Internet Privacy: Start Panic Tells You Where You Have Been - gHacks Tech News

Internet Privacy: Start Panic Tells You Where You Have Been

Start Panic is a free online service designed to highlight privacy issues in browsers by detecting sites visited in the past.

Internet privacy (also know as online privacy or web privacy) has become a hot topic in the past couple of years as privacy invasive marketing techniques and information-stealing malware has been on the rise.

Some users install security and privacy software on their system, for instance in the form of desktop applications or browser add-ons, to protect the system against possible data leaks and other privacy related issues that may occur.

Other common protective measures include clearing browser cookies regularly, or deleting the browsing history.

Start Panic

internet privacy

Start Panic tries to raise public awareness for Internet privacy issues on the service's website. The makers have implemented a script on the site that attempts to find out sites that the user visited in previous browsing sessions.

Two aspects make this interesting. The first is that it is a cross-browser solution.

It works in all major web browsers including Microsoft Internet Explorer, Mozilla Firefox, Opera, Google Chrome and Safari. The second aspect is that it will display results even if the user clears the web browser's history, cookies and cache regularly.

The reason here is that the browsing history gets recorded while the Internet browser is being used. While it may have been cleared recently, the most recent entries are still all accessible unless the history has been cleared right before the Start Panic website has been opened.

You can start the process by clicking on the lets start button there. It can take a minute or two before the results are displayed. The list should contain the list of websites that have been visited in this browsing session. It might contain more websites if the user is not deleting the history regularly.

Little is revealed about how the script does its magic but it seems to rely on JavaScript. Anyone with JavaScript disabled in the web browser does not have to fear this privacy issue.

The service seems to use style information to determine whether websites have been visited or not. The browser records those and will paint them different than links that have not been visited. It is very likely that only top sites are checked.

Update: Note that most browsers appear to have plugged the privacy issue, so that it is no longer possible to determine which sites have been visited using the site or script.

Summary
Internet Privacy: Start Panic Tells You Where You Have Been
Article Name
Internet Privacy: Start Panic Tells You Where You Have Been
Description
Start Panic is a free online service designed to highlight privacy issues in browsers by detecting sites visited in the past.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Rarst said on April 25, 2009 at 7:11 pm
    Reply

    This is hardly new. As far as I remember last one checked links for visited status.

    Maybe I am jaded but these things don’t even scare me anymore. Viruses are real trouble. This is… just life online.

    1. Martin said on April 25, 2009 at 7:17 pm
      Reply

      Hah so you’ve given up? I use NoScript :)

  2. Rarst said on April 25, 2009 at 7:21 pm
    Reply

    @Martin

    I am just fond of solving problems by ignoring them. :)

    Privacy online is long gone. Disabling scripts reduces amount of information that can be gathered about you but hardly eliminates possibility.

  3. anonimo said on April 25, 2009 at 7:56 pm
    Reply

    It’s from 2007 and it doesn’t need Javascript
    http://ha.ckers.org/blog/20070228/steal-browser-history-without-javascript

  4. nero said on April 25, 2009 at 8:08 pm
    Reply

    Well aside from NoScript I have the SafeCache and SafeHistory extensions. Very much worth having those.

  5. Jojo said on April 25, 2009 at 9:59 pm
    Reply

    Tried it and it works if I enable the site in NoScript.

    This would seem to be a security hole to me. We all know that your ISP can see everyplace you visit but why should ANY random site using this technology be able to interrogate a person’s browser history??? Does not make any sense!

    Knowing where you have visited could be advantageous to a site, particularly one that knows your real name, but what is the advantage for the user?

    I signed the petition on the site. Hope something gets done about this.

  6. Tonio said on May 3, 2009 at 12:07 am
    Reply

    After analyzing it gave me… nothing. I clear browsing history and cookies regularly, but I already had visited a few sites in the same session. So at least these sited should have been on the list!!! I have Java installed and no, I don’t use a scriptblocker.

    Still, I know that doesn’t mean that my IP-address or other information isn’t gathered and stored in databases on different sites. There is no way Start Panic can know that information.

  7. Eric Lawrence said on May 6, 2009 at 4:48 pm
    Reply

    • The “InPrivate Browsing” feature of IE8 doesn’t allow for CSS visited link detection.
    • The “Private Browsing” mode of Firefox 3.5 doesn’t allow for CSS visited link detection.
    • The “Incognito” mode of Chrome 2.0 doesn’t allow for CSS visited link detection.

    So:

    • If you browse untrusted sites in private mode, those untrusted sites cannot sniff any visits at all.
    • Or, if you browse trusted sites in private mode, visits to those trusted sites cannot be sniffed, even from non-private mode.

  8. Pete said on May 19, 2009 at 1:35 am
    Reply

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.