Mozilla plans to enable Hyperlink Ping Tracking by Default in Firefox

[Karlston]

A new Bleeping Computer report by Lawrence Abrams suggests that Mozilla plans to enable Hyperlink Ping Tracking by default in the Firefox browser.

 

Firefox is one of the few browsers that has the feature disabled by default, another is Brave. Most Chromium-based browsers, Google Chrome and Opera, as well as Microsoft Edge and Safari have the feature turned on by default.

 

The browsers that have the feature enabled already won't allow users to disable the feature anymore in coming versions. Chrome users, for example, can disable Hyperlink auditing in the browser currently on chrome://flags if they run the Stable version. Chrome users who run Beta or other development versions won't find the feature listed anymore as Google removed it from the list of available flags.

Chrome 73.0 Stable

Chrome 75.0 Canary

What is Ping Hyperlink Auditing?

Links, or hyperlinks, are a fundamental HTML feature that loads another resource when a user activates it.

 

Ping is a new attribute that can be added to links to send information to another resource. Here is an example: <a href="https://www.ghacks.net/ ping="https://www.example.com/">This</a>

 

When a user clicks on the Ghacks Link, Example.com is notified that the click happened. It is possible to notify one or multiple resources about the link click.

 

What is bad about it?

 

Ping is used to track link clicks. The nature of how that is done is not transparent to users who click on links, as the ping attribute is not shown and links with pings are not highlighted when a user hovers over the link in the browser.

 

While it is possible to check the source, it is not comfortable and unlikely that many users will do so.

 

Apart from privacy, at least one case has been recorded where pings were used for denial of service attacks.

And Firefox?

 

Mozilla told Bleeping Computer that the Ping has not been enabled by default in Firefox already is because the feature is still being implemented.

 

Asked about the privacy implications, Mozilla told Bleeping Computer that it agreed with Apple's stance on the issue. Apple stated that turning off Ping would not "solve the privacy implications of link click analytics" and that disabling it would result in companies using techniques that would "hurt the user experience".

 

Sites would often check for supported tracking features and would simply switch to another if Ping was not available.

 

Firefox supports a preference currently that determines whether pings are enabled or not. The preference is set to False currently which means that it is not used.

 

Firefox users can check browser.send_pings on about:config to configure it. Whether that preference will remain in Firefox once Mozilla enables Ping functionality remains to be seen.

Solutions

Chrome users may install Ping Blocker to block pings in the browser. The popular content blocker uBlock Origin blocks pings by default as well, and it is available for Firefox, Chrome, and other browsers.

 

Brave is one of the few browsers that has the Ping attribute disabled.

 

Source: Mozilla plans to enable Hyperlink Ping Tracking by Default in Firefox (gHacks - Martin Brinkmann)

[DKT27]

Concerning this, the whole thing.

[mp68terr]

On 4/20/2019 at 9:21 PM, Karlston said:

Brave is one of the few browsers that has the Ping attribute disabled.

'browser.send_pings' is set to false by default in Palemoon too.

[v3n0m]

 

On 4/22/2019 at 4:38 AM, DKT27 said:

Concerning this, the whole thing.

very disconcerting

[steven36]

On 4/22/2019 at 11:48 AM, mp68terr said:

'browser.send_pings' is set to false by default in Palemoon too.

Waterfox  too and  doubt they would ever allow it once the Waterfox v68 comes out final witch it will once again it will be based on the latest version of Firefox ESR  and work with all the new addons that is what Waterfox  is about removing   and turning the spys off that Firefox  adds to get paid . It's going to get too the point were i'm not going to install a mainstream browser anymore  let the masses who use Facebook and Google products and services who already  are being spied on  with  user-tracking and accepted  it as being normal deal with it. 

 

Old saying is you've made your bed, now lie on it  it means

Quote

If someone says you've made your bed, now lie on it or you have made your bed and will have to lie on it, they are telling you in an unsympathetic way that you have to accept the unpleasant consequences of your actions or decisions.

[steven36]

From   our friend  at uBlockOrigin

___________________________________________________________________________________________________________________________________________________________________________________________________________

gorhill4 10 points 3 days ago*

 

The actual issue with hyperlink auditing is that it still occurs even after disabling JavaScript -- which is not the case with the "less user friendly" ones.

In any case, uBO disables hyperlink auditing (by default) using the browser.privacy.network privacy.websites.hyperlinkAuditingEnabled API, so as long as the API is still available and working as expected, there will be a way to disable hyperlink through extensions.

_________________________________________________________________________________________________________________________________________________________________________________________________

 

So unless they change the whole api  on how they send these pings it  can blocked in all browsers .

 

You can see here  Firefox  and Chrome  have been planing on doing this since  2014 after all they the ones who implemented  it into there's browsers over 4 years ago.

https://www.wilderssecurity.com/threads/hyperlink-auditing-aka-a-ping-and-beacon-aka-navigator-sendbeacon.364904/

 

Just like  other tracking someone will  make something to  block it always , just like when Chrome removed the flags  to block Canvas Fingerprint and Prevent WebRTC from leaking local IP address

[mp68terr]

Glad to have efficient addons like uBlock. Glad to have alternative browsers too.

Blocking all these spying things is a big work.

 

Wondering about Vivaldi (under linux) though; to reveal its entire configuration is a pain in the a... No such detailed config as the one displayed with about:config.