I’m writing this post with some real hesitance, feeling like I’ve just stepped into a cigar-smoke filled backroom with the bunch of thugs who really run this town… and they’re pulling out their tommy guns to take me out as I’m frantically trying to write this.
Heh.
Yeah, I tend to get a bit melodramatic when I write, but this time I really feel like I’m tossing it on the line… I mean, this is my job I’m talking about here and though I’ve feigned to be so direct before, this issue cuts at the heart of the work that I’m doing. And fuck if I feel like a piece of me is dying as a result of this.
Darin posted yesterday about a new ping attribute being added to link anchors in the trunk builds in Firefox. Basically links that used to look like this:
<a href="http://flock.com">Flock</a>
can now be written like this:
<a href="http://flock.com" ping="http://myeviltracker.com?source=factoryjoe.com/blog">Flock</a>
The result? Well, hover over the link and you’ll get a handy little status bar message telling you that Firefox is about to open (in this case) flock.com as it silently pings myeviltracker.com in the background. The benefit to you? Well, supposedly because you’re no longer visiting the redirection sites prior to hitting your final destination, pages will be perceived as loading faster. Whoopee.
At least, that’s the idea as spec’d by the WhatWG. Including it’s inherent evilness (see #4).
So why does this matter so much to me? Well, because I’m working on building a browser based on Firefox. Decisions made upstream obviously effect this work since the Mozilla technologies that power Firefox make up the core of Flock. And the decision to enable browser.send_pings by default trickles down to us. We inherit that decision and all the baggage and rationales that come with it. Including the impact on privacy.
I’m not so naive that I don’t recognize that all of our behavior is being tracked, analyzed and quanitified already, both online and off. (Hey, I saw the Matrix too!) But right now, as Hixie pointed out, it’s being done by advertisers via a series of obfuscated redirection URLs. Ever use a service like eBates? Notice the 5 or 10 servers that you’re bounced across before you land at the final page? This ping attribute is designed specifically to address that "problem"… to make landing on your final destination… smoother, faster.. more calming… wha? huh?
Sorry, I dozed off.
So while all the greedy hands in an online transaction will presumably be daylighted in the status bar (yeah, like they’ll all fit), it’s how this feature is being pushed through that scares the bejeebies out of me the most.
And dammit, I feel like more of my online childhood is being robbed from me.
Think about it. Why is this feature being introduced? Who does it really help? Who does it really stand to benefit the most? Lemme give you a hint: it’s not you and it’s not me (despite what the proponents might say). Let me quote:
This change is being considered in large part because some very popular websites have asked for a solution to this problem.
Gee, can’t imagine which "very popular websites" those would be. Scoble, are you asking for features in competitor browsers again? C’mon man, we talked about that!
Oh wait, not that kind of popular… that kind of popular! As in… "all knowing, all seeing, all controlling"?
Oh oh, I get it; yes, exactly: to make tracking your behavior easier for advertisers.
And here I thought the next name for Firefox would surely be Volksfoxen.
If the features of the next generation of browsers (Firefox 2 Alpha is just around the corner etc etc) are being driven by advertising, TBL help us.
I mean, sure, we’re trying to ask some serious questions about what the next 10 years of browsers look like too and we’re also funded by dudes with stogies in dimly-lit rooms (oh what, I’m not supposed to say that?), but, as far as I’m aware (remember, I’m young, dumb and naive), I haven’t been asking what the advertising industry has on its wishlist when I design features. Nor the RIAA et al. Nor enterprise. And no, that hasn’t happened with Firefox just yet, but I’m just concerned that if we’re not vigilant, it might. (Hey,shuddup, it might!)
I mean, the future of the web that I’m interested in investing in doesn’t treat people as statistics to be quantified. No, instead it’s more about what they have to say, what their contributions to this massive jerky conversation pool might look like, what bit of brilliance they might shine on the web that will change my life forever. It’s happened a couple times already and it didn’t result from monetizing the web better.
This send_pings feature reeks of special interests. So hey yeah, just because we’re downstream doesn’t mean we’ve gotta accept everything that trickles down. Insomuch as I’ve yet to be convinced that this feature doesn’t do anything to humanize the web or improve web standards, or help people communicate better, I’m moving to keep it from landing as default "on" in Flock. Call me a luddite, fine, but bug logged. Consequences, well… be damned.
Factory Joe 
Chris, stop the melodrama.
You say:
When really, the current links look like:
<a onclick=”doSomethingTrickyToObscureWhatsGoingOn(); return true;” href=”http://flock.com”>Flock</a>
Would you rather bring it out into the light, where you can turn it off? Seriously, this spec gives users more control, not less.
You also say:
There are legitimate uses of click tracking…. google offers search history, other search engines like to track their effectiveness, etc. My point is that there are legitimate, non-scary uses of this stuff.
Please don’t demonize technology.
Of couse this little page will be able to track where visitors click, where they hover and even what other sites they’ve been to in the past, without extensions to html and without even javascript enabled.
<html>
<head>
<style>
a[href=”http://www.flock.com/”]:hover {
background-image: url(http://www.spyware.com/hover?http://www.flock.com/);
}
a[href=”http://www.flock.com/”]:visited {
background-image: url(http://www.spyware.com/visited?http://www.flock.com/);
}
a[href=”http://www.flock.com/”]:active {
background-image: url(http://www.spyware.com/clicked?http://www.flock.com/);
}
</style>
</head>
<body>
<a href=”http://www.flock.com/”>flock</a>
</body>
</html>
And it seems my example doesn’t show up… I put it up here:
http://bat.yakk.net/~yakk/spyware.html
There are about a dozen ways of achieving the same effect already that are undetectable to 99.999999% of the world. Ian posted one, Darin mentioned another–changing the link on mousedown. This feature doesn’t make things any worse for those users, and makes things better for the other .000001% (the ones who also know how to disable the feature).
