All Your Browsing History Are Belong to Us

For several years, it has been a poorly kept secret that any Web site you went to could secretly search your browser’s history file to see what sites you had previously visited.  All the site owner had to do was ask.  And while browser history “sniffing” has been around for a long time, companies are finally starting to actively take advantage of it.  The time to act to prevent this clear threat to personal privacy is now.

The History of Browser History Sniffing

Browser history sniffing exploits the functionality of all Web browsers that displays hyperlinks of visited and non-visited sites in different colors.  That is, when you visit a Web site that contains links to a number of other urls, the links to sites you have not previously visited will be shown in blue, while the links to sites that you had previously visited will be shown in purple.  The links appear this way because the Web page is allowed to query to user’s browser history in order to know what color to render the links on the Web page.  Web sites can game this functionality by listing hundreds of Web addresses (often hidden to the user, who doesn’t see the links at all, blue or purple) to get answers from the user’s browser about what color to display the links.  In this way, Web sites can effectively play “go fish” with a user’s browser history file, asking if the visitor has visited www.facebook.com, or www.nytimes.com, or, perhaps more personally, www.viagra.com or www.gamblersanonymous.org.  If you’re curious to see how it works, the site www.whattheInternetknowsaboutyou.com provides several useful demonstrations.

The existence of this trick to query whether site visitors have visited a predetermined list of urls has been known for a long time.  It has been identified as “Bug 147777” in Mozilla’s development forum for nearly eight years.  And for years, researchers and privacy advocates have ask that the issue be addressed.  To date, nothing has been done, and unscrupulous Web site owners still maintain the capacity to determine whether site visitors have previously visited any other Web site.

Quite apart from the fact that Web sites don’t have the right to see where you’ve been on the Web, there are real dangers to unrestricted access to browser history files.  Identity thieves could find out what bank and credit card sites you use for better targeted phishing attacks. Furthermore, recent research suggests that sites could use data about visited urls to accurately determine the identity of site visitors.  One study released last month shows how a site could correlate browser history queries with publicly available information about group membership on popular social networking sites to reliably identify a large percentage of visitors to a particular Web site.  Thus, if you’re active on any number of popular social networking sites, any Web site you try to visit anonymously could very likely figure out who you are. Continue reading.

Related Posts

Unintended Consequences: Twelve Years Under the DMCA Twelve years after the passage of the controversial Digital Millennium Copyright Act (DMCA), the law continues to stymie fair use, free speech, scient...
Sign the petition: iPad DRM is iBad for our freedoms Today, Apple launched a computer that will never belong to its owner. Apple will use Digital Restrictions Management (DRM) to gain total veto power ov...
How to enhance the physical security posture of your Linux/BSD-powered PC Securing a computer goes beyond more than just using strong passwords. You should consider what happens if an unauthorized person gains physical acce...
Google Superbowl Ad Explains The Need for Search Privacy Google's ad during yesterday's Superbowl explained in less than a minute how the story of someone's life can be pieced together from their search quer...
Bilski Ruling and Software Patents As opinions form about the extent to which the Court ruling impacts the patenting of software, one thing is clear. The State Street ruling that in 199...
A Bill of Privacy Rights for Social Network Users Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connection...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


One Comment

  1. Mudbox is a software for 3D sculpting and painting which bdedaccdkgff

Leave a Comment

Your email address will not be published. Required fields are marked *

*