Firefox and the ping attribute

Posted Jan 18, 2006 21:33 UTC (Wed) by iabervon (subscriber, #722) [Link]

I'm not sure many people would really see this as making the application phone home (it's not like it makes the browser tell mozilla.org about the links you follow, or tells any site other than the site the link is on). I don't think this is likely to be more frequently disabled than the referrer header, which gives the same sort of nosy information in the opposite direction, but which relatively few people disable, even when following links from potentially embarrassing URLs (google searches for particular things, for example). It's almost less intrusive, since you're only sending notification that you're going to a URL that the site you're telling linked to. It's not like you're telling an innocent site about a link from a fishy page you were on.

Posted Jan 18, 2006 22:07 UTC (Wed) by gjheydon (guest, #4209) [Link]

this sounds like and interesting feature. I know that for things like adsense and how people do click through ads could really make this a lot cleaner to implement.

I hope that you can restrict this so that it will only send pings to the domain that you are currently on or turn it off.

Given that people will be able to turn this off, this means that companies line google, will not use this at all, and keep going the click though the same way they are doing it now.

Posted Jan 18, 2006 22:23 UTC (Wed) by fwenzel (guest, #33783) [Link]

But if the majority of users turns it off, implementing a count system based on the ping attribute would be worthless work.

However, I can imagine that MSIE will implement the ping attribute, not allowing to disable it, soon. In this case, the web programmers get at least the click results by these people.

Posted Jan 19, 2006 1:08 UTC (Thu) by beejaybee (guest, #1581) [Link]

Do other people share my opinion that firefox is getting to be more trouble than it's worth?

Never has the need for a genuine open source browser been more evident.

Posted Jan 19, 2006 1:17 UTC (Thu) by jwb (subscriber, #15467) [Link]

What I find most interesting about this episode is not any feature of the ping attribute, but what is implied about the Mozilla development process. 7 years ago this month, Bug 2800 was opened to implement a UI for the HTML link element. The W3C had spent literally years in committee defining that element, and they concluded that "user agents may provide access to linked documents through a navigation bar." In accordance with this, a toolbar exposing the functionality of the link element was developed.

Over the years, 5 seperate implementations of the link toolbar were proposed for Mozilla. 215 comments were posted, before the bug was closed due to length. Unfortunately each implementation of this W3C feature was shot down due to the picking of some nit: the icons were backwards on some skins, one windows developer couldn't get one implementation to work, one implementation generated some excess garbage inside javascript, some middle-level software manager at Netscape thought it was too risky, etc. To this day, no Mozilla product has a UI for the link element.

Contrast that with what happened with the ping attribute. Hixie invented the attribute in October, proposed it on the WHATWG mailing list, where no substantive discussion ensued. Hixie proposed to "do an experimental implementation" in Bug 319368. Later other WHATWG members posted an implementation, and the patch was landed.

The contrast is impressive. The link element is a long-standing feature of the technical reports of an actual, established standards group. The ping attribute was cooked up at the WHATWG and added to a draft by a non-obvious process. The ping implementation lacks any kind of UI, and had adverse, easily-forseen impact on the Thunderbird project development, yet it was reviewed, super-reviewed, approved, and landed in no time. The link implementation was fully formed with internationalization, preferences, themes, and so forth, yet it was impossible to land it in various stages of Mozilla development due to the constant picking of nits, sometimes by the very same people who landed ping.

And really, who can blame them? The Mozilla members of the WHATWG have enough juice between them to review, super-review, and approve their own patches without involving any outside party. People won't complain, because those developers, who are responsible for huge subsystems of Mozilla, are indispensible. Mozilla is really their product in large measure. But to the thousands of other contributors to the project, it becomes obvious that code is not necessarily accepted or rejected on the merits, but rather on the names of the developers involved.

The reader can choose to see these events in two different lights. In one sense, the ping attribute is a good example of the speed and flexibility of open source software development when unencumbered by the sluggish bondage of the W3C and the incompetent management at AOL/Netscape. In another sense, a cabal of core developers commit their own half-baked ideas while requiring vast scrutiny of outside contributions.

There is also a third way to think about the event: Google, Internet's largest advertiser, hires influential browser developer, persuades him to enter advertisers' desired features into draft standards of the self-styled successor to the W3C, and to contribute those features with minimal discussion to popular web browser. I leave it as an excercise to expand upon this angle.

Posted Jan 19, 2006 4:56 UTC (Thu) by adegert (subscriber, #5503) [Link]

If this feature is really used by the websites who want to collect this sort of data from its visitors, I see an improvement for the user.

At the moment, websites collect this data without the users consent and mostly without the user knowing it.

If the ping attribute is used, a decent browser can inform the user that the website owner would like to receive the information, and the user can decide if he wants to give it or not.

Posted Jan 19, 2006 5:35 UTC (Thu) by rwmj (subscriber, #5474) [Link]

I thought people might be interested in how the ping attribute might be seen from a marketing perspective.

We do various strictly white-hat marketing activities for our clients, and sometimes we add what are known as "tracking URLs" into links. One example would be links from Google paid adverts. Some of our clients aren't sophisticated enough or don't have the ability to analyse logfiles, or are required to track through an independent third party, so we might track paid search through a third party service. Such a link might look like:

http://tracking-service.invalid/track?link=http://travel-...

