Firefox 's Ping Attribute: Useful or Spyware?

An anonymous reader writes "The Mozilla Team has quietly enabled a new feature in Firefox that parses 'ping' attributes to anchor tags in HTML. Now links can have a 'ping' attribute that contains a list of servers to notify when you click on a link. Although link tracking has been done using redirects and Javascript, this new "feature" allows notification of an unlimited and uncontrollable number of servers for every click, and it is not noticeable without examining the source code for a link before clicking it."

Submitter is a melodramatic idiot

[grahams]

1. You are talking about a feature just added to a development tree, not something in a released version of Firefox.
2. This feature can already be disabled (if you happen to be running a development version) using the 'browser.send_pings' preference.
3. They didn't "quietly enable" a feature, they did it in front of everyone interested. There are plenty of bugs in bugzilla talking about the implementation of this feature. If you are running a development version of Firefox and can't be bothered to keep up with what is going on in the development community, that's your problem.

Check out: https://bugzilla.mozilla.org/show_bug.cgi?id=31936 8 [mozilla.org]

// check prefs to see if pings are enabled
nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
if (prefs) {
PRBool allow = PR_TRUE;
prefs->GetBoolPref("browser.send_pings", &allow);
if (!allow)
return;
}

userContent.css to the rescue

[Matt Perry]

Add this to your userContent.css file to make links with the ping attribute have a green border when hovered:

a:hover[ping]
{
-moz-outline: 1px solid green;
}

Re:You can already do this with Javascript

[grub]

Use the Firefox NoScript extension and you can be selective about what javascript you run on a per-site basis.

RTA

[Morosoph]

I'm racking my brain to imagine why a user would ever want to enable it.

So as to avoid expensive and hidden redirects.

Re:Firefox's Ping Attribute: Useful AND Spyware

[oneiros27]

I would recommend Firefox be distributed with this option disabled

Which would give web developers no reason to ever bother using it, and they'll continue doing the same little tricks they've been using for years to keep you from seeing that they're tracking the links.

Take a look at the HTML source on Fark -- you'll see javascript to overwrite the status line so it doesn't show it's tracking you ... and there are hundreds, if not thousands or millions of other sites that do the same.

If it can't be disabled then I'm off

[BestNicksRTaken]

If this can't be disabled (in preferences, about:config, or easily in the source, or via some extension/Greasemonkey script) then I'm sticking with the current 1.5 build, or possibly off to Opera or Epiphany.

Jesus if this was put into MSIE then people would be writing to their MP/senator by now!

I cannot think of any good use for this.

People who run servers do not need that specific kind of stats, their server logs should be good enough. Only marketing (aka spyware) types would want this kind of info.

Use Firefox as a workaround

[joel2600]

It would be just as easy to defeat this technology (if you did not want it), by using it against itself.

Any developer with a small amount of time on their hands can easily develop a firefox extension or greasemonkey script that will take all of the ping tags out of the page that is rendered to the user.

"Problem" solved.

FUD

[Anonymous Coward]

When you contact a server, it can do whatever it wants with the details of the transaction, including sending information about it to any number of 3rd party servers. All this ping tag does is offload some of that to the client. I could see how this could be used to set up a DDOS, but implying that it's a privacy risk sounds like BS/FUD to me. Kind of like cookies: They don't track anything that the server couldn't track server side if it wanted to, in which case you wouldn't be able to erase the records, which puts cookies one up imo.

Re:RTA

[nicklott]

but they're not expensive to the user. No website can use this as a primary mechanism in a process as less than 1% of their users will have it enabled. So, it can only be used for things that are optional to the website, for example user tracking. And in this case it actually generates more traffic, as now you just parse your logs (or put an image in, wherein we have a mechanism that does exactly the same thing anyway).

Re:Firefox's Ping Attribute: Useful AND Spyware

[Hatta]

Which would give web developers no reason to ever bother using it, and they'll continue doing the same little tricks they've been using for years to keep you from seeing that they're tracking the links.

Sure, but is that a reason to just hand the data to them on a silver platter? I mean, why keep spammers out of your MTA? They'll just resort to various tricks to spam anyway, so why not just give them an account?

Firefox should provide new ways to ensure our privacy, not new ways to violate it. I'm disappointed.

Re:Possible fix

[RevDobbs]

Did you read the article, or the WHATWG spec?

It specifically mentions:

1. Links with the "ping" attribute should be diffrentiated from other links.
2. There should client-side options to control "ping" behavior, similar to current cookie options: "respond to all", "ignore 3rd party", "ignore all".

FWIW, this really seems dead in the water. First, not too many users will have it enabled (or even available, for that matter). Second, this information is already being reliably collected with cookies, mod_usertrack [apache.org], javascript, and page redirect tricks -- mostly with no knowledge of the enduser.

Why go with a little-available, easily disable mechanisim when the tried-and-true method is already available?

