- From: SULLIVAN, BRYAN L (ATTCINW) <BS3131@att.com>
- Date: Mon, 6 Dec 2010 15:54:45 -0800
- To: "Perez, Aram" <aramp@qualcomm.com>, <public-privacy@w3.org>
- Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD14B021B0@BD01MSXMB015.US.Cingular.Net>
This depends upon a CSS hack which has been a know vulnerability for about 10 years. At least Safari has implemented protections against it, and I hope that other browser do soon also. It can tell which sites you've been to only by checking against a specific list of domains, by checking the color assigned to a link for each site, for which it creates anchors, sniffs, then deletes. Many examples exist. Thanks, Bryan Sullivan | AT&T From: public-privacy-request@w3.org [mailto:public-privacy-request@w3.org] On Behalf Of Perez, Aram Sent: Monday, December 06, 2010 3:30 PM To: public-privacy@w3.org Subject: Your Web Surfing History is Accessible (without your Permission) via JavaScript The Web surfing history saved in your Web browser can be accessed without your permission. JavaScript code deployed by real websites and online advertising providers use browser vulnerabilities to determine which sites you have and have not visited, according to new research from computer scientists at the University of California, San Diego. The researchers documented JavaScript code secretly collecting browsing histories of Web users through "history sniffing" and sending that information across the network. While history sniffing and its potential implications for privacy violation have been discussed and demonstrated, the new work provides the first empirical analysis of history sniffing on the real Web. The rest of the story at http://ucsdnews.ucsd.edu/newsrel/science/11-02WebSurfingHistory.asp.
Received on Monday, 6 December 2010 23:55:27 UTC