Slashdot Log In
Firefox 's Ping Attribute: Useful or Spyware?
Posted by
CmdrTaco
on Wed Jan 18, 2006 10:00 AM
from the wear-your-foil-hats dept.
from the wear-your-foil-hats dept.
An anonymous reader writes "The Mozilla Team has quietly enabled a new feature in Firefox that parses 'ping' attributes to anchor tags in HTML. Now links can have a 'ping' attribute that contains a list of servers to notify when you click on a link. Although link tracking has been done using redirects and Javascript, this new "feature" allows notification of an unlimited and uncontrollable number of servers for every click, and it is not noticeable without examining the source code for a link before clicking it."
This discussion has been archived.
No new comments can be posted.
Firefox 's Ping Attribute: Useful or Spyware?
|
Log In/Create an Account
| Top
| 575 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
(http://slashdot.org/~eldavojohn/ | Last Journal: Tuesday October 16, @03:26PM)
It's simply the user's choice as to whether or not the pros outweigh the cons. And I'm sure the massive response that ensues on Slashdot will reveal that everyone values these pros and cons differently.
Doesn't seem to be much argument other than I think they should have a very simple way to disable this if the user so chooses. As with the iTunes fiasco [slashdot.org], I would recommend Firefox be distributed with this option disabled.
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Funny)
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:4, Insightful)
(http://www.gnustep.org/)
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:4, Insightful)
Re:Don't like Firefox spyware? Use Konqueror (Score:5, Interesting)
(http://nick.tn-uk.net/)
Think of it this way - if you had a popup every time a local application wanted to communicate with the hard disk, how quickly would you become angry?
Re:Don't like Firefox spyware? Use Konqueror (Score:5, Insightful)
(http://iamleeg.blogspot.com/ | Last Journal: Wednesday June 15 2005, @07:40PM)
Acid2 only measures the particular edgecasitis that the Acid2 authors managed to think of - web developers seem capable of introducing many more. What's needed isn't more acid tests but a W3-approved regression suite.
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
RTA (Score:5, Informative)
(http://homepage.ntlworld.com/tim.wesson/ | Last Journal: Thursday October 18, @07:40AM)
Re:RTA (Score:5, Informative)
Re:RTA (Score:5, Informative)
Sure your one redirect query may not effect you much but tens of thousands of people doing it could slow a server right down.
You can already do this with Javascript (Score:5, Interesting)
(http://slashdot.org/)
Are you also recommending that Firefox be distributed with Javascript disabled? Because this ping functionality is easy enough to implement in javascript. If ping is disabled by default, then nobody will have it enabled, which means that web developers will continue to do it the old fashioned way, and the ability to disable ping will be worthless.
Doug Moen.
Re:You can already do this with Javascript (Score:4, Informative)
(http://www.grub.net/blog/index.html | Last Journal: Wednesday June 27, @08:48AM)
Use the Firefox NoScript extension and you can be selective about what javascript you run on a per-site basis.
Re:You can already do this with Javascript (Score:4, Interesting)
I know that I HAVE JavaScript disabled (using the NoScript extension) for this and other reasons, and I don't want to have that functionality back whithout me noticing.
Hurga
Re:You can already do this with Javascript (Score:5, Insightful)
(http://nimh.org/)
Bypassed? That may demand definition, for example,
Where does http://tinyurl.com/161 [tinyurl.com] go?
How about http://freshmeat.net/redir/cexec/57387/url_homepa
How do you know without making a URL connection?
Oh sure, you can ignore links that look like that, and even block them. Nobody's suggesting that you cannot block PING-requested URLs.
But bypassed? What exactly could you mean by this?
Re:You can already do this with Javascript (Score:5, Interesting)
(http://www.uberm00.net/ | Last Journal: Monday January 19 2004, @09:27PM)
it's all about Google adwords (Score:5, Interesting)
(http://austinskatenotes.org/ | Last Journal: Sunday September 30, @12:27AM)
I think the main developer who would want to use it is Google with their adwords program. They're probably trying to minimize the bandwidth those redirects consume for all the clicking that happens on their ads. This is on top of the bandwidth of every page view requesting the ads to be embedded in the first place, which can't be avoided...
Even if Google can shave off 6% of unneccessary redirects (all Firefox users), that's a big bandwidth savings.
