Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sniffing Browser History Without Javascript

Posted by kdawson on from the hole-in-css dept.

Ergasiophobia alerts us to a somewhat alarming technology demonstration, in which a Web site you visit generates a pretty good list of sites you have visited — without requiring JavaScript. NoScript will not protect you here. The only obvious drawbacks to this method are that it puts a load on your browser, and that it requires a list of Web sites to check against. "It actually works pretty simply — it is simpler than the JavaScript implementation. All it does is load a page (in a hidden iframe) which contains lots of links. If a link is visited, a background (which isn't really a background) is loaded as defined in the CSS. The 'background' image will log the information, and then store it (and, in this case, it is displayed to you)."

2 of 216 comments (clear)

  1. Re:big issue is NoScript by Anonymous Coward · · Score: 0, Troll

    Stop overreacting, that is old news and long since fixed. NoScript is no more "malware" than Firefox itself.

    I'm sure you have more crapware and malware installed on your computer that you're blissfully unaware of than you care to admit, yet you single NoScript out for one tiny misstep made and quickly corrected some time back.

  2. Trolls by iYk6 · · Score: 1, Troll

    Trolls are given mod points too.