|
|
Subscribe / Log in / New account

Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Posted Apr 8, 2019 20:53 UTC (Mon) by MarcB (guest, #101804)
In reply to: Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer) by mathstuf
Parent article: Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Yes, that is often possible, but it is site-specific, could break at any time and could be made impossible if the site really wanted to (just use an ID that needs to be resolved server-side instead of the actual target in the redirect URL).

Any such extension could also be written for the ping attribute and would be complete site-agnostic, simpler and robuster.

to post comments

Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Posted Apr 9, 2019 8:06 UTC (Tue) by alonz (subscriber, #815) [Link] (4 responses)

As someone who has actually implemented a click-tracking solution — it is relatively common practice to encrypt the real target URL, so the link you get from the original site only includes an opaque blob, and only the click-tracking redirector can decode and decrypt it.

Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Posted Apr 9, 2019 16:56 UTC (Tue) by leromarinvit (subscriber, #56850) [Link] (3 responses)

As someone who has to deal with such shite as a user, this is the reason the web sucks.

No offense meant against you personally, but the fact that people/companies feel the need to do such shady things is an indicator of a very sorry state of affairs.

Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Posted Apr 10, 2019 0:13 UTC (Wed) by codewiz (subscriber, #63050) [Link] (2 responses)

Often, click-tracking has nothing to do with "tracking users". Knowing the frequency of clicks is an essential signal for search result ranking, among other things. For sponsored links, clicks are used for billing customers, so you'd go a long way to avoid miscounting.

I'm a privacy advocate, but I don't see anything wrong with encrypting the url in response to user agents not honoring the ping attribute and stripping redirects.

Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Posted Apr 20, 2019 17:52 UTC (Sat) by Tomasu (guest, #39889) [Link] (1 responses)

And I don't see anything wrong with stripping the tracking. I'd even go so far as to strip it in a proxy if I have to. Making it non optional is shady af. Encrypting it is worse. I just don't even. I'll be Paying more attention to sites now to see if they are doing anything like that and reconsider my use of such sites. Googles crazy links were obnoxious enough but I've been too lazy to bother with them... Anything that hopes further may just get me to act.

Major Browsers to Prevent Disabling of Click Tracking Privacy Risk (BleepingComputer)

Posted Apr 21, 2019 4:37 UTC (Sun) by codewiz (subscriber, #63050) [Link]

This is clearly an arms race, where each action and countermeasure makes the web a little slower, a little more complex, and a little more fragile for both sides.

As other comments have already pointed out, we'd be better off with user agents honoring a privacy-respecting form of ping=, so web developers doesn't feel compelled to escalate it to JavaScript, encrypted urls and other opaque techniques that achieve the exact same result.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds