[johann_p]

As it seems from this ./ article which in turn references this blog entry and this Web Hypertext Application Technology working draft, the latest FF trunk builds have an implementation of the ping "feature"

It seems this is the relevant bug

Any opinions on this here? I am not sure, but from one of the attached patches it seems this is disabled by default -- is this correct?

[Unarmed]

why?

to see if there are any unexpected real-world problems.

Any opinions on this here? I am not sure, but from one of the attached patches it seems this is disabled by default -- is this correct?

It’s not much more obtrusive than the <code>Referer</code> header and it can be turned off with a <a href="http://kb.mozillazine.org/browser.send_pings">pref</a>. There’s really no privacy issue here as far as I’m concerned.

It’s disabled by default in SeaMonkey until it can be enabled/disabled on a per-app basis — there’s no reason to have it enabled in Mail/News, for example.

[Thumper]

It'll make pr0n site URLs a bit cleaner, hopefully, and that's really all I care about.

- Chris

[johann_p]

To implement something that is not part of a standard and indeed does have privacy and performance issues just "to see if there are any unexpected problems" is more than just a bit odd.

This is indeed much more of a problem than Referer headers, since it will contact any number of servers *different* from the one you connected to. As such it is as intrusive as cross-server cookies or web-bugs. Also, other the the referer header, it actively connects to potentially different machines which imposes additional traffic and connection time delays, potentially slowing down the page.
I do not see any reason whatsoever to have it enabled in *any* application, including FF, even less so without the user knowing what is going on.

[BenBasson]

It's enabled by default according to Darin.

To implement something that is not part of a standard and indeed does have privacy and performance issues just "to see if there are any unexpected problems" is more than just a bit odd.

Define standard... it's part of a WHATWG specification, just like canvas.

Privacy issues? It's identical to http://www.cusser.net/myoutgoinglinkscr ... nstead.com but without making end-users see links that don't make sense.

[Unarmed]

CSS column attributes are also not part of a standard, but they’re implemented in experimental form to work out bugs.

You can read the WHATWG’s rationale in the <a href="http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-October/004894.html">mailing list thread on the subject</a>.

Nothing that <code><a ping></code> does is new in terms of functionality — you mentioned the equivalent mechanisms already. It’s just easier, cleaner, and formally written in a spec now.

Connections made to other servers due to <code><a ping></code> attributes are asynchronous, so performance-wise they’re potentially more efficient than web bugs or cookies.

The spec also has this snippet which addresses your comment of “without the user knowing what is going on”:

When the <code>ping</code> attribute is present, user agents should clearly indicate to the user that following the hyperlink will also cause secondary requests to be sent in the background, possibly including listing the actual target URIs.

Obviously this hasn’t been implemented in Firefox yet, but if the <code><a ping></code> implementation stands up to the power of a million Slashdot trolls (present company excluded, of course) then the distinction will need to be made in the UI.

[johann_p]

One additional thought: FF got much of its reputation for its privacy concerns: many users value FF because it has built-in features to disable cookies or extensions like adblock or for suppressing the referrer. Putting this into FF is going into the totally opposite direction -- and for what or why? What need existed to put this in the first place? And more importantly: why would any user ever *want* this to be included in FF??

The whole idea of the ping attribute is wrong, and to implement it in FF is doubly wrong.

Instead, they should implement *more* privacy and security related features - e.g. there is still LOTs of room for improvement for letting users configure what they allow web sites to do by default, e.g. a zone-oriented system like IE has would be much better than the site-by-site fiddling that is available now.

[BenBasson]

Johann, are you just ignoring our replies on purpose?

[JaredM]

I saw far too many reasonable arguements for this feature and not enough fud in the comments on that /. article... my head asplode.

[Thumper]

I wish I could say your knee-jerk reaction was anything but typical. Have you read and understood the reasoning behind the implementation, and the current state of things?

- Chris

[johann_p]

Johann, are you just ignoring our replies on purpose?

No, why are you asking?

[Unarmed]

Consider this, though: If the attribute is adopted by browsers (and that is a big “if” — there’s hardly a reason to be paranoid at this stage in the game, when no one’s using the attribute anyway), then the big sites that need tracking in their links will adopt this cleaner method of tracking. This gives browsers an untainted <code>href</code> and the potentially-privacy-violating <code>ping</code>. Whereas before the browser had no choice at all for visiting the link and being tracked, now it can safely ignore the tracking and continue on its merry way.

[chob]

http://weblogs.mozillazine.org/darin/

[johann_p]

I wish I could say your knee-jerk reaction was anything but typical. Have you read and understood the reasoning behind the implementation, and the current state of things?

- Chris

I wish I could say your [.] arrogant reaction was anythin but typical. I was posting this here exactly because I wanted to learn about the reasoning behind this and arguments for it, and others here have provided a lot of information. Unlike you who merely psots his usual troll reflex of a unnecessary personal attack.

[.] ... stop turning every thread you are in into fight .. or "war" as you have put in some other thread.

[Edited by RAF. Johann, PM me if you have any problems with that]

[BenBasson]

No, why are you asking?

Well, the benefits (listed in the replies above and all over the net) are seemingly quite obvious:

1. It actually gives you more control over privacy if adopted, since you can turn it off. You can't turn off redirect links which are already used all over the web.
2. It makes URLs more obvious to end-users.
3. You can get to the destination site, even if the tracking script fails or goes offline.

I can't actually think of disadvantages to list, so you'll have to think up your own to refute these benefits.