Interesting People mailing list archives
more on <a ping> tracking what links you click on
From: David Farber <dave () farber net>
Date: Wed, 18 Jan 2006 14:32:26 -0500
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: January 18, 2006 1:11:23 PM EST To: dave () farber net Cc: lauren () vortex com Subject: Re: [IP] <a ping> tracking what links you click on Dave, I just posted the following comment regarding this situation on the related discussion board: - - - Gang, From a privacy policy standpoint, there is a world of difference between exploiting "tricks" for user tracking vs. building them into browsers as standard features. In the current privacy-invasive environment, while we have to deal with the former case by case, there is really no excuse for the latter. Given that most users stick with defaults, any policy other than disabling such a new "ping" feature by default would be unacceptable from a privacy standpoint. Efficiency and "golly, there are other ways to track people anyway" arguments are utterly specious. As it stands now, turning off javascript and carefully noting URLs (I usually notice oddball redirect URLs when present) are indeed of some value in controlling certain classes of tracking abuses. We do not need an even more invisible mechanism built into what has been (up to now) an excellent browser. Limiting the "pings" to the same server does not solve the problem -- abuses of this feature are just as possible (even more likely, actually) using the same server. That the development team would even consider enabling such a feature by default suggests a tin ear when it comes to privacy issues that will be worthy of considerable ongoing concern (an earlier example is the page prefetch feature enabled by default which also carries significant privacy risks). A clue to fuzzy thinking in these regards is talk of setting the default differently in Firefox vs. Thunderbird -- creating a privacy policy variation with no obvious rationale. I urge the parties involved to reconsider their support of this "URL ping" feature as described, a feature that I can guarantee will bring Firefox under intense public criticism. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - -
Begin forwarded message: From: Don Drake <don () drakeconsult com> Date: January 18, 2006 10:49:07 AM EST To: dave () farber net Subject: <a ping> tracking what links you click on Dave, I found this via Slashdot, a new attribute to anchor tags that is being implemented in the next version of Firefox (1.6a) that makes it easier than ever to track what links you’re clicking. -Don http://weblogs.mozillazine.org/darin/archives/009594.html I've been meaning to blog about a new web platform feature that we've added to trunk builds of Firefox. It is now possible to define a ping attribute on anchor and area tags. When a user follows a link via one of these tags, the browser will send notification pings to the specified URLs after following the link. I'm sure this may raise some eye-brows among privacy conscious folks, but please know that this change is being considered with the utmost regard for user privacy. The point of this feature is to enable link tracking mechanisms commonly employed on the web to get out of the critical path and thereby reduce the time required for users to see the page they clicked on. Many websites will employ redirects to have all link clicks on their site first go back to them so they can know what you are doing and then redirect your browser to the site you thought you were going to. The net result is that you end up waiting for the redirect to occur before your browser even begins to load the site that you want to go to. This can have a significant impact on page load performance. Websites even employ "onmousedown" event handlers that change the href attribute at the very last second before a click occurs. This makes it so that hovering over the link displays the location that you want to go to, but it still ends up taking you someplace else. This change is being considered in large part because some very popular websites have asked for a solution to this problem. The feature itself was designed and specified by the WhatWG. Donald Drake President Drake Consulting http://www.drakeconsult.com/ 312-560-1574 ------------------------------------- You are subscribed as lauren () pfir org To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on <a ping> tracking what links you click on David Farber (Jan 18)