(but probably with a bit more escaping on the link parameter - anyway you get the idea).

The problems from the web marketer's point of view are (0) adding and managing tracking URLs is painful, (1) it slows down page loading because of the redirect, and (2) you are dependent on a third party. In one instance that I was involved in, a third party tracking site was down for 4 hours, and our customer (a large travel company) lost thousands of pounds in paid clicks from Google, and many more thousands of pounds of potential business once we'd had to turn off the advertising.

There's a fourth problem from my point of view as an ethical marketeer. If people don't want to be tracked like this, then they ought to be able to turn it off, in the same way that we don't require people to use cookies and respect their rights to disable them. This isn't just a fuzzy "nice-to-have" either. It's actually the law throughout the EU.

The "ping" attribute goes a long way to satisfying all four of these concerns: (0) separates tracking from linking, (1) much less slowdown, (2) doesn't depend on third party service working all the time, (3) with a decent implementation, it should be possible for users to turn off pinging, which respects their privacy, and complies with the law.

What's also interesting to me is how this came about. It seems to be the first significant feature which wasn't a W3C recommendation. Instead it comes out of WHATWG which is essentially a coalition of browser makers led by the redoubtable Ian Hixie. This could mark a significant change in where web standards come from.

Rich.

Posted Jan 19, 2006 8:28 UTC (Thu) by Duncan (guest, #6647) [Link]

I see the security angle, but expect any browser that I use that
implements the ping attribute, to allow me to turn it off, so security is
a concern, but not an undue concern, for me.

However, not covered here but also possible, if I understand how this
works, would be using this as a prefetch mechanism. If a request is sent
to various places, couldn't one of those requests be for the next page of
the article? Sure, some browsers already have "next" page prefetching,
but AFAIK, it's all entirely browser-side and can easily be
unintentionally broken on some sites. Providing a specific mechanism
enabling this from the server side, thru a ping attribute listing a
request for the next page, could be one non-privacy-invasive use of the
technology. (Sure, something similar can be implemented now using
scripting, but this wouldn't require scripting.)

I'm just trying to think of the best way such a technology could be used,
as well as the potential for mischief.

Duncan

Posted Jan 19, 2006 9:13 UTC (Thu) by simonl (subscriber, #13603) [Link]

I work in the web statistics industry and sure this is useless to us. Obviously designed only with adlinks in mind, what a shame that it goes all the way through standardization and implementation with such a narrow scope.

We want to track page exit in general, to analyze browse patterns, page view duration etc. The ping attribute is insufficient as there are other ways to leave a page, like forms, javascript, flash, java, or other plugins. It requires modification to each link, which is only realistic if you are the adlinks provider, not if you are an external statistics provider.

What we really want is a reliable page exit trigger. MSIE invented the onunload event long ago, unfortunately it is highly unreliable, and does not tell what triggered the exit. If it did there would be no reason for the ping attribute, and it would be generally useful, for many other purposes than adlinks.

And for the user quibbles: This sounds too much like the cookie debate years ago, just like everything they can be used for evil stuff, and good stuff. Turn them off if you care.

Posted Jan 19, 2006 9:21 UTC (Thu) by smurf (subscriber, #17840) [Link]

Seriously, what's the problem? Right now you see obfuscated URLs which already do phone "home" (or at least where you came from), depend on third-party servers, and no way to turn that off. With PING you see real URLs, which don't depend on yet another web server, and you can disable the third-party "phone" call (I hope).

Additionally, there's the "hmm, interesting link about $FOO, let me bookmark it for later" problem -- when later arrives, the "interim" link is dead...

Posted Jan 19, 2006 17:34 UTC (Thu) by jmorris42 (subscriber, #2203) [Link]

> Certainly, Firefox users have no motivation to leave ping enabled - it
> potentially compromises their privacy while offering them little in return.
> People will disable ping, and distributors will have a strong motivation to
> disable it by default in their packages.

And everyone said I was daft when I called Firefox with the new trademark policy a 'proprietary fork'. Well here is the result. No, distributions won't be disabling the ping attribute and I'd bet a visible pref to switch it off won't stay when the initial bitching calms down, if it ever appears in an official version at all. Remember, when the distributions opted to accept the trademark restrictions they ceeded control to Firefox and it should be abundantly clear from this new feature alone that they are now in full 'monitize our IP' mode.

Posted Jan 23, 2006 9:09 UTC (Mon) by IkeTo (subscriber, #2122) [Link]

Um... if the browser will actually get the result of the query and put it into the users' cache, this is a selective prefetch mechanism that will actually benefit users. Will that be the case?

Posted Jan 26, 2006 17:38 UTC (Thu) by arcticwolf (guest, #8341) [Link]

It might be worth pointing out here that the "Web Hypertext Application Technology Working Group", despite its highfalutin name, is neither any kind of accepted standards body (like the W3C) nor part of one. Rather, it's just a group formed by Firefox and Opera developers; the "working group" was probably just formed to lend the whole thing more credibility by disguising the fact that it's really just two (minor) browser vendors making some suggestions.

The whole thing is not really different from M$ implementing proprietary stuff in IE, and should be treated as such.