Simple Ping Blocker for Firefox
Simple Ping Blocker is a new browser extension for the Firefox web browser that blocks any pings from being sent when links get activated in the browser.
Mozilla revealed recently that it would integrate Hyperlink Ping Tracking in the Firefox web browser and enable it by default.
Ping is a relatively new link attribute that web developers and site operators may add to links. The main idea behind ping is to send clicking information to a resource when links are clicked.
Ping is a controversial feature as it adds another tracking technology. Unlike the majority of tracking options, ping does not require JavaScript; it works just fine without JavaScript enabled in the browser.
Users cannot identify ping attributes of links by just looking at them or hovering the mouse cursor over links. Hovering reveals the link target but it does not reveal anything about the use of ping.
The only option, at the time of writing, is to analyze the source code to check links for ping attributes. You could bypass pings by copying links and loading them manually in the browser's address bar, but that is not very comfortable.
Google Chrome and most Chromium-based browsers won't have options going forward to disable Hyperlink Ping Auditing. Brave is one of the few Chromium-based browsers that has the feature disabled by default, and it seems that the browser is one of the few with Ping functionality turned off by default.
Mozilla is still working on integrating Ping in Firefox. The organization plans to enable it by default; whether the current browser.send_pings preference remains available so that users may disable Ping in Firefox remains to be seen.
It is quite puzzling that Mozilla would enable ping tracking in Firefox by default without user safeguards. Options could include highlighting links with the Ping attribute in a special way, displaying a prompt to users when they first encounter Pings, or better yet, disabling the feature by default but asking users whether they would like to opt-in when it is encountered.
Simple Ping Blocker
Users who don't want to risk it may install the Simple Ping Blocker extension for Firefox. The extension blocks all ping requests but does not modify links to remove the attribute from them or change the destination of the ping.
Note: uBlock Origin users don't need the extension as the content blocker comes with Ping blocking functionality. Chrome or Chromium users may also install Ping Blocker.
As far as Simple Ping Blocker is concerned, it is a set and forget kind of extension. Just install it and any ping you encounter from that moment on will be without function.
Ping is not enabled yet in Firefox and the add-on does not do a thing right now because of that. You could bookmark it to keep it in reach or install it and deactivate it until Mozilla enables Ping to activate it.
IMHO uBlock Origin should be run in the OS.
Should I allow uBlock to run in private window ?
Don’t most modems have settings that shut down reply pings? It seems like it would be better to shut it down there.
It’s a totally different sort of pings you’re talking about, probably that :
https://en.wikipedia.org/wiki/Ping_(networking_utility)
The ghacks article is about “hyperlink auditing” pings :
https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing
@jern:
I’m not entirely sure what you’re getting at, so I’m taking a guess here. Please forgive me if I’ve guessed wrong.
Are you referring to the ability to disable ping responses in routers/cable modems? That’s an entirely different and unrelated sort of network level “ping”. The URL ping being referred to here is an optional attribute in HTML links. These are not network level pings (in my opinion, they aren’t even “pings” in the sense that the word is usually used in the network world), and your router/cable modem has no control over them.
This is different from the ping which requests a reply asap. This is baked into html anchor tags as the ping attribute. The ping here makes links connect to 2 places instead of 1. First, connect to the destination; and second, report to another party that you clicked on this exact link.
Two different things.
https://en.wikipedia.org/wiki/Ping_(networking_utility)
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-ping
Thanks for this article Marin.
“uBlock Origin blocks pings by default”
…aka why Raymond Hill, along with the hard working list maintainers, share company with the most trusted humans on the net.
“It is quite puzzling that Mozilla would enable ping tracking in Firefox by default”.
Mozilla’s current logic to enable ping tracking is complete nonsense and has zero validity. This change reverses course to FF’s current setting which is tracking being disabled tracking by default; you know, when FF once respected user privacy.
FF intentionally leaking user data is why power users are increasingly loosing faith, trust, and respect for Mozilla and why everyday, we are less inclined to recommend Firefox. It’s getting to the point where the love that has dried up many years ago is becoming replaced with complete contempt, distrust, and cynicism.
Simple Ping Blocker has 10 users, I’m no 11, I guess. Don’t need it but now I won’t forget it.
In Mozilla’s intelligent search, “Simple Pink Floyd” shows up, too. They need to fix that awful search function.
To ping or not to ping
Dear Mr. Brinkmann
Your ‘new’ link attribute
a ping="URL"is as old as this Fried Fish with a 13 years old beard.Sincerly Your Pong
@99:
Nobody is saying the Ping attribute is new. What’s new is Mozilla’s desire to start honoring it by default.
