All Your Browsing History Are Belong to Us

flashchrome

For several years, it has been a poorly kept secret that any Web site you went to could secretly search your browser’s history file to see what sites you had previously visited.  All the site owner had to do was ask.  And while browser history “sniffing” has been around for a long time, companies are finally starting to actively take advantage of it.  The time to act to prevent this clear threat to personal privacy is now.

The History of Browser History Sniffing

Browser history sniffing exploits the functionality of all Web browsers that displays hyperlinks of visited and non-visited sites in different colors.  That is, when you visit a Web site that contains links to a number of other urls, the links to sites you have not previously visited will be shown in blue, while the links to sites that you had previously visited will be shown in purple.  The links appear this way because the Web page is allowed to query to user’s browser history in order to know what color to render the links on the Web page.  Web sites can game this functionality by listing hundreds of Web addresses (often hidden to the user, who doesn’t see the links at all, blue or purple) to get answers from the user’s browser about what color to display the links.  In this way, Web sites can effectively play “go fish” with a user’s browser history file, asking if the visitor has visited www.facebook.com, or www.nytimes.com, or, perhaps more personally, www.viagra.com or www.gamblersanonymous.org.  If you’re curious to see how it works, the site www.whattheInternetknowsaboutyou.com provides several useful demonstrations.

The existence of this trick to query whether site visitors have visited a predetermined list of urls has been known for a long time.  It has been identified as “Bug 147777” in Mozilla’s development forum for nearly eight years.  And for years, researchers and privacy advocates have ask that the issue be addressed.  To date, nothing has been done, and unscrupulous Web site owners still maintain the capacity to determine whether site visitors have previously visited any other Web site.

Related Post:  The Multiple Meanings of the Term “Open”

Quite apart from the fact that Web sites don’t have the right to see where you’ve been on the Web, there are real dangers to unrestricted access to browser history files.  Identity thieves could find out what bank and credit card sites you use for better targeted phishing attacks. Furthermore, recent research suggests that sites could use data about visited urls to accurately determine the identity of site visitors.  One study released last month shows how a site could correlate browser history queries with publicly available information about group membership on popular social networking sites to reliably identify a large percentage of visitors to a particular Web site.  Thus, if you’re active on any number of popular social networking sites, any Web site you try to visit anonymously could very likely figure out who you are. Continue reading.

Related Post:  The Role of Privacy by Design in Protecting Consumer Privacy

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
4. Axo Finans.

Upcoming events

One Response

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
4. Axo Finans.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.