Chrome, Safari and Opera Criticised For Removing Privacy Setting

It's a browser feature few users will have heard of, but forthcoming versions of Chrome, Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings. From a report: This is a long-established HTML feature that's set as an attribute -- the ping variable -- which turns a link into a URL that can be tracked by website owners or advertisers to monitor what users are clicking on. When a user follows a link set up to work like this, an HTTP POST ping is sent to a second URL which records this interaction without revealing to the user that this has happened. It's only one of several ways users can be tracked, of course, but it's long bothered privacy experts, which is why third-party adblockers often include it on their block list by default.

Until now, an even simpler way to block these pings has been through the browser itself, which in the case of Chrome, Safari and Opera is done by setting a flag (in Chrome you type chrome://flags and set hyperlink auditing to 'disabled'). Notice, however, that these browsers still allow hyperlink auditing by default, which means users would need to know about this setting to change that. It seems that very few do.

Re:

[bhcompy]

Brave is Chromium based, but is called out in article as not changing its behavior.

Re:Guess what

[Anubis IV]

I'm not sure why you think those three browsers are repackaged versions of each other. Apple forked WebKit in 2010 as WebKit2 for use in Safari, and hasn't used WebKit proper since it made the switch. Google forked WebKit in 2013 as Blink for use in Chromium/Chrome, and hasn't used WebKit proper since it made the switch. In the last few years, Chromium has been adopted by Opera and Microsoft, but Safari—despite having started at the same place that Chrome started—today remains on a different foundation. That Safari is making this change at the same time as the others is due to political/corporate maneuvering, not technical changes.

Also, while there are valid arguments to be made against a browser monoculture—a problem that WebKit-based browsers are contributing to—that doesn't mean that the rendering engines themselves are bad. Far from it, I think most people would agree that on their technical merits, WebKit-based engines are among the best we have, and certainly aren't bad enough to justify your vitriolic frothing against them.

Re:

[Anubis IV]

Apple forked KHTML from KDE project to create WebKit to use in Safari. Please do some background check prior posting it.

Sure, but KHTML originally operated on Linux, for which we can thank Linus Torvalds. Or didn’t you know that?

Which is to say, I’m well aware of the information you just shared, but it has no relevance to the point at hand. I intentionally constrained my comment to recent history, from the forks onward, because that’s the only part of their history that was relevant. Why talk about Julius Caesar when you’re correcting someone’s understanding of the French Revolution?

Chrome was good for a while ...

[Anonymous Coward]

... and made Firefox lift its game out of complacency, but it is long past the time to return to FF.

Re:Chrome was good for a while ...

[flippy]

I've LONG since returned to FF. The best out there, IMO.

Re:

[flippy]

Interesting. Not a whole lot of info about it on its site, though.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[bhcompy]

Never left.

Re:

[Darinbob]

These browsers all work for the ad industry, directly or indirectly. They want the business from web sites that make their money from ads. They won't do anything to hurt that golden goose.

We don't use adblock and noscript and turn on privacy settings because we want all those web site developers to lose money or their jobs. We use these tools in self defense! To reduce that wasted bandwidth that ads take up, to block against the primary vector of malware, and to stop tracking and other privacy intrusions

Re:

[Rockoon]

and made Firefox lift its game out of complacency

Firefox went far more complacent once the Google money started rolling in.

Can't this be fixed with extensions?

[Suren Enfiajyan]

Can't this be fixed with extensions? Currently Ublock doesn't let the browser to ping even though the feature is enabled. Also ping attribute is trivial to detect and remove compared to obfuscated JS code.

Re:

[xack]

Modern webExtentions are neutered by design by the advertising industry funding Chrome and its puppet Mozilla. Even Pale Moon is neutered by blacklisting of extensions.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

Why is there not false feedback options. If advertisers discover 5-80% of their leads are worthless, they will be mad. So rather than block, how about sending the IP address of a spammer/bulk emailer etc. Mash these uniqueish fingerfrints - mac address, battery hardware id etc. Make them pay for all those unique leads. Misdirection and disinformation is YOUR right.

Re:

[The MAZZTer]

Yes, it is trivial to fix, though you have to write an extension with the scary "can look at all web pages you visit" permission since it has to muck with all pages.

