Fried Fish

------- Comment #51 From bugzilla@public-files.de 2006-01-18 08:13 PST [reply] -------
Assholes

That kind person who left that 'constructive criticism' also recently posted a rant about how much better he liked Opera and how he was leaving Firefox and junk like that. Wonderful.

The ping feature is great :D good job on it. I dont see how the others cant see that what you've done can already be implimented and ping is alot nicer.

"... 1. It actually gives you more control over privacy if adopted, since you can turn it off. You can't turn off redirect links which are already used all over the web. ..."

It all depends in which direction one wants would like to spin the conversation, doesn't it? :-)

How about this one: Instead of attempting to alleviate "a bad thing" (redirects) by developing a "semi-bad thing" (pings), us tech-savvy users should rather spend our time educating the "general public" about online privacy and why it is worth protecting.

Also, I'd love to know since when anything "opt-out" has become a desirable "feature" - I must have missed that particular memo.

Darin, only problem I see as web content creator, that this feature isn't present in other mainstream browser - so I can't use it as replacement of redirects. But I like "a ping" solution, so keep it in the tree.

Thanks Darin. Yup. User feedback.

"It actually gives you more control over privacy if adopted"

It might give you more privacy if it were the only option available for tracking. As it is, you're *adding* a means of tracking, so the truth is just the opposite of #1.

Opt-out is always better than locked-in.
Or would you prefer your OS to crash non-IE browsers every 5 minutes?

I still don't know what would be the reaction of the other side on this. Would site creators that use redirects to track what a user is doing want to use this "ping" feature that can be turned off by any user? How would we "educate" them to adopt this? Do you have any feedback from them on this?

From a user's perspective:
If you put it into the production release
- document it (what's new)
- turn it off by default
- make it configurable via preferences/privacy

Since I learned in the meantime that it is not a real "ping" as sent by ping(1), but a http request, it should basically be treated like cookies (sites may send/not send or receive/not receive). That way I can let the "good guys" track me and keep the "bad guys" in the dark.

Ah well...
The only thing I could tell is that we need to have a clue (status bar?) that tell us that there ia ping - and if we don't want it, then, we don't click on the link!
Currently you are traced and you don't even know it - and in most case it is plain impossible - will give us this possibility of choice: if you click you ping me, if you don't click you don't ping!

It is of course the way to go - and I'll add we should not have a UI to disable it, otherwise its effectivity will be limited and nobody is going to use it. God forbid - but it will be nice to suggest the IE7 team to implement it...

JavaScript is opt-out, but is certainly desirable for most users.

Perhaps someone should point out for media (they are currently using words like Spyware,... obviously some lack of knowlegde/information), that it's not mozilla spying out the user, it's the website they are visiting.
In my opinion sounds like providing a "friendly way" for tracking users, so I think it's a good thing.
However I wonder if any web-designer is ever gonna use it. As everyone can turn it off, it's unreliable, so they might be better served with their redirects, javascript and dirty stuff (which cannot be turned off). Well, there might be nice web-designers out there who actually care about their users privacy, hahaha.

There are no inherent security or privacy issues with the ping attribute. Everything you can do with the ping attribute is already possible and is already being done using the href attribute. So I do not think the over-the-top reactions on /. and your previous weblog entry should be taken into account when deciding whether or not to include this in Firefox.

Unless there are inherent security or privacy issues - which there are not - and Firefox decides to implement the upcoming WhatWG standards, I think Firefox should implement as much as possible of the upcoming standards, even if that includes the ping attribute.

The specification is not final yet, so if there are people who have a problem with this attribute they can take it up on the WhatWG mailinglist.

Ping is just another tracking mechanism that will be exploited for marketing purposes. There is already cookies, javascript, web logs to record web bugs etc; will ping mean these will no longer be used? I honestly can't see that.
Will Firefox disable all the other methods of tracking if ping is implemented? If not, and I can't see how it could, ping just adds yet another tracking mechanism that gives us faster browsing assuming sites that use ping don't also use the other mechanisms. Firefox is already quick (this from a MSoftie) and broadband is increasingly present.
The only winners with this feature are the marketers, and even then I don't see that ping gives them all the details they can get from web bug images.
Sorry to be a downer on this, I appreciate that this is work in progress, and in your own time, but there are so many features I'd rather see than something that appears to placate advertiser investment in open source development.
Is this the kind of press Mozilla wants in the run up to a new version of IE, or would it rather continue nailing IE for all the great things it does right?

People just need something to complain about. This happened many times before (the discussions about Firefox theme change or renaming come to mind). Don't take it to heart.

This feature looks nice but the goal of an user advantage is hard to achieve as long as not all browsers use this ping attribut, i.e. until it is an official web standard. So long it does not make any sense to be default on because all the big/ad sites will keep using the "legacy" tracking (redirects etc.) to not miss any clicks.

Not all user feedback is useful.
The trick is to ignore the insulting ones and try to educate the ignorant commenters (and make use of the useful comments).
But I think that is what you already are doing.

I don't have a strong feeling about the ping feature (maybe I think it's useless, not sure yet).
But I don't like the negative publicity this has caused. Not sure what could have been done about it, though. Perhaps you should have let Opera implement the ping feature first ;)

eff,

If one person can implement a lasting software-based improvement in the behavior of "some very popular websites" for firefox users, by allowing a semi-bad alternative to the "bad thing" redirect behavior, why not?
Can one person make a similarly lasting change in the education of the general public about online privacy? I know I sure can't.

"/A posting on a mozillazine forum that echoes my position on pretty well: "[...] I can't actually think of disadvantages"/"

Perhaps you should spend some more time rereading the replies to your original entry then. Between all the noise some good arguments against can be found, such as:

- Firefox should not hand bad actors a weapon, because it destroys good-will among the users.

- The sites of bad actors /should/ provide a worse than normal experience.

- Unlike current implementations, this is non-standard.

- You should not give bad actors more destructive tools; there is no reason to assume they will abandon their other tools in favour of yours.

Re: that last one; unless, of course, you /know/ a certain unnamed company is going to do so. In which case it would serve transparency if you named that company.

Yes, there are counter-arguments to /parts/ of /some/ of these concerns, but that does not invalidate them all or all entirely.

Darin, can you confirm what I said in your previous blog comment yesterday regarding the likelihood that Opera will also end up implementing this at some point too due to their membership in WhatWG?

Ryan,

What I understand is that Opera and Apple, along with Mozilla, have agreed to work toward implementing the WhatWG specifications. In fact, if there are specifications that those browser vendors would not all implement, then I believe it is the conviction of the WhatWG that the specification must then be wrong and therefore worthy of changing.

I'd like to echo what Branko says above, especially his second point: "The sites of bad actors /should/ provide a worse than normal experience."

The driver for this is that invading users privacy provides a slow and annoying experience. This properly seen as a feature, not a bug. It makes the lives of the privacy-invaders more difficult and annoying, and exposes their behavior to the user. The correct way to "fix" this "problem" is fewer redirects, not help in making the re-directs transparent.

Adam,

The redirects are clearly not annoying enough (performance-wise) to detract websites from using them, right? I don't think your argument holds much weight in light of the fact that people are using redirects to track link clicks today.

The existence of other mechanisms by which click tracking can be done is totally irrelevant to the question of whether the ping approach poses privacy [and/or security] issues. If there are N methods of rooting a box and a new and slightly different means of rooting a box becomes available, is the latter NOT an exploit or is the severity of the latter diminished simply because there are already ways to get in? Of course not. Well the same thing applies here.

This ping mechanism, as currently described, represents a new and additional means of tracking what links a user clicks on and reporting that to third parties (which is obviously a "bad" thing from a privacy point of view). Simply put, it would be a new attack vector that was knowingly and explicitly built into the browser. To make matters worse, I think it could be argued that what would be added is something which has one and only one real purpose... to perform that "bad" act. Technically, the ping targets could be restricted to the same host (and to be safer, same host and path) as the href target. However, I don't see how that buys anyone anything, and in any case, such a requirement/limitation isn't in the documentation and I haven't heard anyone suggest that a FF implementation would be hard coded to do that. So I tend to see this feature as providing nothing but inherently "bad" actions.

The degree of badness could be disputed, but I think one thing is quite clear... it is on the bad side of the line.

Proof of evilness:

> I can't imagine that benefit being greater than the usability harm from
> expecting browsers to include a configuration option that -- if given
> wording understandable by non-developers, such as your "Disable user
> tracking" suggestion -- almost always wouldn't even do what it claims to
> do.

In the case of Firefox, to take one example at random, the pref would be a
hidden pref made visible by extensions that focus on this kind of thing
(assuming it is the same as the Referer: header pref). Different browsers
can handle this in different ways, that's how browsers compete.

--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'

"the pref would be a hidden pref made visible by extensions that focus on this kind of thing", so you would have to install an extra piece of software to be able to disable this (useless) feature? I think my ride on the Firefox bandwagon is over if this makes it into production.

Darin,

If you're spending time to (argue about) implementation of a feature, then clearly, those who are doing it aren't happy with it. So, that we're having this conversation indicates that the people doing it are getting complaints from their users.

To put it another way: If you stopped all work on this, who would mind?

Adam

Mr. “Proof of evilness”: you’ve heard of about:config, right?

This feature would only work if it was opt-out, in which case it would violate the privacy of most users without their knowing.

If you make it opt-in, why would anyone turn it on? It violates your privacy and wastes your bandwidth and CPU and gives you absolutely no benefit.

As many have pointed out, this idea won't take off. I has to be to the very least possible to disable the feature easily, and that means webmasters are not going to take the risk of having their users bypassing it. In the end, we are going to have the exact same redirect measures plus pinging. How's that any better?
I think this ping feature is like saying "we give up". It's like coming up with a nice "standard" for popups, just because it's too hard to block all of them. Link redirection is a bad practice and should be fought against, not encouraged. Your idea would work nicely in a perfect world. Last time I checked, "Assholes" was posted in Bugzilla.

