So as part of the generally good HTML5 spec, the authors have added an absolutely awful un-feature called ‘hyperlink auditing’.
So what is this? Well a classic HTML link looks a little like this…
<a href="https://www.chrisrcook.com/">Go!</a>This will create a simple link with the text ‘Go!’ that, when clicked, will take you to a location – in this case ‘https://www.chrisrcook.com/’.
The HTML working group have added the option of a second attribute value called ‘ping’. This allows links like this…
<a href="https://www.chrisrcook.com/" ping="http://spying-gits.com/our_tracker">Go!</a>So what happens here? Well, as before, clicking on the ‘Go!’ link will take you to ‘https://www.chrisrcook.com’. It will also open a second connection to the ‘http://spying-gits.com/our_tracker’ – and so allow hidden third party auditing of your browsing activity and will do so in a way that will not be disabled by classic tracker and ad blockers.
Firefox have taken the sensible route and disabled this functionality by default. Chrome, being the offensive arm of the Google Ad Empire, sends the tracking mark back by default. Apple, in spite of their public commitments to privacy, have implemented it as of Safari 12.1.
Which is a terrible mistake.