Rogue Websites exploit flaw to track your Web history

Researchers uncover detailed "history sniffing" practices at hundreds of Websites.

By Ian Paul, PC World |  Security, history sniffing, security

Be careful the next time you visit some of the Web's most popular porn, news, and torrent sites as they could be peeking at your browser history without your consent. Researchers at University of California, San Diego have discovered that 485 of the 50,000 most popular Websites in the world are exploiting a flaw that lets them read your browser's Web history.  The offending sites include YouPorn.com, Gamesfreak.com, Newsmax.com, and TwinCities.com, according to the researchers.

Called history sniffing, the combination of JavaScript and Cascading Style Sheet (CSS) properties enables the sites to figure out where you've been on the Web. The researchers' findings are published in a new study entitled "An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications."

If you want to make sure you're protecting your Web browsing history from bad actors, read on to learn how history hijacking is done and how you can prevent it.

History Sniffing

CSS is a Web development language that controls many elements of a Web page's layout and is a commonly used tool among Web developers. One property of CSS is the "a:visited" property that displays visited Web links in a different color (typically purple) from links you haven't visited (typically blue). These properties are stored by your browser so that it can display the appropriate color for every link you come across on the Web.

What history hijackers do to find out where you've been is hide on their Web pages some invisible Web links to third-party sites such as Amazon, Twitter, and Facebook. Then the spying sites use a snippet of JavaScript code to find out from your browser what color the hidden links should have. After that's done, it's pretty straightforward to create a list of sites your browser has visited and sites it hasn't.

Who's Tracking

Although the researchers found 485 sites are exploiting the history-sniffing flaw, 46 of those sites are actively downloading your browser history. The researchers also found that another 17 sites for a total of 63 are transferring your browsing history to their network, but couldn't confirm the sites were using the information collected. The majority of sites, according to the UC San Diego researchers, are only inspecting the style properties and nothing more.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Ask a Question