On Thu, Jan 19, 2006 at 10:20:20PM +1300, Hadley Rich wrote: > I must confess that I routinely put redirects in links to track clicks when I > am asked to by clients, but this is something else. At least with redirects > the end user can see the URL in the status bar and decide not to click it, or > copy and paste or whatever.
It's putting into the browser a function that previously was carried out server-side by the site operator. The rationale is that previously you had to get a redirect from the hosting site, and now you can just go directly to the target site, with an asynchronous notification to the hosting site. Much quicker. Two systems are offered to mitigate the 'stealth' nature of the tracking - a visual/style differentiator so that the user can see multiple pings will be triggered on link activation, and a security setting to limit pings to the hosting site (similar to cookie controls). Of course, it's a trivial GreaseMonkey script to remove the ping attributes from the HTML before the browser renders them. And at least you'll see the list of servers that are doing the tracking, making it easier to automatically block traffic between yourself and them. You didn't have those options when tracking was carried out only by the hosting server. The key argument is the default state of this feature - if it's switched on by default with no notifications, when it reaches the stable/download release versions it's evil. If it pops up a dialogue saying "ping notification will be sent - cancel/ok?" (similar to secure form submit, etc) it's almost acceptable, but not quite. If it's the opposite dialogue "ping notification requested ... OK to send?" it's better. But being switched off by default with no mechanism to enable it doesn't sound too useful - you may as well have not bothered with the feature at all in that case. So please consider the full ramifications of the alternatives before getting too paranoid ... -jim
