Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sites Guilty of Hijacking History

Posted by CmdrTaco on from the break-out-the-foil-hats dept.

Gunkerty Jeb writes "A recent study launched by the UC San Diego Department of Computer Science to determine the scope of privacy-violating information flows at popular websites shows that popular Web 2.0 applications such as mashups, aggregators, and sophisticated ad targeting are teeming with various kinds of privacy-violating flows. Ultimately the researchers determined that such attacks are not being adequately defended against."

14 of 58 comments (clear)

  1. Less Than One Percent is Teeming? by eldavojohn · · Score: 4, Interesting

    ... shows that popular Web 2.0 applications such as mashups, aggregators, and sophisticated ad targeting are teeming with various kinds of privacy-violating flows.

    So they inspect the top 50,000 sites and 485 have some level of inferring browser history data? I'm not so sure I see the abundance noted in the summary. Less than one percent is teeming? And only one of those sites is ranked in the top 100 by Alexa?

    I'm not saying we shouldn't worry about this or we should ignore it but come on.

    Just face it, websites often operate on razor thin margins. They live and die by the clicking of advertisements on their pages. Now they've found a way to sell private information that could be mildly useful to the right bidder. And it turns out it mostly adult websites that stream video doing this. You might have cause for being upset but anyone familiar with business models of seedy websites should not be surprised.

    I have always used Google Chrome's incognito browser when I go to seedy sites. It's simply not going to be a priority for the masses but for people who are annoyed or angry, it's the best way to deal with this sort of thing. If some major non-adult site were doing this, I think they would be setting themselves up for embarrassment, I'm glad somebody's doing these checks.

    --
    My work here is dung.
    1. Re:Less Than One Percent is Teeming? by Moraelin · · Score: 4, Funny

      Well, it being used by adult sites is the worst case scenario right there.

      I mean, one day I could be doing my porn surfi^H^H^H^H^H research on some innocent topic like "anal bdsm gangbang" and next, BAM, a popup comes and says "Mr Moraelin, our mining your history has determined that you've been repeatedly on EA's The Sims 3 site, at least once on the registration site of Hello Kitty Online, in at least one thread named Barbie Horse Adventures Review, and have ordered an iPhone for Christmas. Other users who visited those sites, also visited our gay site, and our guide to coming out of the closet."

      --
      A polar bear is a cartesian bear after a coordinate transform.
    2. Re:Less Than One Percent is Teeming? by Reziac · · Score: 3, Informative

      Much more interesting and enlightening, the entire report:

      http://cseweb.ucsd.edu/users/lerner/papers/ccs10-jsc.pdf

      --
      ~REZ~ #43301. Who'd fake being me anyway?
  2. Wait... by biryokumaru · · Score: 4, Funny

    I thought that was the whole point of Web 2.0: directly connecting you to people who want to sell you junk you don't need based vaguely on what your interests might be.

    Heck, Netflix recommended Rocky and Bullwinkle based on my interest in Yojimbo, and they were spot on... doesn't get much more Web 2.0 than that.

    --
    When you're afraid to download music illegally in your own home, then the terrorists have won!
    1. Re:Wait... by camperdave · · Score: 2

      I just looked it up on IMDB: A crafty ronin comes to a town divided by two criminal gangs and decides to play them against each other to free the town. Sounds like a rehash of "A Fistful of Dollars" to me. :-)

      --
      When our name is on the back of your car, we're behind you all the way!
  3. "Sites guilty of hijacking history"? by TyTheBold · · Score: 2

    Have we finally found out where in the world/time/on earth is Carmen Sandiego?

  4. Are people retarded? by the_raptor · · Score: 4, Insightful

    How do people think that all these "web 2.0" social media sites make money? They do it by selling tracking data about you to research companies and the like.

    It is like super market "loyalty" cards. They aren't primarily handing those out to keep customers loyal they are doing it to gather information about buying habits.

    TANSTAAFL: If you can't figure out the cost of something you are probably being played.

    --

    ========
    CINC, 4th Penguin Legion
  5. old news to some but now spreading by oWj9*7!7dsggh7 · · Score: 2
    For many Slashdot readers, this is old news. But the interesting thing is how awareness of web-privacy issues has hit the mainstream. The Wall Street Journal (whose news pages typically have at least half a dozen trackers on them) has been running a whole series on simple tools to avoid being tracked online.

    I think the place of the Internet in society is entering a new phase.

  6. Re:CmdrTaco ... by gstoddart · · Score: 4, Informative

    CmdrTaco: Do you EVER read any submission before publishing?

    Before you piss and moan ...

    This study comes as a result of the increasing complexity of JavaScript web applications propagating privacy-violating information flows. ‘Privacy-violating information flows’ is a general term which can be subcategorized into four areas of nefarious activity: cookie stealing, location hijacking, history sniffing, and behavior tracking. Their goal was to draw attention to the prevalence of history sniffing at high traffic sites.

    Trying reading TFA before you whine too loudly, those words are a direct quote, and, apparently not a typo.

    Not saying that sometimes the editors shouldn't proof read more, but it's important to actually know the difference.

    --
    Lost at C:>. Found at C.
  7. Said it before, I'll say it again by Pojut · · Score: 4, Insightful

    If a site offers up ads on subjects I'm interested in, I have no problem leaving them unblocked. I learn about products I care about, the site gets ad revenue, and the company gets word-of-mouth. Everyone wins.

    So long as sites show me ads relevant to their own subject, I have no problem with them (excluding fly-over ads or ads with sound...those are NEVER ok.)

    --
    Living With a Nerd
  8. Re:Website to Check if You're a Victim? by clone52431 · · Score: 2

    As far as history sniffing is concerned, just recently we heard about history sniffing by “mainstream ad networks” and YouPorn (...accompanied by a great disturbance in the Force, as if millions of anon suddenly cried out in terror and were suddenly silenced). Also, [PDF] “documents hundreds of commercial sites exploiting it”.

    To learn whether you’re vulnerable (and how exactly this works), http://startpanic.com/.

    There are a few ways to immunize Firefox against this sort of attack:

    Clearing your history is obviously effective, whether that means clearing it entirely or just deleting particular sites from the history. If a site isn’t in the history, it can’t be detected. You could also use an addon to clean up your history, e.g.
    History Deleter – Deletes browsing history by keywords and/or date (on browser close)
    HistoryBlock – Blocks specified sites from history, recently closed tabs, and the download manager

    Also, disabling the visited link styling will also prevent history sniffing, but you won’t be able to tell if links have been visited by their visual style any more. To disable it, go to about:config, paste layout.css.visited_links_enabled into the search bar, and change its value to false.

    --
    Distributed Denial of APK: It takes 15 seconds to reply to him anonymously, but wastes tons of his time if we all do it.
  9. Read the paper... by crabel · · Score: 2

    The article is not particularly good, this one is better: http://www.switched.com/2010/12/02/bug-gathers-your-browsing-history-youporn-perez-hilton/ You can find the original study here: http://cseweb.ucsd.edu/users/lerner/papers/ccs10-jsc.pdf It is quite interesting, especially the list of sites is on page 9...

  10. Plugins for history/cookie poisoning? by OpenGLFan · · Score: 4, Interesting

    Back in the dark ages (1997 or so), there was a school of thought that advocated cookie poisoning, not just removal. Anybody know of any firefox plugins that actively randomize your history or cookies? Throwing wrenches into databases is the next best thing to naming your kid Little Bobby Tables.

  11. Reminds me by Moraelin · · Score: 2

    Reminds me of a couple of months back when amazon.de, supposedly based on my previous purchases and pages visited, recommended me 3 new games for very little girls. And I mean really dress-up Barbie stuff. I'm still wondering exactly what has my alter-ego been looking at on Amazon.

    --
    A polar bear is a cartesian bear after a coordinate transform.