Decius wrote:

It is now possible to define a ping attribute on anchor and area tags. When a user follows a link via one of these tags, the browser will send notification pings to the specified URLs after following the link.

If IE picks this up, MemeStreams could use it...

Viva la Smurf Attack!

I have to wonder if the Mozilla developers have fully considered the implications of this feature. With browser redirect tracking, the company providing the content bears the burden of processing; with the track back mechanism implemented in the client, no such limitation exists. This by itself would not necessarily be a problem, except for the fact that the developers appear to be supporting MULTIPLE track back locations.

This is Bad.

Consider for a moment what kind of havoc that could be reaped by compromising a banner ad server to include a list of track back urls that all resolve to a single, unsuspecting, network. Someone just got a free army of DDoS clients, all courtesy of your friendly web browser. If one considers the implications of this feature being implemented in an html rendering engine, then the consequences of a spammer taking advantage of this "feature" become truly frightening.

Fortunately, all is not lost for this technology. If the track back ping implementation is limited to a single URI, then its potential for abuse becomes equivalent to that of the IMG SRC tag.