HTML5 ping tracking – Firefox will enable it by default:
– HTML5 ping attributes can be used to track people if they click a link (<a href=… ping=…>) by sending POST requests to an arbitrary amount of hosts
– Steve Gibson talked about it in Security Now 709: https://mastodon.at/@infosechandbook/101899819296611698
– ping is enabled in Chrome, Opera, Edge, Safari by default
@infosechandbook Now I understand why Waterfox exists. What the hell is wrong with Mozilla?
There is a difference between the host the link points to being part of the tracking network, and my browser talking to a third-party website on its own.
It can still be disabled in about:config, but this should never be enabled to begin with, and I don't trust Mozilla with keeping it configurable in the future.
@captainepoch @Sturmflut @infosechandbook I like that Mozilla actually cares about privacy, not merely about *looking* like they care. Blocking of ping looks good, but is bad for actual privacy. Mozilla here is brave enough to take the heat from people who don't understand how link tracking works already, to make an actual improvement.
Found an addon for Chrome, waiting for a patch for Firefox!
Disable hyperlink auditing beacon. Fight back against advertising surveillance - dhowe/AdNauseam
> HTML5 ping tracking – Firefox will enable it by default:
I started out *very* skeptical of this move but, after reading the link you provided, have to admit that their logic makes sense: given that the overwhelming majority of sites that want this info currently track it in JS, letting them track the same data with an HTML attribute would reduce page bloat without changing privacy.
That said, I hope that they keep a way to turn it off for people who disable JS
It's always a trade-off, in which the majority with unchanged defaults protects the minority that uses opt-out, because it isn't worth to implement a second tracking for the few people, that actually use the opt-out.
In principle, we should aim to protect everyone from tracking, but many of these people do not even have an adblocker and keep their cookies until the year 2038 if they don't buy a new PC.
So they will be tracked with or without the standard anyway and they do not care.
@allo "The popular content blocker uBlock Origin blocks pings by default as well, and it is available for Firefox, Chrome, and other browsers."
The problem is not on the technology but the use of it. It's on the webmaster side. Why they don't care about their customer's privacy? Why customers don't care about it too and still accept Google terms of service.
We should emphasize good websites and discard the others.
@infosechandbook This is a very good news! Neutral for privacy, increase in transparency, and win for performance.
@infosechandbook I know you're all guilty of reading books unauditably! You should have written your name and date on each page at the bottom so the authorities can properly ensure our safety.
can a vpn counter this ?
Should the common man start using counter-espionnage tactics to maintain dignity and privacy ?
The purpose of VPNs isn't privacy in the first place. So, no, it is very unlikely that a VPN provider changes anything in this scenario (except your IP address).
You can try to block it by using addons, however, as always companies will come up with another tracking technique.
@infosechandbook we'll all end up using NetSurf soon…
mastodon.at is a microblogging site that federates with most instances on the Fediverse.