It’s a creepy scenario, though, that a website operator can effectively bypass the browser’s intended security model to invade your privacy by seeing if you’ve been visiting other sites. Hackszine reader Logical Extremes commented with a solution to this problem:
This is a common phishing vector. Rather than encouraging broader use, we should be educating and protecting against it. There is a Firefox add-on that explicitly blocks this.
Some hackers over at the Stanford Computer Science Department created SafeHistory, a Firefox plugin that protects against visited link tracking techniques. It works by only allowing the a:visited property to apply to off-site links that were previously visited from the current URL.
This seems to be a reasonable way to keep the functionality of visited links without leaking any additional information. I wonder how long it will be before this is adopted as a browser behavior standard.
Detect which sites a web user visits