Wednesday, December 22, 2010

History sniffing

My concern/dismay(/obsession?) about privacy -- or modern lack thereof -- has been fed again ...

It seems that the websites you visit can access (through your browser) the history of other websites you've visited. The practice is called "history sniffing," and I, for one, find it disturbing.

For more on the study, see Visited porn? Web browser flaw secretly bares all.  It begins:

Dozens of websites have been secretly harvesting lists of places that their users previously visited online, everything from news articles to bank sites to pornography, a team of computer scientists found.
(History but not passwords. That's something, of course.)

A related article at PCmag, Web Surfing Activity Vulnerable to 'History Sniffing' Report Says,
explains:
Why is this important? Researchers said that Web site owners can use this information to see if you have been visiting the Web sites of their competitors. Advertising companies can also used the data to build user profiles, while criminals could watch which banking sites you use to know which fake banking site they should use for a phishing attack.
 The ray of hope (back to the first article) is that:
The latest versions of Google Inc.'s Chrome and Apple Inc.'s Safari have automatic protections for this kind of snooping, researchers said. Mozilla Corp. said the next version of Firefox will have the same feature, adding that a workaround exists for some older versions as well.
Whereas the PCmag article adds Firefox, saying:
The report found that the latest versions of Firefox, Chrome, and Safari block history-sniffing attacks. Internet Explorer, however, does not currently defend against history sniffing.
Internet Exploder behind the curve? What are the chances? 

(Surfing in private mode does protect your history -- but also keeps you and your browser from later making use of the history of where you've been.)

I wish it were better news ...


1 comment:

Erik said...

As usual. Safari and Chrome are innately immune to the threat, Firefox is immune on update after it is discovered. IE usually follows sometime in the next decade...