<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">A great danger with
preloading content is that many users *also* use mouse hovers to
safely inspect the URL of a suspicious link to check what URL the
link is pointing to rather than clicking to find out (particularly
when these links appear in emails, messages, and comments).<br>
<br>
A mouse hover over a link that nominally says "Example Bank of
Someplace" but the link hover reveals something like
"raNd0m.bankname.fakedomain . ru/infectUr'puter. php" it is a big
flag *not* to click on the link (I've seen enough spam messages to
know a good deal of the URLs are pretty much just as blatant as
that above fake example). However, if the browser tries to be
"smart" about a hovered link and starts preloading content (which
is enough to harvest the status of an email as active), or worse,
stupidly executes content from that webpage, you have made a users
attempt at being safe online into an actual security attack on
that user (a damned if you do, damned if you don't situation for
the user). Worse yet if the browser does all of this just because
of a hover that the user was not consciously hovering over
(perhaps the user was reading and moved the mouse without paying
attention to the mouse cursor, perhaps the page was scrolled and
then stopped with a link under the location of the mouse, etc).<br>
<br>
Personally, I feel the risk is too much to preload *anything* from
the Firefox (and should be outright banned from Thunderbird). A
few milliseconds lead on preload isn't going to make a huge
difference (especially when many user don't hover long, but rather
move and click; long duration hovering may in fact be more
indicative of a danger with the link). Thus, creating algorithms
to predict the future, read the mind of users (who all have their
own style of browsing behavior), seems — to me — to be a pointless
endeavor.<br>
</font>
</body>
</html>