There's a standard mechanism to inject a script into every page that loads. You would set it to inject on every page and frame. The script should look for any a tags with the ping attribute, and remove the attribute. Then you want to set up a MutationObserver (or whatever the newer API is now?) to detect any changes to the page which could add i

Re:

[mrbester]

Don't forget to send such data as pings blocked back to the mother ship with navigator.sendBeacon so you can aggregate the block count and show it on your site in a flashy box: "this really works! 2,046,732,755 pings blocked and counting!"

Don't use APK's software

[Anonymous Coward]

Can you trust that someone who openly has antisemitic views (see his "Jewgle" nonsense) to secure your computer?

Can you really trust a prolific spammer like APK to secure your computer?

Can you trust that a hateful person like APK doesn't include malicious functionality within his closed source software?

The answer to each of these questions should be no. APK is not to be trusted. There are superior open source alternatives to his software, such as Steven Black's software. It's written in Python, so it works

Re:

[AHuxley]

An extension might block approved ads. The approved ads always have to get deep into the browser.

Chromification of the web

[Anonymous Coward]

This is a natural result of the Chromification of the web (where standards based browsers are increasingly being replaced with a single, monopoly-owned browser, Chrome). Who would have thought that giving google more power over the web would result in this!?

fortunately there are alternatives

[Virtucon]

Just seek out one of the alternatives, it's sad that these mainstream browsers are ok with the privacy issues that tracking incurs but hey, we are the product right? I'd gladly pay for software, browsers included that doesn't track and pay a premium for actually defending my privacy without ambiguous TOS that changes every time the wind shifts.

Re:

[93 Escort Wagon]

I'd gladly pay for software, browsers included that doesn't track and pay a premium for actually defending my privacy without ambiguous TOS that changes every time the wind shifts.

Unfortunately, you are in the minority. Whenever someone tries to figure out how to make a living catering to people like you, they fail.

I’m sure someone’s going to trot Apple out as a counter-example, but 1) in this case Safari is one of the offenders; and 2) there’s a huge price premium on the brand, very little of which is actually related to giving up the revenue from tracking you.

Re:

[Immerman]

Sad, but utterly predictable when the mainstream browsers are are built atop an HTML engine made by an advertising company.

Didn't know this existed

[Sebby]

I wasn't even remotely aware of this 'ping' attribute.

Now that I do, I think I'll have some fun having it modified by an extension to 'ping' back a URL with a nasty message in it!

Re:

[gtall]

You do realize that there's no one there to read the nasty message, yes? Welcome to bot-world, you only exist to provide service to the bots.

thanks for the info

[FudRucker]

i never knew it was there, but i do now, and i just disabled that spying feature (bug) and it looks like chromium-73.x.xxxx is the last version of chromium i will use, when the next version is released with that feature forced on users i will switch to firefox full time

Re:

[dark.nebulae]

I don't care that anyone would see, via a warrant, the fact that I shop at amazon, read slashdot, write code and sometimes even surf porn.

I'll give you my browser history if you really want to see it. Doesn't mean jack to me.

What I hate though is the creepy advertising. If I go to amazon to look for a blanket, every non-amazon site I visit is going to show me blankets. This creepy feeling that folks are following me around trying to tempt me with something I looked at because I had a need at the time, that'

Chromium?

[sconeu]

What about the actual Chromium browser itself (rather than Chrome). Does anyone know if Chromium went evil?

Re:

[Suren Enfiajyan]

Chromium is "evil" by default. There is no reason for Google to maintain code that they don't need. Edge will be based on Chromium and won't have the flag for that reason. But I wonder if extensions, such as Ublock, will be still able to block pings even with the removed flag since Ublock blocks the pings even when the flag is enabled. Also ping attributes in DOM are trivial to detect and remove, unlike obfuscated JS codes.

Isn't this just a redirect?

[jbmartin6]

I couldn't find any response from Google, though there could very well be. But this just seems like a shortcut for something Google and others have done for a long time, which is just use an intermediate link as the tracker, which just does a redirect to the ultimate destination. A site admin could just replace any links on the site with intermediate links to the tracker/redirector.

Other browsers

[BlackOverflow]

I was sad to see that Vivaldi browser has this enabled by default.

Uninstalled

[cmaurand]

I uninstalled opera last night and switched back to Firefox. I don't like forced updates, but I value my privacy more than I object to forced updates.

Dup

[grep -v '.*' *]

Previous Article [slashdot.org] vs Some Details [slashdot.org] vs Ublock setting. [slashdot.org]

Been using Firefox since it was called Netscape

[waspleg]

Fuck. Your. A(i)ds.