Seth
Re:it's all about Google adwords (Score:4, Interesting)
Google gets paid for those clicks on their ads. They don't need to be altering my browser to help their business anyway. As bender would say, Google can bite my shiney metal 4$$. Hopefully distros will patch firefox, so their users won't need to fret about this. Just those windows users who get it straight from the firefox site.
I've been thinking it's time for a firefox fork that drops the MPL. The dual licensing is preventing integration of other GPLed work - like a built in PDF viewer so we can avoid Adobe. A GPL only fork would help prevent folks like Google from creating their own branded browser with stupid features no user would ever want.
Possible fix (Score:5, Interesting)
(http://mysite.verizon.net/spitzak)
Re:Possible fix (Score:5, Informative)
(http://slashdot.org/)
Did you read the article, or the WHATWG spec?
It specifically mentions:
FWIW, this really seems dead in the water. First, not too many users will have it enabled (or even available, for that matter). Second, this information is already being reliably collected with cookies, mod_usertrack [apache.org], javascript, and page redirect tricks -- mostly with no knowledge of the enduser.
Why go with a little-available, easily disable mechanisim when the tried-and-true method is already available?
Re:You can already do this with Javascript (Score:5, Insightful)
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
(Last Journal: Monday January 16 2006, @01:18PM)
Because of this, and it being mozilla-specific for now, websites that currently use tracking URL's will see no value in switching over.
As for privacy concerns, it's already quite easy to track people on the web. Those who avoid it now are more in the know and would probably just add this to the list of things to disable.
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Informative)
(http://www.annoying.org/)
Take a look at the HTML source on Fark -- you'll see javascript to overwrite the status line so it doesn't show it's tracking you
Re:Firefox's Ping Attribute: Useful AND Spyware (Score:5, Insightful)
Today, ad or other link tracking is generally handled like this: The link target specifies a tracking page and passes in a magic word or number that specifies the campaign or other info (e.g., "go.php?id=123" or "click.asp?campaign=A1254S"). That page logs the click in some database and issues a redirect to the actual destination page. Sometimes the web server log acts as the "database" and the click stats are processed from the logs.
With this new scheme, idea is supposed to be that the href target would be the actual destination and there would be no need for the time-consuming redirect. The separate ping attribute would take care of notifying the server similar to what happens today. But now the target page is out in the open for the client to see, and it is not essential to use the ping URL at all! Once users start blocking ping URLs, as they inevitably will, this transparency means that click stats will be very unreliable.
Since a lot of revenue depends on click numbers, this outcome is bad for commercial web sites. Therefore, very few money links will ever use this scheme and will instead stay with the tried-and-true redirect pages.
Consider what may happen (Score:5, Insightful)
(http://suso.suso.org/ | Last Journal: Tuesday March 09 2004, @12:03AM)
Required! (Score:5, Funny)
(http://slashdot.org/~Shadow%20Wrought/journal | Last Journal: Wednesday November 07, @02:46PM)
Coming soon to a browser near you: (Score:5, Insightful)
(http://stemhaus.com/firefox/foxclocks/)
Very useful (Score:5, Interesting)
(http://www.unanimocracy.com/about.html | Last Journal: Tuesday April 04 2006, @12:04PM)
Sure it can be abused -- I don't see why more of these abusive features can't be set up in a whitelist fashion. I'm already shocked that web browsers make it so difficult to white lists sites you feel are safe (or don't mind giving up some information to make your experience better).
That comes to the point of this post -- how about a standard "setup" logo/button committee that helps create a "setup" web profile that sites can use to give the users options on how they want to be configured? We've got some standard buttons already (RSS feed, etc), why not one that users could be familiar with so that they can white list or opt-in to certain additional "anti-privacy" features?
I know many websites (including a few of mine) could use more user information, and I don't see why we can't work to just setting a standard for how to do it.
Re:Not very useful (Score:5, Informative)
(http://fastolfe.net/)
WHATWG != Mozilla
Mozilla is attempting an implementation of a standard set by an independent standards body. No, they're not the W3C, but like you pseudo-quoted out of context, "w3c doesn't have to make all the rules."
Re:With or without your consent? (Score:5, Interesting)
No.
Can you not opt-out of it?
Disable the feature. Easy.
It's not spyware by your definition. It has the added benefit of giving the user some control instead of being secretly tracked by the server side.