- From: Dan Brickley <danbri@danbri.org>
- Date: Fri, 21 May 2010 15:31:02 +0200
- To: Jonathan Rees <jar@creativecommons.org>
- Cc: www-tag@w3.org
On Fri, May 21, 2010 at 3:19 PM, Jonathan Rees <jar@creativecommons.org> wrote: > re ISSUE-31 (metadata in URI), sub-issue secrets-in-URIs > > http://www.schneier.com/blog/archives/2010/05/detecting_brows.html > "All major browsers allow their users' history to be detected" > > Note > (a) this confirms the claim made in TAG discussion that URIs that one > navigates to are sometimes not well protected > (b) it is taken for granted that this is a bug (privacy breach) that > needs to be fixed, and that can be (i.e. the FF developers think that > protecting URIs is "best practice") > > If I understand correctly the attack only applies to guessable URIs. Not exactly. Firstly, guessable here just means public. You can crank through a lot rather quickly -- http://static.whattheinternetknowsaboutyou.com/results.html reports... "The ability to detect visitors' browsing history requires just a few lines of code. Armed with a list of websites to check for, a malicious webmaster can scan over 25 thousand links per second (1.5 million links per minute) in almost every recent browser." Secondly, once you've got a top-level entry point into the user's history, you can scan the links on that Web page for other documents to check. So the scanner might initially check for http://playboy.com/ but once it gets a match, it can navigate the link structure of playboy all the way to http://playboy.com/fetishes/markuplanguages/html5/dom/strict or whatever, step by step, testing each step as it goes. Amazing how long this hole has been open really. See also http://ajaxian.com/archives/socialhistoryjs-more-spyjax cheers, Dan
Received on Friday, 21 May 2010 13:31:35 UTC