Internet privacy (also know as online privacy or web privacy) has become a hot topic in the last years as companies, organizations and people with malicious intent try to gather as many data as possible about Internet users. Many users install security software on their computer system and as add-ons in their web browsers directly to protect their systems against various attacks including those privacy breaches.
Start Panic tries to raise public awareness for Internet privacy issues on their website. They have implemented a script that will gather information about previously used websites from the user’s web browser. Two aspects make this interesting. The first is that it is a cross-browser solution. It works in all major web browsers including Microsoft Internet Explorer, Mozilla Firefox, Opera, Google Chrome and Safari. The second aspect is that it will display results even if the user clears his web browser’s history, cookies and cache regularly. The current browsing session is recorded normally in all web browsers which usually have options to automatically clear these traces on exit only.
The process is started by the user who has to press the Let’s Start button. It can take a minute or two before the results are displayed. The list should contain the list of websites that have been visited in this browsing session. It might contain more websites if the user is not deleting the history regularly.
Little is revealed about how the script does its magic but it seems to rely on JavaScript. Anyone with JavaScript disabled in the web browser does not have to fear this privacy issue.
Related posts:
- Internet Browser Benchmark PeaceKeeper
- Privacy and Security Add-ons for Firefox 2.0
- Internet Explorer New Tab Page In Firefox
- Protect your privacy from Google AdSense’s new behavioral ads
- Internet Explorer Privacy Manager
- First Look At Firefox’s Private Browsing Mode
- Internet Privacy Study
- Log Into Multiple Accounts Simultaneously
This is hardly new. As far as I remember last one checked links for visited status.
Maybe I am jaded but these things don’t even scare me anymore. Viruses are real trouble. This is… just life online.
Hah so you’ve given up? I use NoScript :)
@Martin
I am just fond of solving problems by ignoring them. :)
Privacy online is long gone. Disabling scripts reduces amount of information that can be gathered about you but hardly eliminates possibility.
It’s from 2007 and it doesn’t need Javascript
http://ha.ckers.org/blog/20070228/steal-browser-history-without-javascript
Well aside from NoScript I have the SafeCache and SafeHistory extensions. Very much worth having those.
Tried it and it works if I enable the site in NoScript.
This would seem to be a security hole to me. We all know that your ISP can see everyplace you visit but why should ANY random site using this technology be able to interrogate a person’s browser history??? Does not make any sense!
Knowing where you have visited could be advantageous to a site, particularly one that knows your real name, but what is the advantage for the user?
I signed the petition on the site. Hope something gets done about this.
After analyzing it gave me… nothing. I clear browsing history and cookies regularly, but I already had visited a few sites in the same session. So at least these sited should have been on the list!!! I have Java installed and no, I don’t use a scriptblocker.
Still, I know that doesn’t mean that my IP-address or other information isn’t gathered and stored in databases on different sites. There is no way Start Panic can know that information.
• The “InPrivate Browsing” feature of IE8 doesn’t allow for CSS visited link detection.
• The “Private Browsing” mode of Firefox 3.5 doesn’t allow for CSS visited link detection.
• The “Incognito” mode of Chrome 2.0 doesn’t allow for CSS visited link detection.
So:
• If you browse untrusted sites in private mode, those untrusted sites cannot sniff any visits at all.
• Or, if you browse trusted sites in private mode, visits to those trusted sites cannot be sniffed, even from non-private mode.
There’s something similar (but faster) at:
http://linuxbox.co.uk/stealing-browser-history-with-javascipt-and-css.php