Major Browsers to Prevent Disabling of Click Tracking Privacy Risk

Discussion in 'privacy problems' started by mood, Apr 6, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,020
    Major Browsers to Prevent Disabling of Click Tracking Privacy Risk
    April 6, 2019
    https://www.bleepingcomputer.com/ne...ent-disabling-of-click-tracking-privacy-risk/
     
  2. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    411
    Looks like a good time to dump Chrome. Too bad.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,961
    Why would anyone ever trust anything involving Google?
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,020
    Soon it will be enabled by default:
    Mozilla plans to enable Hyperlink Ping Tracking by Default in Firefox
    April 20, 2019
    https://www.ghacks.net/2019/04/20/m...yperlink-ping-tracking-by-default-in-firefox/
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,092
    Location:
    Lloegyr
  6. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,539
    Location:
    Italy
    Even Pale Moon has the "Hyperlink auditing" setting disabled by default.

    Also with UBO it is possible to disable the "Hyperlink auditing".
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,597
    Location:
    Canada
    How is this a privacy issue?
     
  8. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,092
    Location:
    Lloegyr
    I think it's more of a tinfoil hat issue.
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,597
    Location:
    Canada
    Agreed ;)
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,961
    I pretty much agree.

    I mean, if you really cared, you'd be using VPNs and/or Tor to hide your ISP-assigned IP address from whatever website you're using.
     
  11. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    79
    If tracking isn't a privacy issue then Hyperlink Auditing isn't either.
     
  12. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    79
    Would you mind explaining what an IP address has to do with Hyperlink Auditing?
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,961
    It tells a website which of its links you (identified by your IP address, cookies, browser signature, etc) followed.
     
  14. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    914
    Location:
    Member state of European Union
    It is quite complicated to do that effectively. Passing all Internet connections through the same VPN and visiting them from the same browser means that visit on one site may be linked to visit on another site. Suppose that user is ok with sharing real name on the one site, but want to visit second site anonymously. Second site may theoretically ask/buy data from first website to capitalize more on user visit.
    One the other hand I agree with Mozilla developers that tracking is done via many other ways today anyway.
     
    Last edited: Apr 24, 2019
  15. Pharao

    Pharao Registered Member

    Joined:
    Oct 8, 2014
    Posts:
    79
    This is not how Hyperlink Auditing works.
     
  16. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    "Hyperlink auditing" aka "ping attribute" aka "<a ping>" is a mechanism that is explicitly designed for click reporting/tracking. When a user follows a hyperlink, the feature will report the action via POST (with credentials and ping specific headers) to one or more URLs (which may contain query/path params that pass additional info). In practice, said POSTs will frequently be to servers other than the server the user is trying to contact by clicking on the link (third-party exposures will be high). If you are concerned about web tracking, and especially third-party exposures, you will want to take this seriously.

    The "it doesn't really change the privacy situation because click tracking can be done in other ways and this feature improves the user experience" POV is getting ample play. A few points to help people understand why there is some strong negative reaction to this (not meant to provoke pointless debate here - this has been debated in various places during the past 13+ years):
    • When it comes to protection, one "mechanism of harm" can't be dismissed on the basis that there are other mechanisms that can be used to create similar harm. For example, you can't dismiss one arbitrary code execution vulnerability just because there are other vulns that allow ACE.
    • Privacy oriented users would love to eliminate the abuse of general web features for privacy-reducing purposes, but there is only so much that can be done. A feature which is explicitly designed for click tracking and put in specs and built into browsers/apps is naturally going to make some bristle. It is philosophically objectionable, and there are some practical concerns.
    • It is seen as an official endorsement of a privacy-harmful practice
    • It creates a foothold within the web client and the evolution of that may not be favorable. For example, one of the "better for users" selling points was that users could switch it off. Now we see switches being removed. Another selling point was that it would alert users to the fact that click reporting was taking place and show them the ping targets. Which, supposedly, hasn't been implemented by any major browser.
    • This feature is helpful to those involved in click tracking (they want it). It makes some implementations easier, can work when JavaScript is disabled, reduces some server loads, and reduces some user experience issues that disincentivize click tracking. Concern about this feature contributing to an increase in the use of click tracking is not unreasonable.
    • There are a some cases where a "user experience issue" caused by click tracking is actually beneficial to the user (it alerts them to the activity and/or breaks it).
    • There is a "the ends justify the means" aspect to this: those promoting this feature argue that it will be better if it is adopted... in order for it to be adopted it must be widely supported... in order to be widely supported many users must be made vulnerable to it. Disregarding whether the supposed end will actually be the real end, this would be objectionable to many on ethical grounds.
    • Making users vulnerable to this via it being enabled by default was bad enough. Removing, or not implementing, a built-in setting to enable/disable this is much worse. Surely some browsers don't support extensions. Some browsers that do support extensions prevent the extensions from "tampering" with "whitelisted" URLs/hosts/traffic, so there *might* be some cases where pings can bypass extensions that are trying to block them. Even where extensions are supported and they can reliably block pings, we know that a large percentage of users don't go there. Frankly, if web standards and browser folk actually cared about users, they'd support and surface as many privacy settings as they could.
    Enough of that. Some links...