Why would Firefox implement this feature “for advertisers” if advertisers can already do this just as easily and more discreetly? Why are you casting a wide and dark shadow on Firefox without supporting any of the insinuations?
Chris, you said “I’m not so naive that I don’t recognize that all of our behavior is being tracked, analyzed and quanitified already, both online and off….And fuck if I feel like a piece of me is dying as a result of this…This send_pings feature reeks of special interests…”
How many of the Flock partners do online user tracking of any form? Unless it’s zero, you must be carrying around several pieces of dead flesh already.
I’d sure like to see all of your partners and VCs fully document their plans so we could get uppity and histrionic like you.
It hardly seems fair to suggest that the “features of the next generation of browsers are being driven by advertising” when Flock has it’s own handful of unannounced ‘partnerships’ and special VC interests.
Special interests. Quit whining. Seriously.
– A
As it is, maybe a tenth of a percent of the users of Gecko-based browsers can avoid being link-tracked for sites that use a fairly regular and open pattern to their redirection URLs (with a url=… parameter, rather than with something opaque like linkid=13726873), with a Greasemonkey script or a bookmarklet that they use on particular sites.
If @ping actually gets adopted (at this point, there’s no actual reason to believe it will ever ship, since it’s just a partial implementation on the trunk, and what matters is adoption by sites, not by browsers), then the, what, 2-3% of users who’ve made the aquantance of about:config can avoid being link-tracked by turning it off.
The fact that losing those few percent is quite survivable for Google, which only samples clicks rather than redirecting them all, and can always throw in an even smaller sample of redirects in a sea of @ping to correct the sampling error from opt-outs, and not survivable for most other current uses of redirect URLs, is the real problem. We’ll get a tiny benefit, by not having to keep track of whether we’ve copy-pasted a Google redirect URL instead of the real URL that we wanted to post, but not big benefits like being able to open links to twenty different pr0n sites all at once, without waiting for connections to the redirect server two or four at a time. That’s the real problem: it’s too obviously something that users can opt out of, and people using redirects who don’t mind having you opt out are all too rare.
I don’t know what people are complaining about, this actually this sounds like a pretty huge *win* for internet privacy.
You *can’t* currently opt-out of link-tracking as it is currently done, using re-directs and mousedown listeners and what not. You *can* opt-out of this new pinging scheme.
So really, this feature just forces advertisers to be more honest explicit about the fact that they are going to track your clicks, giving you the opportunity to say “no”.
Hmm. Well, perhaps I wasn’t clear (totally possible if not altogether likely): it’s not so much the feature that I take umbridge with (my vote’s out currently) but how we, as an open source community, ought be vigilant now that there are bigger players involved in the creation of these apps.
And yes, Asa, I would include Flock in that scrutiny. Both you and I make our living because we’re fortunate enough to have people wanting to fund the open source technologies that we’re building… I just want to make sure that folks like you and I and Blake and Joe stay in the driver seats and don’t get swooshed aside for other… more commercially-driven ends.
That’s all. Typical Messina-esque paranoia. Carry on with your normal blog consuming.
Oh, I forget that you’re going to take over the world and making everything right, overthrow the aristocracy, give the common man his due and steal from the rich and give to the poor.
Seriously, why’s commercial interest worse than self-interest?
this seems dumb. what’s wrong with javascript onclick handler things? link clicky can be tracked without redirects already.
I’m with Joe Hewitt on this one. I would rather have the feature implemented in a way where tracking can be turned off by default, and I can still get to the links without going through all the middleman redirects. But I think it’s for that very reason that no webmaster in their right mind would ever use these ping tags – certainly no commercial webmaster, anyway. They already have too much invested in their fancy methods that work with most/all browsers. Why implement a new tag that robs them of revenue? Seems like a money-loser to me.
It’s like implementing a new tag on images called “bannerad” or something, and letting users turn off the banner ads. Sure, it’d be a theoretical win, but come on, what webmaster would actually use the bannerad tag?!?
I am all for good ole evil-doing and somesuch, so the ping proposal doesn’t really ruffle my feathers from that end. However, it _smells_ funny. Can’t say exactly why, but when I can articulate it, I will.
@Ryan: would you like to be Maid Maryann or Little John in my make-believe world of Robin Hood?
@Joe and Brent: The feature in and of itself may or not catch on with advertisers… it may not even end up in the final builds of Firefox as it’s been proposed. This whole debate, after all, does seem to be the open source peer review process in effect… However, as Brent said, besides the possible perception of pages loading faster, is it likely that this feature will catch across the web? Perhaps we can liken it to the standardization of rel=nofollow (though that was inherently backwards compatible).
Again, I don’t know if this feature is good or bad. As Joe point out, it puts a degree of perceived control in the hands of users, provided that current redirections are rewritten using the non-backwards compatible ping attribute. Even if every current Firefox user upgraded to Firefox 2 and had this feature on by default, as a link-tracker, it’s still more economically sensible for me to do both techniques to hit the widest audience.
I guess the big question is: if you build it, will they come… especially if (hopefully) this feature actually puts more control in the hands of end users?