I think, that this Feature is more than others realy rubbish, because if it works like a normal ping command it will be easy to fake it with old tools like "pingbomber" from 1995(this was use to bring old win95 down with only a lot of pings send) and the marketers got no right analysis.
It will no be veray hard to write an pingbomber extension too...and then the websites which want this feature will get a lot of data rubbish and nor right analysis...
thats why i think its not a good idea :D

It increasingly seems like this feature is going to do Mozilla/Firefox a lot of damage in the public eye. By the very least it should be disabled by default, I think. And why shouldn't it - if it's supposed to address the "friendly webmaster"s needs who would like the information but in a way that users can control, then those webmasters should be happy to use it only for those users that have opted into the feature.

> 1. It actually gives you more control over privacy if adopted, since you can turn it off.

Are you kidding??

If you enable by default, most users won't even know that it's there (or how to turn it off)!

The possible benefits for the user are ridiculous when compared to the huge privacy implications of this new, unrequested feature.

I also don't believe that "very popular web sites" will ever start using a tracking mechanism that can be turned off, so what's the use of implementing it?

A terrible idea indeed.

> I also don't believe that "very popular web
> sites" will ever start using a tracking
> mechanism that can be turned off, so what's the
> use of implementing it?

I think you're missing the point. Do websites use JS? Do websites use cookies? Do websites use referrers? Yes, to all three. Did you know that all three of those can be disabled by the user?

This feature allows the browser to know what the website is up to. That in turn allows the browser to do things like inform the user that a link click may be tracked, and it also allows the user who wishes to browse anonymously to disable the link click tracking.

Can you disable link click tracking in any browser today? Nope, not without disabling HTTP redirects and Javascript and various other core features of the web.

> Can you disable link click tracking in any browser today?

Why don't you work on that then? Instead of adding yet another way for marketing people to abuse a browser (and by design even)?

I'll put this as simple as possible.

95% of web advertisers will not give up their precious revenue stream. Period.

This "feature" will do absouletly nothing to get rid of the tracking tools they already use.

I predict that shortly after this "feature" is implemented: Users will turn off tracking, website ad revenue will drop off because end users are turning off said tracking, websites will return to redirects/other tricks to track users, less than honest websites will ignore the "no track" preference and track you anyway, some hacker with come up with a way to exploit this "feature" and it will become a PR nightmare for Mozilla, Microsoft will jump all over it and before you know it, Firefox will go the way of 2,400 baud dial up.

Instead of making it easier for advertisers to get inside our machines, why aren't you making it harder for them to get in? Could it be because Google is looking at Firefox as their own ad revenue development platform? Get the makers of the software to do their dirty work and then exploit that work for their benefit and at our expense?

I've come to expect the current US "Adminstration" to try to invade my privacy and curtail my civil rights as par for the course. Never expected Mozilla to help advertisers try and do the same thing.

RIP Firefox, it was good to know ya while it lasted.

> I think you're missing the point. Do websites use
> JS? Do websites use cookies? Do websites use
> referrers? Yes, to all three. Did you know that
> all three of those can be disabled by the user?

True, but all three of those examples provide several benefits to the users, giving them less of a reason to disable them. JavaScript can allow for dynamic web content. Cookies can remember a user's preferences and login details. Leaving referrers enabled will ensure that images and downloads will work properly, even when visiting sites that protect against hotlinking. But the only reason why end users would leave pinging enabled is a tiny speed boost that nobody with a broadband connection will even notice.

Since the bad outweighs the good in this case, a large percentage of users will disable it. Given the choice between something that will work in very many cases (existing methods of tracking) and something that will work in very few cases (pinging), there is no reason for webmasters to choose the latter, making this feature useless.

I still can't see the usefulness of it, so far I only see bad aspects to this idea.

Since it is obvious that no marketer is going to abandon server-side tracking by client-side tracking because it is simply unreliable and will be implemented only by a very small minority of users, Firefox users will just be more monitored than IE users.

Server-side redirect will never be replaced by the ping attribute, it could be commercially very stupid to abandon excellent server-side monitoring tools to replace them with unreliable client-side monitoring tools. So how is it going to reduce page load for firefox users which is your main argument in favor of your patch ? to me it seems more like it is going to slow page load since we will be server-side redirected just like IE users plus firefox will have to ping a list of other urls.

You haven't responded either as to how this new feature is not going to impact the usability of Firefox for the end-user. If a link has a ping attribute listing 5 URLs, how are you going to present it to the end user ? will moving the pointer on this link show a tooltip displaying the 5 URL's pinged and the final URL on top for instance ? Will it be displayed in the status bar ?

You said "I'm keenly interested in implementing this feature the right way or not at all. If the net result of this work is not a benefit to the user, then it's not worth doing." therefore I guess that you already an idea of how you will display the pinged URLs to the end-user, personnally I don't see how you can show it to the end user and not clutter the UI and make surfing as enjoyable as it is now in Firefox.

