Mozilla has told BleepingComputer that they will be enabling the tracking feature called hyperlink auditing, or Pings, by default in Firefox. There is no timeline for when this feature will be enabled, but it will be done when their implementation is complete.
For those not familiar with hyperlink auditing, it is a HTML feature that allows web sites to track link clicks by adding the “ping=” attribute to HTML links. When these links are clicked, in addition to navigating to the linked to page, the browser will also connect to the page listed in the ping= attribute, which can then be used to record the click.
When these links are displayed on the page, they will appear as a normal link and if a user clicks on it, there is no indication that a connection is being made to a different page as well.
Mozilla feels it’s a performance improvement
While some users feel this feature is a privacy risk, browsers developers feel that trackers are going to track, so you might as well offer a solution that provides better performance.
When we asked if they felt that users should at least be given the ability to disable the feature if they wish, Mozilla stated that they did not believe it would have any “meaningful improvement” to a user’s privacy.
“We don’t believe that offering an option to disable this feature alone will have any meaningful improvement in the user privacy, since website can (and often already do) detect the various supported mechanisms for hyperlink auditing in each browser and disabling the more user friendly mechanisms [ed: bold mine] will cause them to fall back to the less user friendly ones, without actually disabling the hyperlink auditing functionality itself.”
How is this “user friendly” exactly? Let’s block all of the tracking mechanisms and let people explicitly opt in to share their data … especially considering this method is already being used in DDoS attacks.
Or maybe just be transparent. That the user doesn’t know and can’t know without parsing the HTML themselves that these are there is … problematic at best.