Firefox

Mozilla has told BleepingComputer that they will be enabling the tracking feature called hyperlink auditing, or Pings, by default in Firefox.  There is no timeline for when this feature will be enabled, but it will be done when their implementation is complete.

For those not familiar with hyperlink auditing, it is a HTML feature that allows web sites to track link clicks by adding the "ping=" attribute to HTML links. When these links are clicked, in addition to navigating to the linked to page, the browser will also connect to the page listed in the ping= attribute, which can then be used to record the click.

You can see an example of what a hyperlink auditing, or ping, HTML link looks like below. This would render a link to www.google.com, but would cause your browser to connect to www.bleepingcomputer.com/pong.php so that the click can be recorded.

Ping HTML Link

Ping HTML Link

When these links are displayed on the page, they will appear as a normal link and if a user clicks on it, there is no indication that a connection is being made to a different page as well.

Privacy risk?

Earlier this month, we covered how Google Chrome, Opera, Microsoft Edge, and Safari enabled hyperlink auditing pings by default. While some browsers currently enable you to disable this feature, all of the mentioned browsers will no longer allow users to do so in the future.

Flag in Chrome to disable hyperlink auditing
Flag in Chrome to disable hyperlink auditing

For some users, any tracking method, including hyperlink auditing, is seen a privacy risk and that they should always have the ability to disable it if they wish. 

For this reason, when it was shown that Firefox and Brave do not enable this feature by default and did not appear to be doing so in the future, people praised the browser's decision.

Furthermore, a recent report has shown that hyperlink auditing pings have been used by attackers to perform DDoS attacks on web sites.

Mozilla feels it's a performance improvement

While some users feel this feature is a privacy risk, browsers developers feel that trackers are going to track, so you might as well offer a solution that provides better performance.

In a post by Apple, the WebKit developers explain that hyperlink auditing pings are a performance improvement because unlike other tracking methods, they do not block or delay the navigation to the requested site. 

"Just turning off the Ping attribute or the Beacon API doesn’t solve the privacy implications of link click analytics. Instead, it creates an incentive for websites to adopt tracking techniques that hurt the user experience. In effect, the choice between supporting Ping and not is not one of privacy, rather it is a choice between a good user experience and a bad one."

After reading Apple's post, I contacted Mozilla to see if they agreed with the views expressed in the WebKit article.

Mozilla told BleepingComputer via email that they agreed with Apple's views on hyperlink auditing. Furthermore, they stated that the only reason it is not currently enabled by default in Firefox is because their implementation is not ready.

"We agree that enabling the hyperlink ping attribute that is commonly used for hyperlink auditing isn’t a question of privacy but a matter of improving the user experience by giving websites a better way to implement hyperlink auditing without the performance downsides of the other existing methods listed in the webkit.org blog post. In fact, we already support the sendBeacon API and the reason we don’t yet enable the hyperlink ping attribute is that our implementation of this feature isn’t yet complete."

When we asked if they felt that users should at least be given the ability to disable the feature if they wish, Mozilla stated that they did not believe it would have any "meaningful improvement" to a user's privacy.

"We don’t believe that offering an option to disable this feature alone will have any meaningful improvement in the user privacy, since website can (and often already do) detect the various supported mechanisms for hyperlink auditing in each browser and disabling the more user friendly mechanisms will cause them to fall back to the less user friendly ones, without actually disabling the hyperlink auditing functionality itself."

Brave states it will continue to block this feature

After Mozilla's response, we also contacted Brave Software to ask if they had any plans to enable hyperlink auditing in their browser.

"Disabling hyperlink auditing is a crucial privacy feature, and Brave has always disabled this by default," Catherine Corre, Head of Communications at Brave Software, told BleepingComputer via email. "Brave users expect this protection from our browser."