> If a link has a ping attribute listing 5 URLs, how are you going to present it to the end user?

My current plan is to show the user the domains of the pings. That way, the user can easily see what organizations are going to be informed when s/he clicks on the link. Wouldn't it be nice if you could be so informed about other tracking mechanisms used on the web?

> Server-side redirect will never be replaced by the ping attribute

What makes you so sure? If pings are enabled in the default build of Firefox, then web sites will use it. They use referrers, cookies, and javascript, right? I contend that the vast majority of users do not modify default settings, so there is good incentive for websites to use this feature. Website authors get something from this, sure, but so do users. Users get to be informed about click tracking. Isn't that better than the status quo today?

mission accomplished; within only a few days, people i convinced to turn away from MSIE call me and ask me about "firefox doing hidden user tracking". thank you.
of course the ping-stuff is bad; one more tool to invade my privacy; non-standard (now that at last standards get important!),...

there's one good thing about it: people notice the very existence of the whatwg; many didnt know before. maybe this will stirr some awareness about the potential damage that whatwg does to the web by introducing alternative "standards". in 2 years we might face three more working-groups of that kind. the long dead "best viewed with ..."-button will be back.

ossi,

And, did you explain to those people that this feature will give them more knowledge of click tracking? Maybe those people would prefer to know that a link click is going to be tracked so they can then choose not to click on it. With Firefox you get that option. Are you saying that you prefer being left in the dark?

I've created an open source library for PHP that can receive these pings, store them in a MySQL database, and produce reports.
Click my name for the project announcement on my weblog.

The furor over this feature is surprising, since this should be a net gain for privacy advocates, providing an opt-out link tracking feature in browsers that's better than the existing no-opt-out hacks used all over the web.

I dubbed the new feature click pings, because I think it's makes the functionality more understandable.

Thanks for getting this into a test environment!

Why don't you work on that then? Instead of adding yet another way for marketing people to abuse a browser (and by design even)?

There's no way to stop web publishers from using redirect scripts to track outgoing clicks. They're indistinguishable from other redirects.

Villa,

1) How are you going to bypass redirects? It isn't possible to do that without breaking many other legitimate uses of redirects. There just isn't any way to eliminate redirect-based click tracking. If you think otherwise, I'm all ears... tell me how to do it.

2) It may be true that some hard-core advertizers will not want to risk losing a single click by relying on pings, but that does not mean that it won't be useful to a large body of sites. For instance, a web portal that guides people to other sites on the web might like to know what links people find most useful. That's a perfect use case for pings. It allows the portal creators to know what things they should do to improve their portal for users without getting in the way of users who are clicking links on their site.

3) Yes, your point is well taken. However, I believe that what matters most to content authors is the default browser configuration. Very few users disable features in the browser, so web sites can generally depend on the default configuration. That's just reality.

>My current plan is to show the user the domains of the pings. That way, the user can easily see what organizations are going to be informed when s/he clicks on the link. Wouldn't it be nice if you could be so informed about other tracking mechanisms used on the web?

Actually, I don't really care about how websites count my visits and the systems they use server-side, it is their business. But still, it doesn't answer my initial question which was how will this new feature not clutter the user interface. Currently the ping attribute doesn't exist therefore there is nothing to show to the user, if we have the ping attribute it means that we will have to give him extra information about all the links he will click. If we don't, the moral contract we have with them is broken, if we do we will make surfing much less agreable because the user will receive lots of information to read at each click with a ping attribute.

>> Server-side redirect will never be replaced by the ping attribute

>What makes you so sure? If pings are enabled in the default build of Firefox, then web sites will use it. They use referrers, cookies, and javascript, right? I contend that the vast majority of users do not modify default settings, so there is good incentive for websites to use this feature. Website authors get something from this, sure, but so do users. Users get to be informed about click tracking. Isn't that better than the status quo today?

I am sure that it won't work because I am both a webmaster and a businessman and have probably a different POV on the possibilities it gives me.

As a marketer, I wouldn't replace my server-side redirect if the new analysis tool doesn't give me a better equivalent. Better, from a business pov is not about the quality of the implementation but about the efficiency of the method on all my visitors. If I can't get it to work for more than 90% ofmy visitors, it's a nice complementary tool but not a replacement tool. Even if IE7 would implement it, there will be years before IE7 replaces IE6 and I would still require server-side redirects to get accurate data.

Yourself told us that an IE bug has already been allowing this for a long time, so if it was already possible in IE when he had 90+% marketshare and this technique was known, why are sites still using redirects?