Re:userContent.css to the rescue

[booch]

That should be:

a:hover[ping] { -moz-outline: 1px solid green !important; }

in order to keep the web site from overriding your setting.

Re:Not very useful

[Fastolfe]

Mozilla team is pulling an IE (implementing their own extensions... read the blog...

WHATWG != Mozilla

Mozilla is attempting an implementation of a standard set by an independent standards body. No, they're not the W3C, but like you pseudo-quoted out of context, "w3c doesn't have to make all the rules."

Re:RTA

[malsdavis]

Firstly they are expensive to the user, as you have to wait for the response to come back before being able to move onto the next page and secondly being expensive for the web server does indirectly effect users.

Sure your one redirect query may not effect you much but tens of thousands of people doing it could slow a server right down.

Re:How is this different from

[TCM]

Is the concern that the 'ping' comes from your browser and not any proxy server you may be using?

That would be incredibly stupid if they did it that way. Every request the browser makes should adhere the proxy settings. Most of the time, a proxy is not optional but mandatory.

In most cases your proxy server is also your NAT server so the 'ping' isn't going to give much of anything about your IP....

Quite the contrary. Most of the time, if people are to use a proxy, it's because their clients are _not_ allowed direct access via NAT. I think the case that proxy = NAT box is very rare and uncommon.

Re:Will sites really use this?

[darinf]

Microsoft probably won't implement this exact feature, but due to a bug in IE, it is already possible for websites to implement something similar. I added a comment to my blog with details.

Re:Sounds like Microsoft all over

[willCode4Beer.com]

I'd say implementing something in a draft by the WHATWG is a far cry from making up their "own" standard.

One of the goals of the WHATWG is to refine proposals through feedback and submit them to the W3C.

http://whatwg.org/specs/web-apps/current-work/#pin g [whatwg.org]

Highlighting links that have a ping attribute

[CTho9305]

If you add this to your userContent.css [mozillazine.org], links that have a ping attribute will be green:

a[ping] {
    color: green !important;
}

You could also do something like this:

a[ping] {
    -moz-opacity: 0.5 !important;
}
a[ping]:hover {
    -moz-opacity: 1 !important;
}

so that the links would be transparent until you hover over them

you might want to get off the web

[willCode4Beer.com]

This is already happening. Most comercial sites ALREADY track all of the link clicks on their sites. The majority of them use 302 redirects so, you can't turn them off.

The only thing use of this attribute would do is make transparent what has ALREADY been happening for years.

When I worked at a media company, we had a cluster of servers dedicated to link tracking. All links on the site would send you here, and it would send you a 302 to your destination. Try disabling redirects, and you will see the web stop working.

Whats wrong with the idea of not hiding the tracking that is already happening?
As for stats, people want to know is you clicked on a linked image instead of linked text. They want to know what colors get clicked on more.
Did I mention many, many sites already do this?
the technology to do is is pervasive:
Perl CGI
http://www.google.com/search?q=perl+cgi+link+track ing [google.com]
PHP
http://www.google.com/search?q=php+link+tracking [google.com]
All kinds of stuff
http://www.google.com/search?q=%22link+tracking%22 +service [google.com]

Re:Consider what may happen

[Syberghost]

I think the first thing any browser developer should consider when adding a new tag or tag attribute to the DOM is "How can this be abused?" and explore that question to its fullest.

The BODY tag fails that test.

Re:Not very useful

[Bogtha]

The REL attribute has a set list of link types to be associated with it.

Did you read that page you just linked to? If you keep reading further down, you'll find that this is not an exclusive list; you can put whatever you want in there. From the specification:

Authors may wish to define additional link types not described in this specification. If they do so, they should use a profile to cite the conventions used to define the link types. Please see the profile attribute of the HEAD element for more details.

It's true that Google don't force you to use a profile, but there's nothing stopping you from using an appropriate profile [microformats.org] anyway. Google aren't doing anything that isn't explicitly permitted by the HTML 4.01 specification.

Re:Consider what may happen

[poot_rootbeer]

I think the first thing any browser developer should consider when adding a new tag or tag attribute to the DOM is "How can this be abused?"

Personally, I think that should be second.

The first thing they should consider is "where in the W3C specs is the behavior of this element specified"? If it ain't in any of 'em, it don't belong in the browser engine.

For every IMG tag or XmlHttpRequest a browser dev team has decided to extend the W3C specs with, there's been a dozen BLINK and MARQUEE tags.

Re:userContent.css to the rescue

[poot_rootbeer]

That should be:
        a:hover[ping] { -moz-outline: 1px solid green !important; }
in order to keep the web site from overriding your setting.

User style sheets are always to supercede site style sheets, according to the CSS specification. The "!important" modifier shouldn't be necessary.

I don't know if Mozilla implements that aspect of CSS correctly though, so it couldn't hurt to put it in there anyway.

Re:Thanks!

[Anonymous Coward]

Yep, Fark's only updating the status bar text so you can see where the link goes more clearly. That should be clear from reading the Javascript code in the page. In Fark's case, all the go.pl script in the middle does is COUNT click-throughs on each story; no per-user tracking gets done there.

Re:Deeper problem

[AlXtreme]

It's not only the Mozilla-people, WhatWG [whatwg.org] also includes Apple (Safari) and Opera. But I agree: WhatWG can come up with all nice new proposals, what a webbrowser should implement are the W3C standards, not their own or those of a third party.

IMHO this isn't a fault of WhatWG, but of the FF developers thinking they should run ahead and implement any draft before it has been considered carefully.

NoScript will take care of this baby ;)

[Giorgio Maone]

I'm already testing and I'm about to release a NoScript [noscript.net] version (1.1.3.6) which neutralizes this lovely ping attribute on untrusted sites, and offers also an user-accessible option, not implemented by Firefox (yet?), to disable it globally. I hope this will calm down the tinfoil hats ;)

Re:You can already do this with Javascript

[cduffy]

It's not that they'd use the ping attribute -- it's that they'd use other tactics to do the exact same thing, but via a mechanism that slows down render time.

Webmasters already have the ability to have a page load cause a HTTP request to some other server -- at minimum, they can just have a . This doesn't impact rendering time (as that single-pixel image does), and has the same effect -- plus you can turn it off, while you can't turn off all the single-pixel images without turning off other images as well.

It's a Good Thing, and I can't help but imagine that most of the people who are so severely against it are just doing so because that's what the almighty slashdot article inferred they should think. Baaaa!

Re:userContent.css to the rescue

[Bogtha]

User style sheets are always to supercede site style sheets, according to the CSS specification.

This is not true, and isn't true in two different ways, depending on which specification you count as "the" CSS specification (there's more than one).

According to the CSS 1 specification [w3.org], the author stylesheet will override the user stylesheet in most cases, and even if the user has !important rules, the author stylesheet can override them with !important. Quote:

This strategy gives author's style sheets considerably higher weight than those of the reader.

According to the CSS 2 specification [w3.org], the author stylesheet will override the user stylesheet in most cases, but the user can override author rules, even !important ones, by using !important themself. Quote:

Apart from the "!important" setting on individual declarations, this strategy gives author's style sheets higher weight than those of the reader.

CSS 2.1 and 3.0 drafts work in the same way as CSS 2, giving the author stylesheet precendence unless the user uses !important.

booch was correct in saying that !important is necessary in a user stylesheet if you want to be sure that the author stylesheets can't override them.

It can be disabled

[Kelson]

1. It can already be turned off via about:config (RTFA), and if it actually makes it into Firefox 2.0 there will probably be a checkbox in Preferences.

2. As a guy with a website, I'm actually curious as to which links people click on to leave. Server logs will tell me which pages on my site are most popular and where visitors are coming from, but they won't tell me where they're going unless I go to the effort of creating a redirect script and linking through that -- and while I'm curious, I don't care enough to go to that effort. (Though advertisers and sites with marketroids do care, and have gone to the effort -- often sneakily.)

Re:Facts of the matter

[Kelson]

It's gone through the WHATWG [whatwg.org], a group that's building new standards based on HTML instead of XHTML. They've got Opera, Mozilla, and KHTML/WebKit on board, and they do publis specs, so anyone else can build a compatible implementation without trying to reverse-engineer anything.

You probably haven't heard of them before because this is the first WHATWG extension that's generated this level of controversy. (The most well-known one is probably <canvas>, which is already in Safari and Firefox and will also be in Opera 9.)

Windows users can wait for Konqueror.

[CyricZ]

Windows users should just wait a short while, until KDE 4 is release. Due to the recent QT 4 changes, it has been anticipated that Konqueror will run natively on Windows.

The Konqueror codebase is far cleaner than that of Gecko and Firefox. Not only that, but QT may prove to be superior for writing efficient crossplatform applications.

Did you read the article yourself?

[blorg]

...or more specifically the comments below:

Out of interest, how did you implement the 'informed user' requirement? ("When the ping attribute is present, user agents should clearly indicate to the user that following the hyperlink will also cause secondary requests to be sent in the background, possibly including listing the actual target URIs.")

Posted by: Malcolm at January 17, 2006 12:14 PM

The UI component of this feature is currently unimplemented. We did not see that as a blocker to enabling this on the trunk (development) builds of Firefox. I hope to test out Ian's suggestion of adding the pings to the status bar shortly.

The feature is currently enabled by default in Firefox, but disabled for Thunderbird.

Posted by: Darin at January 17, 2006 12:33 PM

Re:Very useful

[swilver]

I'm afraid there's no way to tell in advance whether a link will redirect, as that can be decided server side. In fact, the server could decide that www.amazon.com is actually a code for sending you to some other site. Several other schemes for encoding the actual URL to send you to are trivial to come up with as well.

I haven't seen this extension, but I'm 100% sure that it can easily be fooled. It probably just detects the more common ways of doing a redirect.