Several Major Browsers to Prevent Disabling of Click-Tracking 'Hyperlink Auditing'

x_t0ken_407 quotes BleepingComputer: A HTML standard called hyperlink auditing that allows sites to track link clicks is enabled by default on Safari, Chrome, Opera, and Microsoft Edge, but will soon have no way to disable it. As it is considered a privacy risk, browsers previously allowed you to disable this feature. Now they are going in the opposite direction.

Hyperlink auditing is an HTML standard that allows the creation of special links that ping back to a specified URL when they are clicked on. These pings are done in the form of a POST request to the specified web page that can then examine the request headers to see what page the link was clicked on.
The article concludes that "Firefox and Brave win the award" for people who want this click-tracking capability disabled -- since "only Brave and Firefox currently disable it by default, and do not appear to have any plans on enabling it in the future."

Turned off by default in firefox

Went looking for how to turn it off, article was kind enough to provide the necessary about:config setting, it's "browser.send_pings".

Firefox already has it off by default. Nice! for once.

Re:Turned off by default in firefox

[AmiMoJo]

For Chrome install uBlock Origin and it's an option under "Privacy".

Chromium Issue 935978

Chrome devs have removed the hidden setting while they debate promoting it into the regular settings UI. If you want this, star the bug (but don't flood the comments too much):
Issue 935978

Pale Moon - OFF by default

Turned off by default in Pale Moon too.

(I checked...)

AC

Re:"One of these things is not like the others"

[ChoGGi]

There's always tampermonkey

let links = document.getElementsByTagName("a");
for (let i = 0; i < links.length; i++) {
    let link = links[i];
    if (link.hasAttribute("ping")) {
        link.removeAttribute("ping");
    }
}

Assuming it works... anyone got a site with these ping links?

Re:Tim Berners-Lee, the hypocrite

[diamondmagic]

No, "ping" isn't in the official HTML specification. What /. linked to is the Google's unofficial fork of HTML.

Re:Yet another reason to use Firefox

[Tough+Love]

Right, ask selfless Eric Schmidt, he'll tell you.

Re:"One of these things is not like the others"

[grep+-v+'.*'+*]

I read about this yesterday, and immediately thought about tampermonkey. Thanks for the script.

On page link they talk about this, with

To create a hyperlink auditing URL, you can simply create a normal hyperlink HTML tag, but also include a ping="[url]" variable.

<a href="https://www.google.com/"
ping="https://www.bleepingcomputer.com/pong.php"> Ping Me</a>

To wit: Ping Me

This will render on the page as a normal link to google.com and if you hover over it, will only show you the destination URL. It does not show you the ping back URL , so users will not even realize this is happening unless they examine the sites source code. Scripts that receive the ping POST request, can then parse the headers in order to see what page the ping came from and where the hyperlink audited link was going to.

The headers associated with the information sent in the ping request are shown below.

[HTTP_PING_FROM] => https:/ www.bleepingcomputer.com/ping.html
[HTTP_PING_TO] => https:/ www.google.com/
[CONTENT_TYPE] => text/ping

Re:Can't this just be done with Javascript?

[The+MAZZTer]

You can make the links work properly when right clicked, the problem is whoever coded it didn't care enough to make that happen.

The proper way to do it is to make it a normal link, but then hook up some JavaScript that stops the default link behavior and/or does something extra in the background.