The more I think about it, the more problems I see in this idea such as:

-if you show domains, what will happen if the uri is numerical ?
-what prevents websites to use the ping attribute to let the user think that they are legitimately gathering data (with pings to the visited site for instance), while they are using redirects to notify other sites ? Of course they can do what they want now as well, but the browser isn't giving the user the impression that the site they are visiting is being fair with them.
-since this is an easier way to ping sites, will it not on the contrary allow more webmasters to do tracking resulting in a better informed user but also a much more tracked user?
-what will be the responsability of mozilla.com if sites complain about being slashdotted by the firefox browser because some people put their site in the alt attribute ?
-website defacing by script-kiddies is much easier than taking total control of the server (especially if there are separate servers to operate the site). So wouldn't it make the whole web more vulnerable to DoS attacks the next time a worm will spread to add ping attributes on thousand of links on the web ?
-what will happen if the websites pinged are down ? won't it impact firefox performance on dealing with the error ?
-what happens if the alt attribute pings sites that are illegal in your country? Now the server-side dealing of the problem gives no problem to the user, but are you sure that users may not have legal problems in their country if their own machine frequently pings illegal websites without even knowing it ? Not all firefox users live in democracies, some even live in the US...
-what about thunderbird ? I guess that there will be a blacklisting system for pinged addresses, but will it be synced between Firefox and Thunderbird ? Will things like toto@toto.fr result in thunderbird pinging a web site if I click on an email address in a message ? Certainly not something I'd like it to do if I don't want this person to know that I have already read his message.

-how is it going to play with content-filtering software and anonymous browsing ? If I use an external anonymiser service because I am looking for a new job and I don't want my boss to know it, will the webmaster be able to tell him "hey his computer is regularly pinging monster.com or jobpilot.com!"

> Yourself told us that an IE bug has already been allowing this for a long time, so if it was already possible in IE when he had 90+% marketshare and this technique was known, why are sites still using redirects?

I said clearly that sites are using the IE trick. I don't know how many use it. Maybe people don't know about it. How should I know. All I know is that it is there, it can be used, and it is used by some sites.

> -if you show domains, what will happen if the uri is numerical ?

We will show the user the numeric IP address.

> -what prevents websites to use the ping attribute to let the user think that they are legitimately gathering data (with pings to the visited site for instance), while they are using redirects to notify other sites ? Of course they can do what they want now as well, but the browser isn't giving the user the impression that the site they are visiting is being fair with them.

So, you think telling people that a website is pinging another site is somehow giving them too much confidence that that is the only side-effect to their link click? Oh, come now... that's a stretch.

> -since this is an easier way to ping sites, will it not on the contrary allow more webmasters to do tracking resulting in a better informed user but also a much more tracked user?

I'll take that over not knowing when I am being tracked.

> -what will be the responsability of mozilla.com if sites complain about being slashdotted by the firefox browser because some people put their site in the alt attribute ?

I don't speak for mozilla.com. (I don't work for them.) Maybe you should ask them.

Also, do you honestly buy the arguments in this thread about DDoS attacks? Good grief!! What moronic non-sense. You do know that it is possible to do the same thing with existing HTML elements (IFRAME, IMG, OBJECT, etc.), right?

> -website defacing by script-kiddies is much easier than taking total control of the server (especially if there are separate servers to operate the site). So wouldn't it make the whole web more vulnerable to DoS attacks the next time a worm will spread to add ping attributes on thousand of links on the web ?

Please see my remarks above.

> -what will happen if the websites pinged are down ? won't it impact firefox performance on dealing with the error ?

No. Firefox processes the ping request after following the link click. This means that it gets lowest priority, and moreover because Firefox is aware that the ping is a special request, it can ensure that the ping gets out of the critical path. That's a big part of why this is good for users. Hell, if the browser knows what these requests are for, then it can give them special treatment.

> -what happens if the alt attribute pings sites that are illegal in your country? Now the server-side dealing of the problem gives no problem to the user, but are you sure that users may not have legal problems in their country if their own machine frequently pings illegal websites without even knowing it ? Not all firefox users live in democracies, some even live in the US...

Please... think before you write such non-sense. As with the lame brained DDoS arguments, you can do all of that already with existing HTML (no JS required even).

> -what about thunderbird ? I guess that there will be a blacklisting system for pinged addresses, but will it be synced between Firefox and Thunderbird ? Will things like toto@toto.fr result in thunderbird pinging a web site if I click on an email address in a message ? Certainly not something I'd like it to do if I don't want this person to know that I have already read his message.

Pings are disabled in thunderbird mail messages. The feature makes no sense in a mail reader, so it is disabled.

> -how is it going to play with content-filtering software and anonymous browsing ? If I use an external anonymiser service because I am looking for a new job and I don't want my boss to know it, will the webmaster be able to tell him "hey his computer is regularly pinging monster.com or jobpilot.com!"

Pings are no different than ordinary HTTP requests. Any such anonymizer that works for regular HTTP will work for these pings.

>> -if you show domains, what will happen if the uri is numerical ?

>We will show the user the numeric IP address.

You also said :"That way, the user can easily see what organizations are going to be informed when s/he clicks on the link. Wouldn't it be nice if you could be so informed about other tracking mechanisms used on the web?"

>Also, do you honestly buy the arguments in this thread about DDoS attacks? Good grief!! What moronic non-sense. You do know that it is possible to do the same thing with existing HTML elements (IFRAME, IMG, OBJECT, etc.), right?

