Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Chrome Opera Safari The Internet IT

Chrome, Safari and Opera Criticised For Removing Privacy Setting (sophos.com) 130

It's a browser feature few users will have heard of, but forthcoming versions of Chrome, Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings. From a report: This is a long-established HTML feature that's set as an attribute -- the ping variable -- which turns a link into a URL that can be tracked by website owners or advertisers to monitor what users are clicking on. When a user follows a link set up to work like this, an HTTP POST ping is sent to a second URL which records this interaction without revealing to the user that this has happened. It's only one of several ways users can be tracked, of course, but it's long bothered privacy experts, which is why third-party adblockers often include it on their block list by default.

Until now, an even simpler way to block these pings has been through the browser itself, which in the case of Chrome, Safari and Opera is done by setting a flag (in Chrome you type chrome://flags and set hyperlink auditing to 'disabled'). Notice, however, that these browsers still allow hyperlink auditing by default, which means users would need to know about this setting to change that. It seems that very few do.

This discussion has been archived. No new comments can be posted.

Chrome, Safari and Opera Criticised For Removing Privacy Setting

Comments Filter:
  • by Anonymous Coward on Wednesday April 10, 2019 @09:44AM (#58415034)

    ... and made Firefox lift its game out of complacency, but it is long past the time to return to FF.

  • Can't this be fixed with extensions? Currently Ublock doesn't let the browser to ping even though the feature is enabled. Also ping attribute is trivial to detect and remove compared to obfuscated JS code.
    • by xack ( 5304745 )
      Modern webExtentions are neutered by design by the advertising industry funding Chrome and its puppet Mozilla. Even Pale Moon is neutered by blacklisting of extensions.
    • by Anonymous Coward

      Why is there not false feedback options. If advertisers discover 5-80% of their leads are worthless, they will be mad. So rather than block, how about sending the IP address of a spammer/bulk emailer etc. Mash these uniqueish fingerfrints - mac address, battery hardware id etc. Make them pay for all those unique leads. Misdirection and disinformation is YOUR right.

    • Yes, it is trivial to fix, though you have to write an extension with the scary "can look at all web pages you visit" permission since it has to muck with all pages.

      There's a standard mechanism to inject a script into every page that loads. You would set it to inject on every page and frame. The script should look for any a tags with the ping attribute, and remove the attribute. Then you want to set up a MutationObserver (or whatever the newer API is now?) to detect any changes to the page which could add i

      • Don't forget to send such data as pings blocked back to the mother ship with navigator.sendBeacon so you can aggregate the block count and show it on your site in a flashy box: "this really works! 2,046,732,755 pings blocked and counting!"

    • by AHuxley ( 892839 )
      An extension might block approved ads. The approved ads always have to get deep into the browser.
  • by Anonymous Coward

    This is a natural result of the Chromification of the web (where standards based browsers are increasingly being replaced with a single, monopoly-owned browser, Chrome). Who would have thought that giving google more power over the web would result in this!?

  • by Virtucon ( 127420 ) on Wednesday April 10, 2019 @10:02AM (#58415168)

    Just seek out one of the alternatives, it's sad that these mainstream browsers are ok with the privacy issues that tracking incurs but hey, we are the product right? I'd gladly pay for software, browsers included that doesn't track and pay a premium for actually defending my privacy without ambiguous TOS that changes every time the wind shifts.

    • I'd gladly pay for software, browsers included that doesn't track and pay a premium for actually defending my privacy without ambiguous TOS that changes every time the wind shifts.

      Unfortunately, you are in the minority. Whenever someone tries to figure out how to make a living catering to people like you, they fail.

      I’m sure someone’s going to trot Apple out as a counter-example, but 1) in this case Safari is one of the offenders; and 2) there’s a huge price premium on the brand, very little of which is actually related to giving up the revenue from tracking you.

    • Sad, but utterly predictable when the mainstream browsers are are built atop an HTML engine made by an advertising company.

  • I wasn't even remotely aware of this 'ping' attribute.

    Now that I do, I think I'll have some fun having it modified by an extension to 'ping' back a URL with a nasty message in it!

    • by gtall ( 79522 )

      You do realize that there's no one there to read the nasty message, yes? Welcome to bot-world, you only exist to provide service to the bots.

  • i never knew it was there, but i do now, and i just disabled that spying feature (bug) and it looks like chromium-73.x.xxxx is the last version of chromium i will use, when the next version is released with that feature forced on users i will switch to firefox full time
  • What about the actual Chromium browser itself (rather than Chrome). Does anyone know if Chromium went evil?

    • Chromium is "evil" by default. There is no reason for Google to maintain code that they don't need. Edge will be based on Chromium and won't have the flag for that reason. But I wonder if extensions, such as Ublock, will be still able to block pings even with the removed flag since Ublock blocks the pings even when the flag is enabled. Also ping attributes in DOM are trivial to detect and remove, unlike obfuscated JS codes.
  • by jbmartin6 ( 1232050 ) on Wednesday April 10, 2019 @10:29AM (#58415350)
    I couldn't find any response from Google, though there could very well be. But this just seems like a shortcut for something Google and others have done for a long time, which is just use an intermediate link as the tracker, which just does a redirect to the ultimate destination. A site admin could just replace any links on the site with intermediate links to the tracker/redirector.
  • I was sad to see that Vivaldi browser has this enabled by default.
  • I uninstalled opera last night and switched back to Firefox. I don't like forced updates, but I value my privacy more than I object to forced updates.
  • Previous Article [slashdot.org] vs Some Details [slashdot.org] vs Ublock setting. [slashdot.org]

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...