though,"What are we really trying to accomplish and should we be doing this with a web browser at all?"
Lately the following has become increasingly obvious: We're adding new features to keep and track users on the web to generate databases and clicks for (artificial) revenue to show numbers to the investors so that we can get more capital to add new features to keep and track users on the web to generate databases and clicks for (artificial) revenue to show numbers to the investors so that we can get more capital to add new features...
Can you see why I, as a user, am no longer impressed with port 80? I'm not really fond of pyramid schemes.
fast as fast can be. you'll never catch me.