[whatwg] <a href="" ping="">

[James Graham]

Ian Hickson wrote:

>One of the patterns I've seen a lot while looking at big sites is this:
>
>   <a href="record?url=http%3A%2F%2Ffoo.example.com/"> Foo </a>
>
>...where "redirect" is a CGI script that records that the user followed 
>the link, and that then redirects the user to the real page (potentially 
>setting a cookie in the process).
>
>  
>
[...]

>Bearing the above in mind, I've added a section to the <a> element that 
>describes a ping="" attribute. The URIs given in this attribute would be 
>followed when the user clicks the link, thus getting around the problems 
>listed above.
>
>Now, because of number 4 above, I'm guessing this is going to be 
>controversial, which is why I'm calling this out explicitly (as opposed to 
>waiting til I've filled in all the TBW sections and then just asking for a 
>general review, since people might miss it if I did that).
>
>Thoughts? 
>
I'm not sure I see the point. There's no way anyone doing anything 
remotely evil is ever  going to use a mechanism that can be easily 
disabled or one that doesn't work in some UAs. There are plenty of ways 
of tracking  usage data without using the above pattern. I can't think 
of a sensible way of presenting the option to turn  off pinging in the 
browser UI (at least not one that is accurate. "Prevent sites from 
contacting other locations when I click a link" is the best I can manage 
and it's wildly wrong since  there are so many  other ways a site could 
do this).  There are also plenty of other  times when a link target URL 
will be obscured (consider any use of tinyurl.com and other such 
irritations/security hazards, blogs that use redirection to prevent 
comments affecting pagerank, and so on) so  the UI benefits are minimal 
at best.

-- 
 "As soon as people come up with a measurable substitute for whatever it is they care about they start treating it as more important than the real thing"
-Boris Zbarsky