SafeHistory: protect your privacy from visited link analysis

Technology
SafeHistory: protect your privacy from visited link analysis

A couple of days ago I wrote about the visited link javascript hack that lets any website operator query a user’s browser history to determine if they’ve visited any other particular site. One possible use for this is to detect which Web2.0 social applications a user visits so that you can display the appropriate link badges.

It’s a creepy scenario, though, that a website operator can effectively bypass the browser’s intended security model to invade your privacy by seeing if you’ve been visiting other sites. Hackszine reader Logical Extremes commented with a solution to this problem:

This is a common phishing vector. Rather than encouraging broader use, we should be educating and protecting against it. There is a Firefox add-on that explicitly blocks this.

Some hackers over at the Stanford Computer Science Department created SafeHistory, a Firefox plugin that protects against visited link tracking techniques. It works by only allowing the a:visited property to apply to off-site links that were previously visited from the current URL.

This seems to be a reasonable way to keep the functionality of visited links without leaking any additional information. I wonder how long it will be before this is adopted as a browser behavior standard.

Stanford SafeHistory
Protecting Browser State Using Same Origin Policy (PDF)

Previously:
Detect which sites a web user visits

What will the next generation of Make: look like? We’re inviting you to shape the future by investing in Make:. By becoming an investor, you help decide what’s next. The future of Make: is in your hands. Learn More.

Tagged
Discuss this article with the rest of the community on our Discord server!

ADVERTISEMENT

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 16th iteration!

Prices Increase in....

Days
Hours
Minutes
Seconds
FEEDBACK