    Specs
    https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing
    https://www.w3.org/TR/html53/links.html#hyperlink-auditing

    Some historical discussions (chronological)
    [whatwg] <a href="" ping="">
    https://lists.w3.org/Archives/Public/public-whatwg-archive/2005Oct/thread.html#msg86

    Mozilla bug: Implement <a ping>
    https://bugzilla.mozilla.org/show_bug.cgi?id=319368

    Darin Fisher announcing initial implementation of <a ping> in Firefox
    https://web.archive.org/web/20060126211610/http://weblogs.mozillazine.org/darin/archives/009594.html

    [public-html] spec review: ping attribute
    https://lists.w3.org/Archives/Public/public-html/2007Oct/thread.html#msg337

    [public-html] Feedback on the ping="" attribute (ISSUE-1)
    https://lists.w3.org/Archives/Public/public-html/2007Nov/thread.html#msg42

    [mozilla.dev.apps.firefox] "ping" attribute UI
    https://groups.google.com/d/topic/mozilla.dev.apps.firefox/qEaXcMj5_lI

    [whatwg] Referer header sent with <a ping>?
    https://lists.w3.org/Archives/Public/public-whatwg-archive/2008Feb/thread.html#msg4

    [public-html] CHANGE PROPOSAL: Remove ping and hyperlink auditing (ISSUE-1 and ISSUE-2)
    https://lists.w3.org/Archives/Public/public-html/2009Dec/thread.html#msg183

    [public-html] CfC: Adopt ISSUE-1 PINGUI / ISSUE-2 PINGPOST Change Proposal to remove @Ping from HTML5
    https://lists.w3.org/Archives/Public/public-html/2010Feb/thread.html#msg795

    [whatwg] Current status of hyperlink authoring (a.k.a. the ping attribute) and some suggestions
    https://lists.w3.org/Archives/Public/public-whatwg-archive/2011Apr/thread.html#msg215

    [mozilla.dev.platform] Intent to ship: Hyperlink Auditing (<a ping>)
    https://groups.google.com/d/topic/mozilla.dev.platform/DxvZVnc8rfo

    Privacy concerns with ping attribute
    https://github.com/w3c/html/issues/1456 (closed)
    https://github.com/whatwg/html/issues/3718 (open)

    Mozilla Bugs
    Implement <a ping>
    https://bugzilla.mozilla.org/show_bug.cgi?id=319368

    Issues with support for "ping" attribute
    https://bugzilla.mozilla.org/show_bug.cgi?id=401217

    Missing UI distinction for a/@Ping attribute usage
    https://bugzilla.mozilla.org/show_bug.cgi?id=401352

    Enable <a ping> by default
    https://bugzilla.mozilla.org/show_bug.cgi?id=951104

    setting needed for users to alter/control <a ping> hyperlink auditing in order to adhere to spec
    https://bugzilla.mozilla.org/show_bug.cgi?id=1546198
     
    Last edited: Apr 26, 2019
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,961
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,961
    Yes, it is. But see my IVPN guides.

    A key aspect is using VMs to compartmentalize. So everything that I do in this VM, using this nested VPN chain, is as Mirimir. So I don't care whether it's all linked together. Just as long as it's not linked to my other personas, or to my meatspace identity.
     
  19. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,168
    @TheWindBringeth
    "If you are concerned about web tracking, and especially third-party exposures, you will want to take this seriously."
    Great post thanks.
     
  20. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,174
    Hyperlink Auditing Pings Being Used to Perform DDoS Attacks.

    https://www.bleepingcomputer.com/ne...ing-pings-being-used-to-perform-ddos-attacks/

    Also Google uses hyperlink auditing in their search result pages.
    Every time you click on a search result link, your browser will also
    send HTTPS POST request back to a Google url in order to track the click.

    Good reasons users should continue to have the option to disable it.
     
  21. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    756
    Location:
    USA
  22. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    999
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.