Yes, but that's no reason to add one more method to the range of available techniques. It is also far easier to include links in other peoples sites than iframes, I can submit a story to slashdot with links but not with iframes in it, same with blogs or just simply banners programs. Links are simply a much more sensitive part of the web than other elements because the web is based on them.

Darin, I think that dismissing my arguments calling them nonsense is not going to make your own arguments in favor of this new behaviour stronger. You may not have thought about the legal implications, but that's one of the first things I thought of, probably because I have a legal background. I am honest and I put myself in the "good guys" category, if I can think of it to do nasty things, I have no doubt the bad guys will think of nastier uses of it.

From what I read, the whole idea in favor of the ping attribute is based on the hope that it will ultimately replace current server-side equivalents. This is clearly fantasy to me because it would mean that the whole world would use browsers implementing it (will most likely never happen) and that advertisers will trust the system, which is very unlikely simply because it is not as accurate as current server-side work and advertisers prefers my mom not to know that they are studying her moves while she is surfing.

And I still don't see how you are going to show it to the user in a way that doesn't make surfing less agreable than it is now, you *will* have to notify the people that you are sending information to external websites. I really don't see the good it will make to the product. It's probably not going to improve significantly pageload time for the few sites that may implement it, it will make the UI in Firefox more cluttered than in IE7 because we will have to visibly give information about the URL we ping while IE won't have to and it will probably just annoy users. To me it is really an intent to solve problems we didn't have in the first place.

I am not paranoid about security, never chose mozilla for that, I don't use adblock, have js enabled and I just generally not look at all problems only with security and privacy in mind. But if you can't convince me while I understand your explanations, I really don't see how you will convince hundreds of millions of users that the ping attribute will benefit them, they will just say that Firefox is spyware or that we have found a way to monetize the browser we give for free including tools for advertisers in it...

I am going to reread the whatwg discussion about it, maybe I missed a strong positive point, don't know.

Pascalc,

Hmm... the IP address issue is interesting. Obviously, IP addresses aren't that user friendly.

On the issue of anchor tags, I would seriously hope that websites like slashdot do not accept verbatim anchor tags from submitters. Remember that those can have onclick handlers and other nasty bits. They can also have as their href value a javascript: URL. Clearly, any such website must be sanitizing the anchor tags, and it would be really dumb if such a sanitizer didn't apply a whitelist to only accept safe attributes.

Finally, please understand that there has been a lot of noise on this thread. People have been making very uninformed comments, so when I read comments about things like possible DDoS attacks, I have to laugh. I greatly appreciate the fact that people are concerned and worried about anything that might detract from their sense of privacy while surfing the web. I care a great deal about that, which is what I said in my original post. Furthermore, I have no intention of keeping this feature in the tree if the mozilla development community at large is not convinced that this benefits users.

Your assertion that _only you_ truly understand the issues and that the rest of the technical community is completely missing the point, is both incredibly conceited and grossly mistaken.

Chuckle and shake your head all you want. This _will_ be the end of Firefox.

Thousands upon thousands of blogs - written by extremely intelligent technical developers - will crucify Mozilla for this completely unwarranted, _deliberate_ intrusion on their privacy, and an inexcusable abuse of their personal computer's computing/bandwidth resources.

This will be followed by the mainstream media jumping on board and further tearing Mozilla limb from limb.

Finally, Microsoft _will_ annihilate anything that remains of Mozilla following the media's feeding frenzy.

Microsoft learned the hard way that ignoring consumers' security and privacy issues is an incredibly costly mistake. Mozilla is about to learn this same lesson in a very _BIG_ way.

Last one to leave, don't forget to turn out the lights.

Mr. Anonymous,

I don't believe the rest of he technical community is missing the point. Look around. There are plenty of people who support this feature, and yes there are plenty of people who are against it. Indeed, the community appears to be quite polarized.

Yet, I still haven't heard strong technical arguments against this feature. At best, some people have made a decent case that it might not be widely adopted. Otherwise, the commentary against this feature is in large part shrouded by fear and doubt without much technical basis. How about we discuss the technical merits of this feature instead of getting caught up in our fears?

FF was never technical superior to a lot of other alternative browsers. What brought a lot of people to it is it being OpenSource, thus, in the end, Philosophy. Think about it and tell me again why you want to open yet anoter vector for my enemies, even if it is one I could turn off.

I think it's obvious that the main reason you "haven't heard strong technical arguments against this feature" is because the important issue isn't technical.

I belive most people understand now that you tried to implement a "standardized" tracking techinque that is less annoying than current techniques and which allows users to easily opt-out in the future.

I follow the argument that if it where an opt-in feature that 90% of the users wouldn't opt-in (as a global default setting). But that's the point. The user should make a concious decission on a per site basis saying "I trust this website to use my tracking information".

I think the 'right thing' to do would be to prompt the user whether he wants to allow the browser to follow pings from this site and store that setting on a per domain basis. For all I care the "default action" for that panel can be "allow". Of course allowing the user to globally allow/deny pings should remain.

I would also think that denying pings _to_ specific domains would also be a user friendly feature.

So...how much did you get paid by Google to subvert Firefox? Hope it was plenty.

>did you explain to those people that this feature
>will give them more knowledge of click tracking?

No, I didn't, because it would have been wrong. It doesn't give them more knowledge, because it doesn't in any way influence other ways of click tracking. (If ping would be the *only* way to do it, your point would be valid. But it isn't.)

What I told them, though, is that there is no longer a reason to prefer Firefox over any other browser, be it Opera or MSIE or Safari or whatever, because its commitment to follow web standards is no longer credible; if all the browser abandon standards an go their own ways (some in so called "working groups", some on their own), you can as well choose your browser on the color of its default user interface.

> This will be followed by the mainstream media
> jumping on board and further tearing Mozilla
> limb from limb.

happens right here and now. i got the information about this blog and the ping-issue from the daily newspaper "der standard", which focuses on politics/economy. it's not one of those geek-media, you now. only one page for computer and telecommunications-stuff.

thats where i read it. thats where my friends read it.

What better person to present the cons than someone who has been thinking about it longer than the rest of us and someone who has implemented and tested it?:)

Not to put you on the spot or anything, but care to share with us what YOU think are the arguments against this feature? Don't hold back ;)

Darin:
As I said, trying to bypass these systems is not easy. In the case of javascript last-minute redirection, I don't think it's so complicated. All that should be done is enforce the integrity of the anchor tag after it has been clicked. This is something that should be considered even if this ping feature is added.
The redirect case is obviously more difficult to solve. Similar strategies should be used as the ones currently in development to fight phishing, specifically IE7 and the Google Safe Browsing extension. In case you're no familiar with them, they work like this: when the user visits a website, the browser asks a central server if the site is blackslisted. If so, the browserr takes some action, like blocking the site or showing an alert. In the case of redirects, what should happen is that the browser sends the URL of the pageto the server, the server identifies the site as using redirects, and returns a mapping of redirect URLs to direct URLs in that page. The browser then proceeds to make the changes directly in the DOM, effectively making all links point exactly where they should.
This raises some of the same concerns regarding privacy and use of bandwidth, but at least it all happens with a single, trusted server. Also, the server would have to keep a very current database of link redirects to keep the mapping updated and don't send the users to the wrong places. I don't think this should be much problem to a company like Google, though, as they are constantly spidering all websites. Furthermore, I don't think most webmasters can afford to go against Google and make their pages impossible to reach by the Googlebot.
Far fetched as these may be, there are ways to fight this. I could only hope that, eventually, webmasters would abandon such intrusive methods and do something as simple as asking their link partners for the logs of people that went from their site to their partner's site. God forbid they try to talk or share...

How about creating some test links which can be used to show people what information is already divulged by them under the non-ping system. This might be educational, possibly reassuring (or not) and lead to more informed comments.

I find it interesting to read the numerous "it's not standard!" comments here...

A W3C spec is a document written by a bunch of companies or organizations interested in writing a standard because they want their products to interoperate. So they get together, each pay a few tens of thousands of dollars for the privilege of writing a spec, and write one.

A WHATWG spec is a document written by a bunch of companies or organizations interested in writing a standard because they want their products to interoperate. So they get together and write a spec.

Both processes involve soliciting public feedback, etc. The only difference is the amount of money that the companies involved have to spend in the process.

Also, please note the fact that there _were_ attempts to do the work that WHATWG is doing under the auspices of the W3C (in spite of the financial drawbacks of that course of action) and the W3C flatly stated that it wasn't interested in interoperability of HTML browsers. So it's not like the founders of WHATWG picked up their toys and went home because they didn't want to play with the other kids; it's that the other kids were more interested in other sorts of games, while the WHATWG founders felt it important to standardize HTML.

Hm. Interesting reading this 'but other browsers don't support it' stuff. Cos it wouldn't take much Javascripting to implement it in IE:

1. trap onmousedown at the document level
2. find out if it was on a link with the 'ping' attribute present
3. xmlhttprequest it. (I don't know if ping is local-site restricted for security reasons - looks to me like it ought to be - but if it weren't, serverside support would be necessary.)

An easy script to write and one that would encourage adoption, perhaps. This implementation would have to do the pings before the page change, so it's not as good as client-side support.

Ian,

Instead of using XMLHTTP at step #3, you could just use "(new Image).src = URL" in IE to achieve a HTTP transaction that occurs in parallel to IE actually loading the page referenced by the HREF of an anchor tag. That's a bug in IE, but it can be and _is_ used by websites today to achieve the same functionality that <a ping> provides.

Darin wrote:
... just use "(new Image).src = URL" in IE ... it can be and _is_ used by websites today ...

Which is exactly why, under Firefox's configuration options, under the 'content' tab, one has a checkbox labelled load images "for the originating website only" -- it's specifically meant to BLOCK such remote image loading - and thus the spying. The setting puts a bullet thru the peabrains that attempt that kind of sneaky shit. I guess some other developer managed to get that control into the browser before google got too involved in determining "feature directions".

