W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

Re: Your Web Surfing History is Accessible (without your Permission) via JavaScript

From: Richard Barnes <richard.barnes@gmail.com>
Date: Mon, 6 Dec 2010 18:58:05 -0500
Message-ID: <AANLkTinWk96qquRCo=ziSObEOrO-pZ_jKcqt00wpYynt@mail.gmail.com>
To: "Perez, Aram" <aramp@qualcomm.com>
Cc: "public-privacy@w3.org" <public-privacy@w3.org>
This is not just academic.  There's currently a suit against YouPorn
in California alleging harm due to this practice.   See today's Wall
Street Journal, on the front page of the second section:
<http://online.wsj.com/article/SB10001424052748704493004576001622828777658.html>

For some counterpoint: "Sniff browser history for improved user experience"
<http://www.niallkennedy.com/blog/2008/02/browser-history-sniff.html>
(And if you look at the date on that article, it's also clearly not a
new technique.)


On Mon, Dec 6, 2010 at 6:30 PM, Perez, Aram <aramp@qualcomm.com> wrote:
> The Web surfing history saved in your Web browser can be accessed without
> your permission. JavaScript code deployed by real websites and online
> advertising providers use browser vulnerabilities to determine which sites
> you have and have not visited, according to new research from computer
> scientists at the University of California, San Diego.
> The researchers documented JavaScript code secretly collecting browsing
> histories of Web users through “history sniffing” and sending that
> information across the network. While history sniffing and its potential
> implications for privacy violation have been discussed and demonstrated, the
> new work provides the first empirical analysis of history sniffing on the
> real Web.
> The rest of the story at
> http://ucsdnews.ucsd.edu/newsrel/science/11-02WebSurfingHistory.asp.
>
Received on Monday, 6 December 2010 23:58:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 December 2010 23:58:35 GMT