Last week, Bleeping Computer reported that the latest versions of Google Chrome, Safari, Opera, and Microsoft Edge will not allow users to disable hyperlink auditing that was possible in previous versions.
What is hyperlink auditing?
The Web Applications 1.0 specification introduced a new feature in HTML5 called hyperlink auditing for tracking clicks on the links. To track user clicks, the “a” and “area” elements support a “ping” attribute that takes one or more URIs as a value. For example:
When you click on the hyperlink, the “href” link will be loaded as expected, but additionally, the browser will also send an HTTP POST request to the ping URL. The request headers can then be examined by the scripts that receive the ping POST request to find out where the ping came from.
Which browsers have made hyperlink auditing compulsory?
After finding this issue in Safari Technology Preview 72, Jeff Johnson, a professional Mac, and iOS software engineer reported this to Apple. Despite this, Apple released Safari 12.1 without any settings to disable hyperlink auditing. Prior to Safari 12.1, users were able to disable this feature with a hidden preference.
Similar to Safari, in Google Chrome hyperlink auditing was enabled by default. Users could previously disable this by going to “chrome://flags#disable-hyperlink-auditing” and setting the flag to “Disabled”. But, in Chrome 74 Beta and Chrome 75 Canary builds, this flag has been completely removed. Microsoft Edge and Opera 61 Developer build also removes the option to disable/enable hyperlink auditing.
Firefox and Brave, on the other hand, have disabled hyperlink auditing by default. In Firefox 66, Firefox Beta 67, and Firefox Nightly 68 users can enable it using the browser.send_pings setting, the Brave browser, however, does not allow users to enable it at all.
How people are reacting to this development?
The hyperlink auditing feature has received mixed reactions from developers and users. While some were concerned about its privacy implications, others think that this process makes the user experience more transparent.
Sharing how this development can be misused, Chris Weber co-founder of Casaba Security wrote in a blog post, “the URL could easily be appended with junk causing large HTTP requests to get sent to an inordinately large list of URIs. Information could be leaked in the usual sense of Referrer/Ping-From leaks.”
One Reddit user said that this feature is privacy neutral as this kind of tracking can be done with JavaScript or non-JavaScript redirects. Sharing other advantages of the ping attribute, another user said, “The ping attribute for hyperlinks aims to make this process more transparent, with additional benefits such as optimizing network traffic to the target page loads more quickly, as well as an option to disable sending the pings for more user-friendly privacy.”
Though this feature brings some advantages, the Web Hypertext Application Technology Working Group (WHATWG) encourages user agents to put control in the hands of the users by providing them a feature to disable this behavior.
“User agents should allow the user to adjust this behavior, for example in conjunction with a setting that disables the sending of HTTP `Referer` (sic) headers. Based on the user’s preferences, UAs may either ignore the ping attribute altogether or selectively ignore URLs in the list,” mentions WHATWG.
To read the full story, visit Bleeping Computer.
Read Next
Mozilla is exploring ways to reduce notification permission prompt spam in Firefox