Darin,

Are you preventing Cookie: from going out with ping requests? Is it even possible to send a From:?

> Which is exactly why, under Firefox's configuration options, under the 'content' tab, one
> has a checkbox labelled load images "for the originating website only" -- it's specifically meant
> to BLOCK such remote image loading - and thus the spying. The setting puts a bullet thru the peabrains
> that attempt that kind of sneaky shit. I guess some other developer managed to get that control
> into the browser before google got too involved in determining "feature directions".

OK, first of all the trick that I described doesn't work in Firefox. Second, there are many other ways to causes HTTP requests to be sent to other domains besides just using images. Any <script>, <style>, <iframe>, or <object> tag may, for example, be used to trigger HTTP GETs to other domains.

So, the argument you are making falls flat, and please don't try to bring my employer into this. To think Google has the power to strong-arm anything into the Mozilla codebase is just lame. It's an opensource project for goodness sake. Did you even read the bug report? The code change was reviewed and approved by two developers who have no connection to Google. Sigh. Do your homework next time before sticking your foot in your mouth, ok?

> Are you preventing Cookie: from going out with ping requests? Is it even possible to send a From:?

At the moment, cookies are sent with ping requests in the same way that they are sent with ordinary requests. There is no From header.

Not only marketers can benefit from , any website can. That's because any website can benefit from knowing exactly how users move about through the site and where they exit. Currently, as we all know, such things are only guessed based on arbitrary stuff such as "timeouts" (time lapsed since the user last sent a cookie to the site).

And of what value is knowing "how users move through" and exit a site? Unless you want to direct that "flow" somewhere, which is marketing?

> And of what value is knowing "how users move through" and exit a site? Unless you want to direct
> that "flow" somewhere, which is marketing?

As with all engineering solutions, it is good to have data to confirm your design assumptions, etc. If you can collect usage data on your site, then you can learn how to better present the information on your site so that users will maybe like it better.

And what point is there to that other than to make more money of them? Placing a nice survey there does this way less intrusive and you may gather a lot ot more useful comments.

This was a bad idea from the beginning.

I can see what you're trying to do: standardize something that is already being done haphazardly with redirects which degrade performance and lah de dah, but this is not a winner.

The media (I noticed on LWN, actually) are linking firefox with "spyware" - this is _not_ good, even if untrue and distorted.

Pull it.

>Furthermore, I have no intention of keeping this feature in the tree if the mozilla development community at large is not convinced that this benefits users.

Darin, do you think that the "community at large" supports this feature enough to have to included in the tree? Hmm, I dont. You are simply giving hardcore trackers another method to track people. They will continue to abuse IE, use cookies, javascript, redirects and now, they can catch even more peoples browsing habits. How long until you see sites mirroring recompiled code with PING stripped out of the tree by default? If it wasnt such a royal pain in the backside to compile, I know I would consider it. If this goes live with the default of ON, the media will crucify you. People will swarm back to IE as it doent openly market itself as spyware enabled, which is exactly what the press will label it as.

You should seriously think about the repuation of Firefox. People never rememeber the good things but they never forget the bad things and you are in the position of deciding how Firefox progresses from here.

>As with all engineering solutions, it is good to have data to confirm your design assumptions, etc. If you can collect usage data on your site, then you can learn how to better present the information on your site so that users will maybe like it better.

They are called log files and I find mine at /var/log/apache

If this ping was the only method used to track people, I could see advantages to it. However, web developers aren't likely to use it unless there is a significant benefit to them. Even with FF, Safari, and Opera all implementing ping, they account for only 15% or so of users. IE7 might use it, but many people with older systems will continue using IE 5 and 6 for a number of years. Developers may add ping attributes to links, but they have no incentive to stop using other tracking methods.

"User agents must ignore any entity bodies returned in the responses, but must honor the HTTP headers — in particular, HTTP cookie headers."
The working draft requires than ping be usable as a vector to read and set more cookies on the user's system. Not exactly my idea of making it easier for them to see who's tracking them. Most people I know aren't too concerned about /who/ is tracking them; they'd rather not have anyone track them to begin with. Analogy: someone monitoring everything you do in a mall through the security cameras. Would you actually prefer knowing who they are to not having them watch you in the first place?

Ping would provide another way of tracking users, most likely used in tandem with current methods, rather than replacing them, and with no significant benefit to the user (ok, it's a bit easier to see where the link goes and who gets told about it, pages might load slightly faster, and the "paranoid user" can turn it off; I've been waiting for that for a long time). It feels like someone decided that since advertisers will be tracking us anyway, we might as well give them a convenient and effecient way of doing it. Spam isn't going away, so let's add a function to mail servers to make them deliver a message to every account. That would save tremendously on bandwidth, because the spammers would only have to send a single message to each server.

Whatever happened to the idea of a friendlier, less commercialized internet?

>Whatever happened to the idea of a friendlier, less commercialized internet?

Darin doesnt like that so hes giving us PING