RSSSafeHistory: protect your privacy from visited link analysis
A couple of days ago I wrote about the visited link javascript hack that lets any website operator query a user's browser history to determine if they've visited any other particular site. One possible use for this is to detect which Web2.0 social applications a user visits so that you can display the appropriate link badges.
It's a creepy scenario, though, that a website operator can effectively bypass the browser's intended security model to invade your privacy by seeing if you've been visiting other sites. Hackszine reader Logical Extremes commented with a solution to this problem:
This is a common phishing vector. Rather than encouraging broader use, we should be educating and protecting against it. There is a Firefox add-on that explicitly blocks this.
Some hackers over at the Stanford Computer Science Department created SafeHistory, a Firefox plugin that protects against visited link tracking techniques. It works by only allowing the a:visited property to apply to off-site links that were previously visited from the current URL.
This seems to be a reasonable way to keep the functionality of visited links without leaking any additional information. I wonder how long it will be before this is adopted as a browser behavior standard.
Stanford SafeHistory
Protecting Browser State Using Same Origin Policy (PDF)
Previously:
Detect which sites a web user visits
Posted by Jason Striegel |
May 30, 2008 08:17 PM
Network Security, Web |
Permalink
| Comments (1)
Recent Entries
- Create a macro lens from an old 50mm
- SafeHistory: protect your privacy from visited link analysis
- Wii Balance Board hacks
- Detect which sites a web user visits
- Conquer jet lag with a 16-hour fast
- Code Kata: exercise for the software developer
- Polaroid emulsion lift
- Colors: Nintendo DS homebrew paint application
- Helmer render cluster: 186 Gflops in an IKEA cabinet
- Keywurl: keyword search for Safari
Bloggers
Welcome to the Hacks Blog!
Brian Jepson
Jason Striegel
Phillip Torrone
Categories
- Ajax
- Amazon
- AppleTV
- Astronomy
- BlackBerry
- Blogging
- Body
- Cars
- Cryptography
- Data
- Design
- Education
- Electronics
- Energy
- Events
- Excel
- Excerpts
- Firefox
- Flash
- Flickr
- Flying Things
- Food
- Gaming
- Gmail
- Google Earth
- Google Maps
- Government
- Greasemonkey
- Hacks Series
- Hackszine Podcast
- Halo
- Hardware
- Home
- Home Theater
- iPhone
- iPod
- IRC
- iTunes
- Java
- Kindle
- Knoppix
- Language
- LEGO
- Life
- Lifehacker
- Linux
- Linux Desktop
- Linux Multimedia
- Linux Server
- Mac
- Mapping
- Math
- Microsoft Office
- Mind
- Mind Performance
- Mobile Phones
- Music
- MySpace
- MySQL
- NetFlix
- Network Security
- olpc
- OpenOffice
- Outdoor
- Parenting
- PCs
- PDAs
- Perl
- Philosophy
- Photography
- PHP
- Pleo
- Podcast
- Podcasting
- Productivity
- PSP
- Retro Computing
- Retro Gaming
- Science
- Screencasts
- Shopping
- Skype
- Smart Home
- Software Engineering
- Sports
- SQL
- Statistics
- Survival
- TiVo
- Transportation
- Travel
- Ubuntu
- Video
- Virtualization
- Visual Studio
- VoIP
- Web
- Web Site Measurement
- Windows
- Windows Server
- Wireless
- Word
- World
- Xbox
- Yahoo!
- YouTube
Archives
Recent Posts
- SafeHistory: protect your privacy from visited link analysis
- Wii Balance Board hacks
- Detect which sites a web user visits
- Conquer jet lag with a 16-hour fast
- Code Kata: exercise for the software developer
- Polaroid emulsion lift
- Colors: Nintendo DS homebrew paint application
- Helmer render cluster: 186 Gflops in an IKEA cabinet
- Keywurl: keyword search for Safari
- Aluminum foil is a scissor sharpener
www.flickr.com
|
Leave a comment