W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

RE: Your Web Surfing History is Accessible (without your Permission) via JavaScript

From: SULLIVAN, BRYAN L (ATTCINW) <BS3131@att.com>
Date: Mon, 6 Dec 2010 15:54:45 -0800
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD14B021B0@BD01MSXMB015.US.Cingular.Net>
To: "Perez, Aram" <aramp@qualcomm.com>, <public-privacy@w3.org>
This depends upon a CSS hack which has been a know vulnerability for
about 10 years. At least Safari has implemented protections against it,
and I hope that other browser do soon also.

 

It can tell which sites you've been to only by checking against a
specific list of domains, by checking the color assigned to a link for
each site, for which it creates anchors, sniffs, then deletes. Many
examples exist.

 

Thanks, 

Bryan Sullivan | AT&T

 

From: public-privacy-request@w3.org
[mailto:public-privacy-request@w3.org] On Behalf Of Perez, Aram
Sent: Monday, December 06, 2010 3:30 PM
To: public-privacy@w3.org
Subject: Your Web Surfing History is Accessible (without your
Permission) via JavaScript

 

The Web surfing history saved in your Web browser can be accessed
without your permission. JavaScript code deployed by real websites and
online advertising providers use browser vulnerabilities to determine
which sites you have and have not visited, according to new research
from computer scientists at the University of California, San Diego.

 

The researchers documented JavaScript code secretly collecting browsing
histories of Web users through "history sniffing" and sending that
information across the network. While history sniffing and its potential
implications for privacy violation have been discussed and demonstrated,
the new work provides the first empirical analysis of history sniffing
on the real Web.

 

The rest of the story at
http://ucsdnews.ucsd.edu/newsrel/science/11-02WebSurfingHistory.asp.

 
Received on Monday, 6 December 2010 23:55:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 December 2010 23:55:29 GMT