Relearning modern HTML, and amazed to find that tags have a "ping" attribute that just fire off an async POST to whereever you like when someone follows the link. Explicitly designed for tracking user activity, and has been in browsers since 2011.
-
Relearning modern HTML, and amazed to find that <a> tags have a "ping" attribute that fire off an async POST to whereever you like when someone follows the link. Explicitly designed for tracking user activity, in browsers since 2011.
According to MDN, Firefox is the only browser that doesn't send them. Not for any noble reason, there's just an 11 year old open bug to finish shipping it and it's not done yet.
(edit: boosting this? Want to learn modern HTML? See rec in https://hachyderm.io/@danderson/113261912941835525)
-
Dave Andersonreplied to Dave Anderson last edited by [email protected]
The rationale is fair enough, to some extent: it implements something you could already do a bunch of other ways (JS events, proxy through a tracking redirect, ...), so it's not giving anyone novel capabilities. But in return, it avoids (in theory) tracking enthusiasts playing stupid sneaky games with hypermedia, and encodes the intent of the site author semantically into the page, where the browser can understand it (and then ignore it, or point it out to you, or ...).
TIL I guess.
-
@danderson more here
HTML defines a ping attribute on anchor elements (links)
HTML anchors provide a ping attribute that can be used to send analytics information to defined URLs
(www.stefanjudis.com)
-
Not sure if it will work in ublock lite, but for what it's worth the ublock origin rule to remove it is:
##a:remove-attr(ping)
Static filter syntax
uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean. - Static filter syntax · gorhill/uBlock Wiki
GitHub (github.com)
-
@danderson Not quite the same thing, but… Anyone else remember when "pingbacks" were a thing on blogs? They were listed with the comments, but they were "some other site has sent a message to this site to say that it has linked to this article".
Where did the Internet go wrong?
-
Taggart :donor:replied to Dave Anderson last edited by
@danderson This sent me down a bit of a "Can I abuse this?" rabbit hole. Short answer: not really, without recompiling the browser and using that for a target. For those curious, here's where that
PING
value is set in Chromium. Literally a static string! -
Dave Andersonreplied to Taggart :donor: last edited by
@mttaggart hah, I hadn't looked at what it did precisely. I guess you can still transmit a small amount of information in query parameters, but yeah it seems deliberately quite restricted since we already have javascript and so forth if you're trying to do actual computation
-
@ibboard Those still exist! I run across them occasionally, I think possibly wordpress still both sends and receives them, so there's a tiny amount of it going on almost by accident.
-
@nbaileydev I expected nothing less, it's a pretty obvious one to nerf