History Sniffing In the Wild 96
An anonymous reader writes "Kashmir Hill at Forbes documents a recent study by UCSD researchers showing that 'history sniffing' is being actively used by mainstream ad networks like Interclick as well as popular porn sites like YouPorn in order to track what other sites you visit. The vulnerability has been known for almost a decade, but this paper documents hundreds of commercial sites exploiting it today (PDF)."
Went to http://startpanic.com/ (Score:5, Informative)
...using Chrome in incognito mode. It determined I had visited...
...startpanic.com
So yeah, use incognito/private browsing mode.
Plug the leak in Firefox (Score:5, Informative)
Open about:config
Set layout.css.visited_links_enabled to false
Re:YouPorn script (Score:5, Informative)
Google obfuscates its JavaScript all the time, in order to keep page sizes low and load times fast (and perhaps to keep people from stealing their code).
Re:Went to http://startpanic.com/ (Score:4, Informative)
RTFA. Webkit-based browsers solved this a while ago, and Firefox did it in their latest release.
As usual, only explorer is vulnerable. No comments on Opera. Anyone care to test it out?
Re:A simple fix (Score:3, Informative)
More, if you also change the "unvisited links" color, then even a modified script designed to tell the difference won't know which color is your "visited" color and which is your "unvisited" color.
Sure you can. Just check a link to the page you’re on, since you know it’s visited.
Anyway changing those colours makes them clash with the rest of the stylesheet on a lot of websites.
Re:Went to http://startpanic.com/ (Score:4, Informative)
Opera 10.63, definitively vunerable.