Google is doing something very similar to this by the way. On their search results page, if you hover on any link the destination address shown on the bottom part of the browser looks like it'd take you directly there if you clicked, but when you do click, the href of the link is overwritten so the actual link takes you to google.com/?randomvariables&url=http://...
This has always concerned me, not because Google is tracking this, but because this trick could do real harm in the hands of a malicious dev. I mean, who checks the source code of a page to make sure hrefs are not overwritten before clicking a link?
PS: I know what you'll suggest, "browser with javascript off then!". No thanks. I spent ~1 year using NoScript on Firefox and I can say I ended up hating it with a passion. It cripples web browsing and makes it a really frustrating experience, and in 70% of the cases you are forced to allow Javascript on the page with its subsequent page reload.
This has always concerned me, not because Google is tracking this, but because this trick could do real harm in the hands of a malicious dev. I mean, who checks the source code of a page to make sure hrefs are not overwritten before clicking a link?
PS: I know what you'll suggest, "browser with javascript off then!". No thanks. I spent ~1 year using NoScript on Firefox and I can say I ended up hating it with a passion. It cripples web browsing and makes it a really frustrating experience, and in 70% of the cases you are forced to allow Javascript on the page with its subsequent page reload.