Can you provide any reliable source, other than quoting BleepingComputer, that confirms your assertion? Ideally a link to an official Mozilla Source?
Thanks
This is the tracking bug: https://bugzilla.mozilla.org/show_bug.cgi?id=951104 It appears, from recent edits, that Mozilla plans to add UI controls.
And this is the discussion at “mozilla.dev.platform” some 5 years ago:
Intent to ship: Hyperlink Auditing ()
This is the “recent edit”Bug 1546198 reportet by Nick Doty, who started the discussion again at W3C/html
Privacy concern with ping attribute #1456
a year ago.
That said, it’s nowhere near that
Sincerly
I’s like to interject here on your savvy comment, as the web archive link provided stats the following:
> It is now possible to define a ping attribute on anchor and area tags.
> The point of this feature is to enable link tracking mechanisms employed on the web to get out of the critical path and thereby reduce the time required for users to see the page they clicked on.
So m0z|lla was selling BS even 12 years ago.
“So m0z|lla was selling BS even 12 years ago.”
Anti delirium measures for the acute confusional state of any “Magic Poison Seller”
https://caniuse.com/#feat=ping
What’s confusing is that this caniuse.com link says that until now pings were disabled by default in Firefox “for privacy reasons”, while Mozilla says “the reason we don’t yet enable the hyperlink ping attribute is that our implementation of this feature isn’t yet complete.”…
In other words at Greek calends ;~)
It seems like a lot of people are confused when it comes to what privacy is. If your browsing is being tracked, your browser is sending telemetry, or any kind of usage statistics is being collected, it does not mean your privacy is being exposed or abused. As long as no part of the information has a label on it that can identify you as a human person (name, age, race, etc) then you really don’t need to worry. It’s like your neighbor who has a ten foot fence around his house. You know he’s there as you can hear him doing something, but you have no idea of any information of what he is doing on a personal detailed level. So many people get all fired up when a company does something like this yelling “They say they’re about privacy, and they do this!”. Really? Whatever. So you get a better browser with it. So you get targeted ads with it. Do you see your name in blogs being posted “Dave from Washington just browsed for underwear!”? No. Get over it people.
@Bobby Phoenix: “If your browsing is being tracked, your browser is sending telemetry, or any kind of usage statistics is being collected, it does not mean your privacy is being exposed or abused.”
Yes, it does. It may not mean it’s being used for a nefarious purpose, but my privacy is being abused any time that an entity is collecting information about me or my use of my machines without my active, informed consent.
“As long as no part of the information has a label on it that can identify you as a human person (name, age, race, etc) then you really don’t need to worry.”
Also not true. If the information gathered can be tied back to any machine that you use, then you need to worry. That a single, individual piece of data may be innocuous is meaningless when companies regularly correlate massive amounts of “innocuous” data and develop highly invasive profiles of you.
None of this may be an issue for you — that’s fair and entirely legitimate. However, it is an issue for a lot of people, and that is equally fair and legitimate.
“If your browsing is being tracked, your browser is sending telemetry, or any kind of usage statistics is being collected, it does not mean your privacy is being exposed or abused.”
True, but so is the opposite: it doesn’t mean your privacy is not being exposed or abused. And it just so happens that tracking people online has proven to be immensely lucrative:
“For the 2006 fiscal year, the company reported $10.492 billion in total advertising revenues and only $112 million in licensing and other revenues.”
This was 13 years ago and the company has only grown larger. So there’s an obvious incentive for companies to not respect your privacy, especially since only recently there have been some efforts to prevent this from happening, and still the penalties are laughable for these type of companies.
Let me also remind you of Facebook and how it took advantage of user data to influence political campaigns. If that is not alarming to you, even if on principle, then I suggest you read a history book. Or eight.
Is not that the world will end tomorrow even if we all give up our privacy right now. I’m not even suggesting that everybody drop what they are doing and start wearing tin foil hats or go live in the middle of the mountains. But I am saying that privacy has value and is a bigger topic than it seems.
> If your browsing is being tracked, your browser is sending telemetry, or any kind of usage statistics is being collected, it does not mean your privacy is being exposed or abused. As long as no part of the information has a label on it that can identify you as a human person (name, age, race, etc) then you really don’t need to worry.
The information will often come with an IP address at least, which can be a strong identifier. Data de-anonymization techniques exist too : https://en.wikipedia.org/wiki/De-anonymization
But what if exploited data could magically be made really irreversibly anonymous ? That’s how some surveillance capitalists are trying to redefine privacy to be able to exploit commercially “anonymized” sensitive user data for advertisers while looking like the good guys. I disagree : any exploitation by someone else of my sensitive data that I did not freely consent to is an invasion of my privacy, even if it could actually be anonymized in a trustworthy way, and furthermore, even if that happens only locally on my machine.
@Anonymous: “what if exploited data could magically be made really irreversibly anonymous ?”
That would be awesome, and a game-changer. Unfortunately, it isn’t clear how this could be done, and so far, nobody’s managed to do it.
In a world where Big Data rules, “anonymization” appears to be an unattainable goal.
Neighbor I can’t see is mowing his lawn; I can hear it. He doesn’t use a service, I know that, so it’s almost certainly him.
If your IP is revealed, and it is unless you block it, you’re known to that level. If 1000 people share your IP on a regular basis, no problem. Otherwise, problem.
If you trust your Internet Provider (not possible in USA, they now track and sell your data) and the myriad others you interact with as you browse along with everyone they send data to, the 4th, 5th etc. levels, fine.
IP’s only one identifier, there are many more.
Example, If I go to Buzz Feed, one of the most click hungry and ad sellingist sites on earth (take this quiz and we’ll tell you if you’re cake or a railroad spike), I can watch my tracker counter zoom to 99, that’s as high as it goes, no idea what the true value is. What’s 99 squared or raised to the fourth power? If you trust 10,000 parties with your data, OK. That’s not privacy or even good security.
If companies you can’t even identify can track you and send YOU ads for junk you don’t want and would never click on, you have every right to block them if you want.
Note: uBlock Origin users don’t need the extension as the content blocker comes with Ping blocking functionality. Chrome or Chromium users may also install Ping Blocker.
This is nice but then, why do i use API Killer Beacon as a headshot for pings? This extension shows me that there is 144 occurences on this site alone ?!
> It is quite puzzling that Mozilla would enable ping tracking in Firefox by default without user safeguards.
Both Apple and Mozilla, two companies that pride themselves in caring about privacy, have stated that disabling the ping attribute does not improve the user’s privacy in any meaningful way.
If you’re puzzled by this, than that indicates to me that you don’t understand the issue.
> Both Apple and Mozilla, two companies that pride themselves in caring about privacy
As a general rule, you should not trust blindly marketing campaigns.
Apple : https://www.gnu.org/proprietary/malware-apple.en.html#surveillance
Mozilla : https://spyware.neocities.org/articles/firefox.html
oh, the irony?
@Å ime Vidas: “If you’re puzzled by this, than that indicates to me that you don’t understand the issue”
Some of us understand the issue very well, and simply disagree with the reasoning being put forth by Apple and Mozilla.
Is Chrome really that much worse than Firefox at this point, I wonder?
Yes.
Thanks for your thoughtful contribution, Nebulus. I have now completely changed my views because of it.
Something, something “firefox is all about privacy”…
“uBlock Origin users don’t need the extension as the content blocker comes with Ping blocking functionality. Chrome or Chromium users may also install Ping Blocker.”
Hello,
could you tell me where and what to do in uBlock Origin do have this functionality?
Thank you.
Arnauld:
https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#disable-hyperlink-auditing
It is the main dashboard settings, subsection Privacy.
Open the Options of uBlock and locate the Privacy section under the Settings tab. There you find Disable hyperlink auditing which should be enabled by default.
Thanks.
Ops, sorry, google search results are a different beast of link tracking, uBO and uM work as espected regarding pings.
From what happens here I could say uBO anti-spypign is not effective with google, with TCPwiew I can see outgoing bytes to google server (+1 packet)when clicking on a search result, this behaviour stops with “don’t track me google” extension.
(I have FPI enabled + Temporary Containers + uMatrix + CanvasBlocker, so there could be a conflict, but maybe not.)
And does it stop if you use the “Ping Blocker” extension mentioned in the article?
“Google search link fix” by Wladimir Palant (ABP guy) can do the same
https://palant.de/2011/11/28/google-yandex-search-link-fix/
I think ublockorigin already has this preventative measure.
Under Settings> Privacy, the second one down is ‘Disable Hyperlink Auditing’ which is what simple ping blocker says it targets.
As for the need for it, well Mozilla is going to have to explain themselves (again). I still have no intention of using another browser but we do expect rationale for privacy-antagonistic choices on our behalf.
@mozzy:
Not everyone wants to or can use uBo or the like.
Right now, though, no extension is needed to stop this — Firefox has an in-built setting that disables it (and it is disabled by default). This has become a topic because Firefox is talking about changing that default setting, but users will still be able to disable it anyway.
There are rumors that Mozilla may remove the ability to disable it at some point in the future, but those are currently only rumors and even if true, they haven’t actually done it yet.