Forgot your password?
typodupeerror
Privacy Advertising Your Rights Online

FTC Bars Ad Firm From Snooping Browser History 21

Posted by Soulskill
from the most-private-of-places dept.
itwbennett writes "Score 1 for online privacy. The Federal Trade Commission and online ad firm Epic Marketplace have reached a settlement that will bar Epic from using browser history sniffing technology. According to the news report, 'The history sniffing allowed Epic to determine whether a consumer had visited more than 54,000 domains, including pages relating to fertility issues, impotence, menopause, incontinence, disability insurance, credit repair, debt relief, and personal bankruptcy. Epic used the tracking to send targeted ads related to several health issues, the FTC said.'"
This discussion has been archived. No new comments can be posted.

FTC Bars Ad Firm From Snooping Browser History

Comments Filter:
  • by ilikenwf (1139495) on Wednesday December 05, 2012 @05:39PM (#42196551)
    I trust sleazy ad agencies more than I trust the US government. Too bad they don't obey the laws they force the citizens to themselves, especially those regarding privacy, since they need 5 petabytes to store every email and who knows what other web related data there in Utah.
  • by Anonymous Coward

    This is great, but we need security at both ends here: prosecution to remove the economic incentive to invade people's privacy, and software security to increase the difficulty of doing so.

    Here are two tests for vulnerability to history sniffing attacks, one CSS based and one based on cache timing:
    http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-estimate-gender/ [mikeonads.com]
    http://lcamtuf.coredump.cx/cachetime/chrome.html [coredump.cx]

    Unfortunately it seems Opera (12.11) is still vulnerable to the CSS leak. :(

    • by gr8_phk (621180)
      Yep, I don't know why browser creators don't consider this information leakage a significant bug.
      • by tlhIngan (30335) <slashdot AT worf DOT net> on Thursday December 06, 2012 @12:46PM (#42204891)

        Yep, I don't know why browser creators don't consider this information leakage a significant bug.

        Law of unintended consequences without an easy fix.

        For example, browsers have long used vlink highlighting to show previously visited links, which are really handy if users have a tendency to wander. E.g., if you're just browsing Wikipedia, it's awfully nice to know if you've already seen the article it links to ahead of time. Or if it's a list of files, if you've already downloaded it before (perhaps if you're showing someone how to get said file or what file you actually used).

        The question becomes though is should scripts be able to get at the DOM properties? Setting it is useful (to highlight new options for example), but getting it? Might be useful for some effects I suppose. And then once gotten, it's really just a simple XmlHttpRequest away from passing that information back to the server.

        It's really nothing special other than the clever combination of several innocent features in a nefarious way. (And no one had the gal to patent it... )

  • Everyone else doing browser history sniffing will be more covert in future so they don't get caught.
  • How is it that it's not OK for one medium but good to go for another?! :-/ http://yro.slashdot.org/story/12/12/05/1332218/verizon-patents-eavesdropping-using-your-tv-for-ad-targeting [slashdot.org]
  • Is lolcats, lolcat, lolcats! Also slashdot.
  • Wait, what? (Score:4, Insightful)

    by Macdude (23507) on Thursday December 06, 2012 @12:53AM (#42200709)

    Wait, what? A web site can secretly access my browser history? Why does this need the FTC need to get involved, shouldn't "we" stop them by fixing the browsers?

    • by tlhIngan (30335)

      Wait, what? A web site can secretly access my browser history? Why does this need the FTC need to get involved, shouldn't "we" stop them by fixing the browsers?

      The question becomes "how". There's a lot of tricks that's used - for example, they can use CSS and DOM inspection to see if you've visited a link before (like setting the vlink color to be different from the link color, then inspecting the DOM to see what the color of the link is). Of course, the browser can hide visited links from you the user by m

  • by Anonymous Coward

    THIS is why I always clear the browser history. At least, that is what I tell my wife.

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...