Skip to content
Naked Security Naked Security

Chrome, Safari and Opera criticised for removing privacy setting

Forthcoming versions of the Chrome, Apple Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings.

It’s a browser feature few users will have heard of, but forthcoming versions of Chrome, Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings.

This is a long-established HTML feature that’s set as an attribute – the ping variable – which turns a link into a URL that can be tracked by website owners or advertisers to monitor what users are clicking on.

When a user follows a link set up to work like this, an HTTP POST ping is sent to a second URL which records this interaction without revealing to the user that this has happened.

It’s only one of several ways users can be tracked, of course, but it’s long bothered privacy experts, which is why third-party adblockers often include it on their block list by default.

Until now, an even simpler way to block these pings has been through the browser itself, which in the case of Chrome, Safari and Opera is done by setting a flag (in Chrome you type chrome://flags and set hyperlink auditing to ‘disabled’).

Notice, however, that these browsers still allow hyperlink auditing by default, which means users would need to know about this setting to change that. It seems that very few do.

In contrast, Firefox changed the hyperlink auditing flag to off by default from version 30 in 2008, since when users have had to turn it on via about:config > browser.send_pings set to ‘true’.

What’s changing

It now looks as if Chrome and Opera users will soon be unable to change the default at all, leaving hyperlink auditing permanently set to on, while for Safari users this has already happened.

Browsers haven’t exactly gone out of their way to advertise the change, but a few developers have noticed, including Jeff Johnson of StopTheMadness browser extension fame.

According to Johnson, Safari 12.1 recently removed the setting – the irony being that Apple still promotes privacy as one of its virtues:

Apple claims that Safari is supposed to protect your privacy and prevent cross-site tracking, but hyperlink auditing is a wide open door to cross-site tracking that still exists.

As for Chrome:

I’ve been informed that chrome://flags#disable-hyperlink-auditing is now missing from the Google Chrome betas, even though it still exists in the current non-beta version. The flag was removed from the source code a little over a month ago.

Betas of Chrome 74 (which ships later this month) have dropped this flag, as has Opera which is built on the same Chromium engine and has shadowed the change in its developer builds.

For anyone wondering about Microsoft’s Edge, that apparently enables hyperlink auditing by default and offers no mechanism to turn this off. Given that Edge plans to move to Chromium in due course, this was inevitable anyway.

The counter-argument is that very few users have bothered to change the default browser setting for this type of tracking so removing it completely won’t register as much of a loss.

While true, this might be because users have never heard of the capability, or have simply resigned themselves to be tracked because that’s how the web seems to work.

While hyperlink auditing looks sneaky, it is one of the most benign forms of tracking. Because it relies on pure HTTP there’s no Javascript code to slow down your browser, and the cookies required to link two or more requests to the same individual are easily blocked by browser settings or plugins.

Firefox or Brendan Eich’s Brave browser continue to let users disable auditing pings entirely.


For SeaMonkey users: like its Mozilla kin, Firefox, SeaMonkey also defaults to FALSE for the browser.send_pings value.


“resigned themselves to be tracked because that’s how the web seems to work”…….another reason for VPNs full time.


A VPN doesn’t do much very to protect you from this sort of “double link” – the correlation between the link you clicked and the link that was quietly clicked for you still exists.


Set up a desktop launcher and add the command line switch –no-pings. Still works. With an editable launcher, the switches can be added or removed at will.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!