Slashdot Mirror

← Back to Stories (view on slashdot.org)

History Sniffing In the Wild

Posted by Soulskill on from the smells-fishy dept.

An anonymous reader writes "Kashmir Hill at Forbes documents a recent study by UCSD researchers showing that 'history sniffing' is being actively used by mainstream ad networks like Interclick as well as popular porn sites like YouPorn in order to track what other sites you visit. The vulnerability has been known for almost a decade, but this paper documents hundreds of commercial sites exploiting it today (PDF)."

6 of 96 comments (clear)

  1. Went to http://startpanic.com/ by The+MAZZTer · · Score: 4, Informative

    ...using Chrome in incognito mode. It determined I had visited...

    ...startpanic.com

    So yeah, use incognito/private browsing mode.

    1. Re:Went to http://startpanic.com/ by GNUALMAFUERTE · · Score: 4, Informative

      RTFA. Webkit-based browsers solved this a while ago, and Firefox did it in their latest release.

      As usual, only explorer is vulnerable. No comments on Opera. Anyone care to test it out?

      --
      WTF am I doing replying to an AC at 5 A.M on a Friday night?
    2. Re:Went to http://startpanic.com/ by Kjella · · Score: 3, Informative

      Opera 10.63, definitively vunerable.

      --
      Live today, because you never know what tomorrow brings
  2. Plug the leak in Firefox by hansamurai · · Score: 5, Informative

    Open about:config

    Set layout.css.visited_links_enabled to false

    --
    Reviewing just the first hour of video games.
  3. Re:YouPorn script by The+MAZZTer · · Score: 5, Informative

    Google obfuscates its JavaScript all the time, in order to keep page sizes low and load times fast (and perhaps to keep people from stealing their code).

  4. Re:A simple fix by clone52431 · · Score: 3, Informative

    More, if you also change the "unvisited links" color, then even a modified script designed to tell the difference won't know which color is your "visited" color and which is your "unvisited" color.

    Sure you can. Just check a link to the page you’re on, since you know it’s visited.

    Anyway changing those colours makes them clash with the rest of the stylesheet on a lot of websites.

    --
    Distributed Denial of APK: It takes 15 seconds to reply to him anonymously, but wastes tons of his time if we all do it.