Stealing your history...

(Or try the version that works with NoScript)

This is a demonstration of a script which sniffs your browsing history. Unless you have recently or you regularly clear your browsing history, clicking Start Scan below will bring up some of the pages you have recently visited...

0 pages found. 0 to scan.

This process may take a while. Your browser may become slow during the scan. Your screen may flicker.

Links open in new windows

© Brendon Boshell, 2009.

What is this?

Ordinarily, websites can't read a browser's history. But, this one can! (kinda). What has been done here in just 240 seconds allows anyone to build a long-term profile of you.

It works by checking your browser history against a large number of pages, using a CSS "exploit". More ».

There are many potential uses for this technology (good and bad):

• Looking at what services you use, and offer the most suitable (targeted) subscription buttons.
• Find out what types of sites you like to visit, then offer different advertisements based on interests.
• Checking if a user has visited any porn sites (for example), and scaring them into buying "history erasing" software.
• Tracking a user's interests with a competing businesses, and offer competing services or products.
• Blind monitoring of "blacklist" site access.

Your Privacy

Many people have fears about what information others can obtain about them using this method. Although this demo is able to find a lot of information, it can not read the contents of the page and will not expose any URLs which contain session IDs, etc. It can only find pages which are publically available, but this information could be fairly valuable to advertisers (for example).

More:

Feature by Making the Web.
See "Sniffing Browser History with CSS" to find out more about this exploit technique.

Advertisements