And if the website owner is Google or Facebook, they can silently track every single link you click on their site without you even knowing about it. While you may be willing to trust Google if they say “we’re only using this to improve our overall PageRank algorithm”, I don’t, and there is no way in hell that Facebook is going to use this for any sort of purely benign “improvements” purpose.
Sure, they’re not the only companies that do this, and sure there are other ways of doing so (Tumblr clumsily converts every URL into an unintelligible t.umblr.com redirect, and Twitter treats every URL as a t.co URL internally, using JS mouseup events to tie links back to their t.co representation), but this implementation is specifically something that browser makers have decided users should have no control over, despite what the spec says about user choice.
Incidentally, the spec is also the only thing restricting cross-origin pings, and even that “restriction” only outlines what headers need to be sent with the ping. Browsers are free to send pings to any domain they like with nothing more than an extra “Ping-To” header if both the current domain and the ping domain are HTTPS.
That’s not clear from my reading of the spec - could you explain your reading further? My reading is that the browser is executing a POST with fetch - the standard CORS/same origin rules should still apply?
Apparently in some cases you clipboard can be maliciously edited by javascript. Now I’m not saying this is likely to happen, in fact I think it’s very unlikely, but if you really want to be sure, read the url from the link you want to go to and type it in manually. (this is just my convoluted way of illustrating that the manual solution isn’t really all that user friendly)
Wow, that is even worse then I expected, it changes the url on you releasing the mousebutton? that is evil…
I agree that this current practice with javascript and redirect links (or even a combination) is infinitely more slimy and user-hostile but I really don’t agree with the sentiment in this thread that seems to suggest that since it’s the lesser of a few evils we should therefore not criticize hyperlink auditing. Or even actively promote it to detract from the worse options. I think we should fight all forms of this hostile and shitty click-tracking.
Hmm, interesting. Might have to try that out. I’ve not had much luck finding out what engine it uses (although there are mentions of “webkit” in the source) but like you I would have thought they’d be in the same boat as FF and Brave.
Although to be honest it’s not worth losing sleep over IMHO as there are numerous other ways of tracking links.
I’ve been using DuckDuckGo as the default search in Safari on my phone and pad, and I’ve recently started using Firefox as my browser as well, since it’s been redesigned.
Works well, as does DuckDuckGo within Safari.
