From HTML WG Wiki
Jump to: navigation, search

New ping attribute can be specified on a and area elements

Issue: There are various methods for tracking clickthroughs on a link for advertising or QA purposes. Many of which involve executing a script (client-side or server-side) to perform tracking before following a link. This obscures the destination of the link to the end user, forces the UA to follow HTTP redirects before reaching the destination, and/or requires Javascript to follow a hyperlink.

Current Draft

Rationale: Why this Attribute Should be Added

  1. Added functionality. It allows the user agent to inform users which URIs are going to be pinged as well as giving privacy-conscious users a way to turn it off.
  2. The user reaches the destination without waiting for tracking URLs to be pinged and regardless of whether pinging the tracking URLs is actually successful.
  3. As specified, the POST method is used WHATWG list
  4. Allows for multiple URLs to be pinged.
  5. Allows the UA to indicate links to destinations that have been already-visited even if the tracking URLs are different Smylers on public-html
  6. Applicable Design Principles (proposed)
    • Specific Principle (TBA)

Rationale: Why This Attribute Should Not be Added

  1. Most of the current script based tracking solutions add details about the UA such as window size and current page title. If @ping doesn't support this there is a risk of this attribute not being used.
  2. A script based solution can add the tracking behaviour to all links on a page. How is @ping supposed to work for links added in a WYSIWYG editor where the content editor is unaware of the concept of "tracking"? @ping requires changing WYSIWYG software and UAs.
  3. Relying on it for tracking while some UAs do not support it will lead to inaccurate tracking
    • This can be mitigated to some degree with Javascript WHATWG list
  4. It can be disabled, which will lead to inaccurate tracking WHATWG list
    • The HTTP Referer header can also be disabled, but most users leave it enabled, so it is assume that most users would leave @ping enabled as well, depending on the User Agent's UI. WHATWG list
    • However, web sites can refuse to function if they do not receive a Referer, but a link won't be completely broken if @ping is disabled (citation needed)
  5. It can be used maliciously.
    • By adding a @ping attribute pointing to your web site to every link (navigation or otherwise), I can cause unnecessary load on your server in a way that is invisible to the casual end user. WHATWG list
    • "You can do this already using <img> elements (in fact it's even more effecting for DDOSing a site since it happens as soon as the user goes to the page, not just when the user clicks a link). In practice it's not a problem." ROBO Design (October 2005)
    • I can write a UserJS script or a browser extension that adds a @ping attribute to every link on every page that will allow me to spy on your browsing behavior (in a way that's possibly sneakier than current methods) WHATWG list
  6. POST is an unsafe HTTP method. UAs should not invoke unsafe methods without the user's consent. If at all, please use a safe method (GET/HEAD...) instead. public-html
  7. Applicable Design Principles (proposed)
    • Specific Principle (TBA)

Related E-mail: Month Year

  1. "It's like cookies. They're not inherently evil and, indeed, sometimes very useful, but their abuse for evil purposes gave them a bad reputation." Lachlan Hunt (October 2005)
    • Web sites can refuse to function if cookies are disabled, but a link won't be completely broken if @ping is disabled (citation needed)
  2. "The problem at the moment is that the redirect mechanism obscures the eventual target URI. It would be good to have the target URI separate from the tracking URIs, so that the UA can show each of them separately in the UI, indicating the user who is getting told what." Ian Hickson (October 2005)