On 16/5/14 11:20, Tim Taubert wrote:
Jonathan Kew wrote:
"User agents should allow the user to adjust this behavior, for example
in conjunction with a setting that disables the sending of HTTP Referer
(sic) headers. Based on the user's preferences, UAs may either ignore
the ping attribute altogether, or selectively ignore URLs in the list
(e.g. ignoring any third-party URLs)."
Users can disable sendings pings by flipping a preference. They can
limit the number of pings sent per link. They can restrict pings to the
same host as the document in which the click occurs by flipping a pref.
"When the ping attribute is present, user agents should clearly indicate
to the user that following the hyperlink will also cause secondary
requests to be sent in the background, possibly including listing the
actual target URLs."
This is covered by bug 401352.
...which has seen no apparent activity since it was filed, over 6 years
ago. :(
What's our story here? It's not obvious to me from a (brief) look at the
bugs whether we have addressed these issues. Without them, I find the
idea of <a ping> quite disturbing...
We don't have a story here at the moment. Sites currently audit external
navigation by using redirects and sync XHRs which don't notify the user
either but at the same time make navigation a lot slower.
Calling the whole idea of <a ping> "disturbing" makes it sound like we
would introduce a whole new concept, we just provide a saner way to do
things that lots of web pages want. There is no obvious disadvantage to
the user from my POV here.
When I click a Google search result (for example), I can see -- thanks
to the status overlay that shows the URLs being requested -- that it's
redirecting me via a Google URL that is presumably being used to track
me. So although this is hardly an optimal UI, at least I get a clue that
the site is doing something more than simply giving me a link that I
follow, and if I want to avoid telling Google which results I'm
clicking, I need to somehow work around this.
If this is replaced by the use of <a ping> on those search results, then
(AFAICT) there will no longer be *any* clue to alert me as a user to the
fact that the site is monitoring which result I click on. This allows
pages to more easily track me without ever bringing it to my attention.
So I do think there's a disadvantage here.
JK
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
