Web Browsers' 'Visited' Feature Creates Privacy Concerns
from the just-visiting dept
Ben Adida points to an interesting hack that takes advantage of a bug/feature (depending on your perspective) of modern browsers. When a webpage is rendered, the browser will typically display links that have been previously visited in a different color. Under the hood, this is implemented by setting the link's style to "visited." A website can use JavaScript to detect this information and report it back to the server -- and could even do something sneaky like adding "hidden" links not actually visible to users just to find out if you had visited certain sites. This behavior was noticed by the Mozilla community way back in 2002, but because of the way the spec was written, there wasn't any easy solution. Now somebody has figured out at least one useful purpose for this particular data leak: reducing the number of links some websites provide to social networking sites. As Digg, Reddit, and dozens of social news competitors have proliferated, blogs and news sites have increasingly faced the challenge of supporting ways to submit stories to those sites without unnecessarily cluttering up their pages. But this guy has developed some JavaScript code that will use the "visited" data leak to determine which social networking sites the user has visited and display badges only for those sites. It's a clever hack, albeit one that will make privacy sticklers' skin crawl. Browser vendors ought to fix the underlying privacy issue, which will break this little hack in the process, but in the meantime it doesn't hurt to put it to a useful purpose.Filed Under: browsers, privacy, visited links
