Sniffing Browser History Without Javascript

Ergasiophobia alerts us to a somewhat alarming technology demonstration, in which a Web site you visit generates a pretty good list of sites you have visited — without requiring JavaScript. NoScript will not protect you here. The only obvious drawbacks to this method are that it puts a load on your browser, and that it requires a list of Web sites to check against. "It actually works pretty simply — it is simpler than the JavaScript implementation. All it does is load a page (in a hidden iframe) which contains lots of links. If a link is visited, a background (which isn't really a background) is loaded as defined in the CSS. The 'background' image will log the information, and then store it (and, in this case, it is displayed to you)."

Well, we fixed it...

[slarrg]

You can't tell what sites I've been to if it's Slashdotted!

How to interpret results

[noidentity]

If the server responds

Service Temporarily Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

then it means you've come from Slashdot.

Re:Doesn't work on me

[Kotoku]

Awesome! Now for all the people who can take and act upon that advice, we can protect .000001% of the population.

It's a start!

Re:For the Masses

[Opportunist]

And some of us use one browser for their everyday surfing and one for the naughty pages... I mean, I would do that if I surfed to naughty pages, of course...

Re:big issue is NoScript

[yoyhed]

Are you aware of a lot of crapware that comes with a freshly installed Ubuntu system?

Does Ubuntu come with emacs?