User: Password:
|
|
Subscribe / Log in / New account

Leaking browser history

Leaking browser history

Posted Jun 26, 2008 16:26 UTC (Thu) by iabervon (subscriber, #722)
In reply to: Leaking browser history by jwb
Parent article: Leaking browser history

Actually, it's completely conforming for a browser to simply never say a link has been visited (and render it in the :link style), or to claim to have rendered it in the non-visited style while showing it to the user in the visited style (not that this couldn't social-engineer the user into disclosing the information). See The CSS spec.

Alternatively, browsers could say that the domain or URL of the page containing the link (or something else suitable) is part of the identity of the link for purposes of determining whether you've previously visited it, and therefore only disclose to sites whether you previously clicked on this very link, rather than disclosing whether you've visited the target at all. (In general, sites can easily collect information on which of their links you've used with an "onclick" event handler, and I don't think people expect privacy with respect to the source site there.) This change would mean that links to sites you visit from sites you haven't visited look new, but I don't think that would be an unwelcome change for users.


(Log in to post comments)

Leaking browser history

Posted Jun 26, 2008 20:37 UTC (Thu) by droundy (subscriber, #4559) [Link]

This sounds to me like a perfect solution.  It maintains most of the currently used (and
useful) functionality, while at the same time closing the hole, as far as I can see.  Does
anyone have an idea whether this is under discussion by the folks at mozilla?

Leaking browser history

Posted Jun 28, 2008 19:34 UTC (Sat) by man_ls (guest, #15091) [Link]

Seconded. It could get a little annoying if link colors depended on whether I brought up www.lwn.net, lwn.net, https://lwn.net, and so on. But most of the time it would be fine, and a little heuristics (such as storing just the second level domain) would do the rest.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds