Firefox 's Ping Attribute: Useful or Spyware? 575
An anonymous reader writes "The Mozilla Team has quietly enabled a new feature in Firefox that parses 'ping' attributes to anchor tags in HTML. Now links can have a 'ping' attribute that contains a list of servers to notify when you click on a link. Although link tracking has been done using redirects and Javascript, this new "feature" allows notification of an unlimited and uncontrollable number of servers for every click, and it is not noticeable without examining the source code for a link before clicking it."
Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
It's simply the user's choice as to whether or not the pros outweigh the cons. And I'm sure the massive response that ensues on Slashdot will reveal that everyone values these pros and cons differently.
Doesn't seem to be much argument other than I think they should have a very simple way to disable this if the user so chooses. As with the iTunes fiasco [slashdot.org], I would recommend Firefox be distributed with this option disabled.
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Funny)
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:4, Insightful)
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:4, Insightful)
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:3, Funny)
Re:Don't like Firefox spyware? Use Konqueror (Score:5, Insightful)
Acid2 only measures the particular edgecasitis that the Acid2 authors managed to think of - web developers seem capable of introducing many more. What's needed isn't more acid tests but a W3-approved regression suite.
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Insightful)
Too rigid. I developed a fairly complex layout for a website that was IE, Firefox, Opera and W3C-compliant (hardest of all after IE compatibility, you'd be surprised how forgiving browsers really are). Strangely enough it had a small rendering bug on Safari and I presume Konqueror as well. Anyw
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Interesting)
I don't want to get too heavy into tin-foilery over this. It would be difficult to support a claim that these pings and cookies are used for anything but the most innocuous of data mining and profiling pursuits. Here is where a natural danger sense comes into play, though: if people are being so careful not to draw
Re:Don't like Firefox spyware? Use Konqueror (Score:5, Interesting)
Think of it this way - if you had a popup every time a local application wanted to communicate with the hard disk, how quickly would you become angry?
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Insightful)
I use the web to view content. Ceding the argument of complex layouts (graphics, frames, fonts, etc.) there is no content that I've viewed in the last 8 years which requires any functionality on my browser's part beyond what I could get from lynx. What does this ping bring to me, as a user, and why should I care to have it at
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Insightful)
I use quite a few sites as tools that give me access to data or features provided by someone that I wouldn't normally have access to. Examples include bank sites and stock brokerage firm sites.
One additional response to your comment: how about providing insight as to the "more secure" alternatives to AJAX that provide the same functionality and fill the same niche rather than simply saying it "should die".
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Interesting)
Use your imagination and come up with something which doesn't involve HTTP and port 80. I know, it's tough because there's so little out there. Looking at the internet today one would think that HTTP and port 80 were the whole reason behind designing desktop computers.
And, again... what functionality does this new ping give to _ME_, the us
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Insightful)
Sure, you can come up with a zero-install app with roaming profiles running on a distributed, remotely-accessible platform using something other than HTTP and a web browser -- but you'd need to set up the infrastructure and get the platform installed on as many PCs as possible. That's the next-gen "right" solution, and I recall Microsoft talking about this type of thing with
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Interesting)
The alternative is the same stuff happening on the client side, as it is right now, but through more user-hostile means. Think hidden frames and DIVs, transparent GIFs, JavaScript being used to make arbitrary requests, and all that junk.
ping gives a less user-hostile alternative to all of that miscellany -- and one that the users can actually
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Insightful)
Lately the following has become increasingly obvious: We're adding new features to keep and track users on the web to generate databases and clicks for (artificial) revenue to show numbers to the investors so that we can get more capital to add n
Re:Don't like Firefox spyware? Use Konqueror (Score:3, Interesting)
The most obvious problem is that, unlike the old
XUL file browser, they don't use the current Firefox
theme. This makes them look completely out of place
on screen.
More importantly, the design of the new file browser
is fundamentally broken; it's been dumbed down to the
point of unusability. There's no obvious place to type
filenames rather than using the mouse, the display of
the directory tree is non-standard, clicking on
"Browse for other folders" in the save dialog
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
RTA (Score:5, Informative)
Re:RTA (Score:5, Informative)
Re:RTA (Score:5, Informative)
Sure your one redirect query may not effect you much but tens of thousands of people doing it could slow a server right down.
Revenge of the Web Sith? (Score:3, Interesting)
But it's a lousy scenario. There shouldn't *be* expensive, hidden redirects, and we're just encouraging what I consider (at best) stupid. even (worse) anti-social, possibly evil behavior.
I'm completely in favor of progress, but it seems the net is always taking at least one step back (in some cases a few dozen) for every step forward.
We should be encouraging content providers to produce clean web page sthat do what we expect them to do, simply, instead of to be
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:3, Interesting)
Sure, but XMLHttpRequest is actually helpful and useful, as GMail shows. If XMLHttpRequest was turned off, most people would turn it on. I can't think of any use for this "pinging" other than to track internet usage. If it were turned off, I think most people would keep it that way.
My point is, the Firefox dev team is adding useless features that nobody really wants (except maybe DoubleClick), when there are other more important things they could be working on. How about passing the Acid2 test? Or h
You can already do this with Javascript (Score:5, Interesting)
Are you also recommending that Firefox be distributed with Javascript disabled? Because this ping functionality is easy enough to implement in javascript. If ping is disabled by default, then nobody will have it enabled, which means that web developers will continue to do it the old fashioned way, and the ability to disable ping will be worthless.
Doug Moen.
Re:You can already do this with Javascript (Score:4, Informative)
Use the Firefox NoScript extension and you can be selective about what javascript you run on a per-site basis.
Re:You can already do this with Javascript (Score:4, Interesting)
I know that I HAVE JavaScript disabled (using the NoScript extension) for this and other reasons, and I don't want to have that functionality back whithout me noticing.
Hurga
Re:You can already do this with Javascript (Score:5, Insightful)
Bypassed? That may demand definition, for example,
Where does http://tinyurl.com/161 [tinyurl.com] go?
How about http://freshmeat.net/redir/cexec/57387/url_homepa
How do you know without making a URL connection?
Oh sure, you can ignore links that look like that, and even block them. Nobody's suggesting that you cannot block PING-requested URLs.
But bypassed? What exactly could you mean by this?
Re:You can already do this with Javascript (Score:5, Interesting)
it's all about Google adwords (Score:5, Interesting)
I think the main developer who would want to use it is Google with their adwords program. They're probably trying to minimize the bandwidth those redirects consume for all the clicking that happens on their ads. This is on top of the bandwidth of every page view requesting the ads to be embedded in the first place, which can't be avoided...
Even if Google can shave off 6% of unneccessary redirects (all Firefox users), that's a big bandwidth savings.
Seth
Re:it's all about Google adwords (Score:4, Interesting)
Google gets paid for those clicks on their ads. They don't need to be altering my browser to help their business anyway. As bender would say, Google can bite my shiney metal 4$$. Hopefully distros will patch firefox, so their users won't need to fret about this. Just those windows users who get it straight from the firefox site.
I've been thinking it's time for a firefox fork that drops the MPL. The dual licensing is preventing integration of other GPLed work - like a built in PDF viewer so we can avoid Adobe. A GPL only fork would help prevent folks like Google from creating their own branded browser with stupid features no user would ever want.
Re:it's all about Google adwords (Score:3, Insightful)
Re:You can already do this with Javascript (Score:3, Informative)
Webmasters already have the ability to have a page load cause a HTTP request to some other server -- at minimum, they can just have a . This doesn't impact rendering time (as that single-pixel image does), and has the same effect -- plus you can turn it off, while you can't turn off all the single-pixel images without turning off other images as well.
I
Possible fix (Score:5, Interesting)
Re:Possible fix (Score:5, Informative)
Did you read the article, or the WHATWG spec?
It specifically mentions:
FWIW, this really seems dead in the water. First, not too many users will have it enabled (or even available, for that matter). Second, this information is already being reliably collected with cookies, mod_usertrack [apache.org], javascript, and page redirect tricks -- mostly with no knowledge of the enduser.
Why go with a little-available, easily disable mechanisim when the tried-and-true method is already available?
Did you read the article yourself? (Score:3, Informative)
Out of interest, how did you implement the 'informed user' requirement? ("When the ping attribute is present, user agents should clearly indicate to the user that following the hyperlink will also cause secondary requests to be sent in the background, possibly including listing the actual target URIs.")
Posted by: Malcolm at January 17, 2006 12:14 PM
The UI component of this feature is currently unimplemented. We did not see that as a blocker to enabling this on the
Not quite the same as Javascript (Score:3, Interesting)
Look at it this way: I'm lazy. I don't want to be a security/privacy Nazi about any/every script on webpages I view. However, if there's an "easy" way to block something I view as potentially abu
Re:You can already do this with Javascript (Score:5, Insightful)
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
Because of this, and it being mozilla-specific for now, websites that currently use tracking URL's will see no value in switching over.
As for privacy concerns, it's already quite easy to track people on the web. Those who avoid it now are more in the know and would probably just add this to the list of things to disable.
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Informative)
Take a look at the HTML source on Fark -- you'll see javascript to overwrite the status line so it doesn't show it's tracking you
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:3, Informative)
Sure, but is that a reason to just hand the data to them on a silver platter? I mean, why keep spammers out of your MTA? They'll just resort to various tricks to spam anyway, so why not just give them an account?
Firefox should provide new ways to ensure our privacy, not new ways to violate it. I'm disappoint
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
Today, ad or other link tracking is generally handled like this: The link target specifies a tracking page and passes in a magic word or number that specifies the campaign or other info (e.g., "go.php?id=123" or "click.asp?campaign=A1254S"). That page logs the click in some database and issues a redirect to the actual destination page. Sometimes the web server log acts as the "database" and the click stats are processed from the logs.
With this new scheme, idea is supposed to be that the href target would be the actual destination and there would be no need for the time-consuming redirect. The separate ping attribute would take care of notifying the server similar to what happens today. But now the target page is out in the open for the client to see, and it is not essential to use the ping URL at all! Once users start blocking ping URLs, as they inevitably will, this transparency means that click stats will be very unreliable.
Since a lot of revenue depends on click numbers, this outcome is bad for commercial web sites. Therefore, very few money links will ever use this scheme and will instead stay with the tried-and-true redirect pages.
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:3, Interesting)
Once again, Firefox/Mozilla folks are showing their arrogance (anyone else remember "blink"?). When their marketshare was down, they would never have done such a thing; but now that their marketshare is noticeable, they are back to their old ways.
If Micro
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:3, Funny)
A very small portion of people (including apparently a number of needlessly alarmed people on Slashdot) will bother to turn this off. The vast majority of humanity will continue not to care. This will add a small amount of unreliability to click stats, but that unreliability will be swamped by the normal apparent unreliability of the web caused by different configurations, different
Consider what may happen (Score:5, Insightful)
Re:Consider what may happen (Score:3, Insightful)
Re:Consider what may happen (Score:3, Interesting)
Re:Consider what may happen (Score:2)
Not that simple (Score:3, Insightful)
No, it's not really that simple. This is much like the difference between first-party cookies and third-party cookies. In fact, I'd be happy if they decided to limit them at that level of granularity. I honestly wouldn't mind first-party pings. This provides--as you correctly note--nothing more than they can already collect now. It does, however, significantly enhance the developers' ability to directly collect stateful click-through info
Re:Consider what may happen (Score:3, Informative)
The BODY tag fails that test.
Re:Consider what may happen (Score:3, Informative)
Personally, I think that should be second.
The first thing they should consider is "where in the W3C specs is the behavior of this element specified"? If it ain't in any of 'em, it don't belong in the browser engine.
For every IMG tag or XmlHttpRequest a browser dev team has decided to extend the W3C specs with, there's been a dozen BLINK and MARQUEE tags.
Required! (Score:5, Funny)
Coming soon to a browser near you: (Score:5, Insightful)
Re:Coming soon to a browser near you: (Score:2)
Out of control (Score:2, Interesting)
Re:Out of control (Score:3, Interesting)
Create a link with an image to a story site. Embed that link with this. You could slashdot The big sites with this. Go Open Source innovation.
Very useful (Score:5, Interesting)
Sure it can be abused -- I don't see why more of these abusive features can't be set up in a whitelist fashion. I'm already shocked that web browsers make it so difficult to white lists sites you feel are safe (or don't mind giving up some information to make your experience better).
That comes to the point of this post -- how about a standard "setup" logo/button committee that helps create a "setup" web profile that sites can use to give the users options on how they want to be configured? We've got some standard buttons already (RSS feed, etc), why not one that users could be familiar with so that they can white list or opt-in to certain additional "anti-privacy" features?
I know many websites (including a few of mine) could use more user information, and I don't see why we can't work to just setting a standard for how to do it.
Not very useful (Score:3, Insightful)
2. Now you alienate any user using another browser
3. Mozilla team is pulling an IE (implementing their own extensions... read the blog... "w3c doesn't have to make all the rules"
Re:Not very useful (Score:3, Insightful)
Perhaps we should call this one 'pulling a google'? I mean, who is the biggest sponsor for the Mozilla Foundation? And who has a huge interest in 'features' like this?
Re:Not very useful (Score:5, Informative)
WHATWG != Mozilla
Mozilla is attempting an implementation of a standard set by an independent standards body. No, they're not the W3C, but like you pseudo-quoted out of context, "w3c doesn't have to make all the rules."
Re:Not very useful (Score:3, Insightful)
The difference here is that the ping tag does not affect loading or rendering of the page. It can be safely ignored, and does not create any compatibility problems for the user.
Also, you must remember that Microsoft shoves its browser down people's throats, in the form of OS integration and prebundling, whereas this piece of sof
Re:Not very useful (Score:3, Informative)
Did you read that page you just linked to? If you keep reading further down, you'll find that this is not an exclusive list; you can put whatever you want in there. From the specification:
Re:Very useful (Score:3, Informative)
I haven't seen this extension, but I'm 100% sure that it can easily be fooled. It probably just detects the more common ways of doing a redirect.
With or without your consent? (Score:2)
If the answers are yes, I would say it is Spyware.
Re:With or without your consent? (Score:5, Interesting)
No.
Can you not opt-out of it?
Disable the feature. Easy.
It's not spyware by your definition. It has the added benefit of giving the user some control instead of being secretly tracked by the server side.
Re:With or without your consent? (Score:4, Insightful)
This kind of misses the point. If Firefox is to become a mainstream internet browser, it needs to be anti-spyware and usable from a clean install onwards. Making it the ideal browser for the tweakers, where it's at its most usable after multiple options have been changed and several extensions installed, is not going to make it the browser of choice for the general public.
As far as grabbing market share goes, it's the default settings that make the difference.
Extension (Score:5, Interesting)
How is this different from (Score:2, Insightful)
Is the concern that the 'ping' comes from your browser and not any proxy server you may be using? In most cases your proxy server is also your NAT server so the 'ping' isn't going to give much of anything about your IP....
Of course this should be disabled by default, I just don't see this as a huge privacy issue.
Re:How is this different from (Score:5, Interesting)
It's different because web server logs only record what you ask that server for. Web server logs don't record what you ask other servers for.
This is essentially what the Referer header does, except in reverse. Instead of telling a new server where you have come from, it tells the old server where you are going.
This is already possible with Javascript, and it was possible with CSS too - I'm not sure if it still is, but the technique was basically to suggest a local background image to style :active links - so when the link becomes :active (when it gets clicked on), the browser downloads the background image and you know the link was clicked.
Re:How is this different from (Score:3, Informative)
That would be incredibly stupid if they did it that way. Every request the browser makes should adhere the proxy settings. Most of the time, a proxy is not optional but mandatory.
In most cases your proxy server is also your NAT server so the 'ping' isn't going to give much of anything about your IP....
Quite the contrary. Most of the time, if people are to use a proxy, it's because their clients are _not_ allowed
It's great! (Score:3, Insightful)
Submitter is a melodramatic idiot (Score:5, Informative)
Check out: https://bugzilla.mozilla.org/show_bug.cgi?id=31936 8 [mozilla.org]
userContent.css to the rescue (Score:5, Informative)
Re:userContent.css to the rescue (Score:5, Informative)
Re:userContent.css to the rescue (Score:3, Informative)
a:hover[ping] { -moz-outline: 1px solid green !important; }
in order to keep the web site from overriding your setting.
User style sheets are always to supercede site style sheets, according to the CSS specification. The "!important" modifier shouldn't be necessary.
I don't know if Mozilla implements that aspect of CSS correctly though, so it couldn't hurt to put it in there anyway.
Re:userContent.css to the rescue (Score:3, Informative)
This is not true, and isn't true in two different ways, depending on which specification you count as "the" CSS specification (there's more than one).
According to the CSS 1 specification [w3.org], the author stylesheet will override the user stylesheet in most cases, and even if the user has !important rules, the author stylesheet can override them with !important. Quote:
they're watching.... (Score:3, Funny)
Give me aping. One ping only, please (Score:5, Funny)
Redirects (Score:2)
I've used redirects a lot and if properly set up, the transfer time between the redirect and the page the user wants is minimal. If you want a redirect to a lot of complicated things or collect a lot of data, of course it's going to be slow. The idea is to keep it simple. As long as this is something I'm not forced to use, I'm fine with it, though I can see the bitching down the road when someone finds a novel way to abuse it.
What's the difference ... (Score:2, Insightful)
Of course you can disable javascript, but most people don't. People who do so, can also turn off this ping functionality. I'm sure an extension will allow to do this the easy way (NoScript notably).
How is this an issue? (Score:5, Insightful)
It's a C-O-N-spiracy (Score:5, Insightful)
Not literally a ping... (Score:3, Insightful)
My first thought was "How can you track clicks with a ping?". After RTFA, it's not literally a ping to some server, it's a request to a URI, most probably an HTTP request that will contain request parameters indicating what link was clicked.
Second of all, this is not any more of a privacy intrusion than previously existed. It was always possible to track clicks within a single website via cookies, and clicks on external links (i.e. banner ads) by using a redirect first. If the author of the website wants to track what you're doing, he's already got the means, and he's had them for years.
Don't worry yet (Score:5, Interesting)
We should try and do an experimental implementation of , to see if there are any unexpected real-world problems.
That's what nightlies are for! We now see that it's a controversial tag (and they're probably already well-aware), so they're giving it a shot. Would you rather them just say "no, we don't like that potential standard [whatwg.org], so we're not going to try implementing it"?Mmm, okay, is this bad? (Score:3, Interesting)
It could enable a user comments vs people who actuall RTFA statistic. Knowing slashdot it would crash on a divide by zero error offcourse.
But wait a minute, a infinite number of pings? So the story submitter himself can also add his pings? Knowing the quality of slashdot editors (HA!) any story submitter would know who read what links in his article. Do I want him to know?
Imagine that someone puts a goatse.cx link on a forum. You don't of course admit that you been tricked but the next post is a record of all the pings the link submitter received proving that all of slashdot wanks to the goatse man.
The abuse of this feature is clear and the benefits? If slashdot really cared to know wich external links are followed or not then that is their business isn't it?
Do I really want websites to know wich external links I follow? I think this is a solution looking for a problem and in the few cases where a website needs to know the users need for privacy is superior.
Bad mozilla. This is something I would have expected of MS or the old Netscape. Now go sit in a corner and don't come out until you stop adding crap features that tattle on me without informing me.
If it can't be disabled then I'm off (Score:3, Informative)
Jesus if this was put into MSIE then people would be writing to their MP/senator by now!
I cannot think of any good use for this.
People who run servers do not need that specific kind of stats, their server logs should be good enough. Only marketing (aka spyware) types would want this kind of info.
you might want to get off the web (Score:3, Informative)
The only thing use of this attribute would do is make transparent what has ALREADY been happening for years.
When I worked at a media company, we had a cluster of servers dedicated to link tracking. All links on the site would send you here, and it would send you a 302 to your destination. Try disabling redirects, and you will see the web stop
It can be disabled (Score:3, Informative)
2. As a guy with a website, I'm actually curious as to which links people click on to leave. Server logs will tell me which pages on my site are most popular and where visitors are coming from, but they won't tell me where they're going unless I go to the effort of creating a redirect script and linking through that -- and while I'm curious, I don't care eno
Facts of the matter (Score:5, Insightful)
From a technical POV it's actually nicely thought out, as it separates logically the intended action and the "log."
I'm sure that Google, Yahoo, and others are BEGGING for this. I've worked in Design and Dev at two of the biggest travel sites - it's a huge problem tracking clicks. If we could remove our tracking javascript then users would get a MUCH snappier web site.
But we can't because our advertisers specify that we must have third party click/view audits that "verify" our intended audience numbers.
On the one hand, I know (having designed and built some of the auditing and log analysis systems) that we're tracking every click on our sites. We do use cookies. And the tag would bring it all out in the open instead of buried 3 layers deep in javascript.
But from an individual POV, it's like acknowledging that they really ARE watching me. And I am now consenting to that.
Solution: In my mind, the big(and little) sites could offer users the "option" of using the ping tag for a nicer user experience. It would be disabled by default, and a web site would have to specifically request and get permission from the user before the browser would "unlock"
Just me $0.02
Re:Facts of the matter (Score:3, Informative)
You probably haven't heard of them before because this is the first WHATWG extension that's generated this level of controversy. (The most well-known one is probably <canvas>, which is already in Safari and Firefox and will al
Will sites really use this? (Score:5, Insightful)
This WILL be abused, no doubt... (Score:3)
"Websites even employ "onmousedown" event handlers that change the href attribute at the very last second before a click occurs. This makes it so that hovering over the link displays the location that you want to go to, but it still ends up taking you someplace else."
Gee, thanks for handing the spyware creators, spammers, and phishers even MORE ammunition. Let's trick the user into thinking he's clicking on one thing, and at the last minute send data to another URL. YES! Let's make it MORE difficult for users to trust their online banking applications (etc.)!!!
In what adopted standard is this part of? (Score:3)
That's my only concern... that Mozilla is once again off on a path of implementing stuff before the spec is adopted, and we're going to have "Best if using Mozilla" icons showing up on websites.
Highlighting links that have a ping attribute (Score:5, Informative)
a[ping] {
color: green !important;
}
You could also do something like this:
a[ping] {
-moz-opacity: 0.5 !important;
}
a[ping]:hover {
-moz-opacity: 1 !important;
}
so that the links would be transparent until you hover over them
Standards? (Score:3, Insightful)
Tracking? YES! Spyware? NO! (Score:3, Insightful)
Anyway, if a website gives you a "ping" attribute, what prevents the same site from obfuscating the link and doing some redirections? It's EXACTLY THE SAME! If there can be any abuse, it's because the attribute is provided BY THE WEBSITE'S CONTENT. And who controls the website content?
One major abuse I could see are phishing sites, but if you already entered a phishing site it's your own fault, and I *REALLY* doubt a bank site would add ping attributes to their website.
In comparison, SPYWARE steals resources, bandwith, CPU and Memory, and makes your system unstable, stealing also YOUR VALUABLE TIME.
So, no, the ping attribute is NOT SPYWARE. I think the article submitter was too sensationalist by putting this in the headline.
The Obvious Answer (Score:3, Insightful)
but seriously
sure, make it disableable. additionally, make it configurable to set the maximum number of PINGs per click. and lastly, limit the URLs to the originating site only.
NoScript will take care of this baby ;) (Score:3, Informative)
Re:This stinks, Why? (Score:3, Interesting)
Re:Sounds like Microsoft all over (Score:3, Informative)
One of the goals of the WHATWG is to refine proposals through feedback and submit them to the W3C.
http://whatwg.org/specs/web-apps/current-work/#pi
Re:Deeper problem (Score:3, Informative)
IMHO this isn't a fault of WhatWG, but of the FF developers thinking they should run ahead and implement any draft before it has been considered carefully.
Re:Deeper problem (Score:3, Insightful)
There are a couple things wrong with your statement here:
First, the purpose of web standards is not to hand the power to bless things to one organization, but rather to ensure that new technologies and features are implemented and used in a clear, interoperable fashion by browser developers and web designers. So if the people on both ends of t