[whatwg] <a href="" ping="">

ROBO Design robodesign at gmail.com
Sat Oct 22 03:36:07 PDT 2005

On Sat, 22 Oct 2005 00:34:28 +0300, Ian Hickson <ian at hixie.ch> wrote:

> On Fri, 21 Oct 2005, ROBO Design wrote:
> :-)
> I agree with most of your points. In reply to specific suggestions:
> You can do this already using <img> elements (in fact it's even more
> effecting for DDOSing a site since it happens as soon as the user goes to
> the page, not just when the user clicks a link). In practice it's not a
> problem.
> Redirects almost always involve multiple servers in large scale
> advertising situations, apparently, hence the multiple URIs.
> The suggestion for this originally came to me from Web advertisers, so  
> I'm
> not sure this is necessarily true.

I wouldn't have expected *this* to be suggested by web advertisers. Maybe  
they have some twisted ideas that I don't think of now :).

Now you just changed the meaning of 'this is very evil' (I was thinking of  
'evil' for companies). Actually, it's probably evil for users :).

> You can't really do that, just like today users can always just use the
> URI and ignore the redirect, they could do that with href="" ping="". In
> practice very few users will change that so it won't be a big deal.

True. Users who want to avoid advertisments and tracking methods just use  
specialized software for this (like ad blocker, ad muncher and many more).  
Yet, these are very few users.

Yet, try to keep a balance between what's good for users and what's good  
for Google *cough*.

I still see it as a 'security' or privacy issue to allow ping URLs to  
various third-party servers because it makes it easier for other sneaky  
developers to add their own ping URLs to other server. I'm talking about  
developers who will be doing UserJSs of the future, even proxy servers  
with content filtering, etc. I know what you are thinking of: how many  
will write UserJSs and how many witll use them? Expect in the future some  
really interesting web-viruses, thanks to the advent of web applications  
(not only this specification, I'm talking in general).

Writing this email I got an idea to the reason of why this would be useful  
to web advertising companies. They already make use of JavaScript, Flash,  
iframes, cookies and the like, so they don't care about N% of users  
disabling pings, JS, cookies, etc.

Yet, they do care more about tracking your behaviour (the pages you visit,  
the page you stay on the most). The ping= attribute you've been suggested  
to add makes it easy and the perfect solution for doing this. You almost  
said how: a very small script to parse the DOM, by searching for all links  
and the advertiser can add its own ping URLs. Seems simple to me and  
feasable. It's also easier than now.

They will be able to do this tracking cross-domain, very easily and  
simple. Not like now, because now cross-domain tracking of user behaviour  
is harder.

You are giving them too much liberty :). And ... in contradiction with  
what others said: it's actually something that will be used.

As Jasper said "to restrict it to the same host/domain as the source or  
the link would
pretty much make it useless for advertising networks, which often have
many servers.". Very true.

That's about all I got to say right now about this. It has some advantages  
to users (easy to disable) and some other advantages to advertisers  
(detailed above).

ROBO Design - We bring you the future

More information about the whatwg mailing list