Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sniffing Browser History Without Javascript

Posted by kdawson on from the hole-in-css dept.

Ergasiophobia alerts us to a somewhat alarming technology demonstration, in which a Web site you visit generates a pretty good list of sites you have visited — without requiring JavaScript. NoScript will not protect you here. The only obvious drawbacks to this method are that it puts a load on your browser, and that it requires a list of Web sites to check against. "It actually works pretty simply — it is simpler than the JavaScript implementation. All it does is load a page (in a hidden iframe) which contains lots of links. If a link is visited, a background (which isn't really a background) is loaded as defined in the CSS. The 'background' image will log the information, and then store it (and, in this case, it is displayed to you)."

7 of 216 comments (clear)

  1. Well, we fixed it... by slarrg · · Score: 4, Funny

    You can't tell what sites I've been to if it's Slashdotted!

  2. How to interpret results by noidentity · · Score: 4, Funny
    If the server responds

    Service Temporarily Unavailable

    The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

    then it means you've come from Slashdot.

  3. Re:Doesn't work on me by Kotoku · · Score: 4, Funny

    Awesome! Now for all the people who can take and act upon that advice, we can protect .000001% of the population.

    It's a start!

    --
    AnimePapers.org: Anime Wallpapers Handled With Care
  4. Re:For the Masses by Opportunist · · Score: 5, Funny

    And some of us use one browser for their everyday surfing and one for the naughty pages... I mean, I would do that if I surfed to naughty pages, of course...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Re: Alarming? by transporter_ii · · Score: 2, Funny

    Well, at least I don't have the hiccups any more.
    .
    .

    --
    Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
  6. Re:big issue is NoScript by yoyhed · · Score: 4, Funny

    Are you aware of a lot of crapware that comes with a freshly installed Ubuntu system?

    Does Ubuntu come with emacs?

    --
    WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
  7. Re:For the Masses by MrMr · · Score: 2, Funny

    I like having my browser history so I can tell if I've read something or not.
    I think you'll find that ./ has found a way around that trick.
    Just duplicate a story from 2000, 2006 and 2009 with slightly different url's.