Slashdot Mirror
Sniffing Browser History Without Javascript
Ergasiophobia alerts us to a somewhat alarming technology demonstration, in which a Web site you visit generates a pretty good list of sites you have visited — without requiring JavaScript. NoScript will not protect you here. The only obvious drawbacks to this method are that it puts a load on your browser, and that it requires a list of Web sites to check against. "It actually works pretty simply — it is simpler than the JavaScript implementation. All it does is load a page (in a hidden iframe) which contains lots of links. If a link is visited, a background (which isn't really a background) is loaded as defined in the CSS. The 'background' image will log the information, and then store it (and, in this case, it is displayed to you)."
Stop overreacting, that is old news and long since fixed. NoScript is no more "malware" than Firefox itself.
I'm sure you have more crapware and malware installed on your computer that you're blissfully unaware of than you care to admit, yet you single NoScript out for one tiny misstep made and quickly corrected some time back.
... put me down for a few visits to Goatse and save yourself a lot of trouble.
Have gnu, will travel.
Does it work on Lynx?
that shows a serious lack of understanding/empathy to give people one chance before you stop trusting them.
nobody is perfect and those who seem so are lying.
If you care about your history being sniffed like this, you can just use IE8's InPrivate mode.
Trolls are given mod points too.