Websites Found Guilty of Browser History Sniffing
A study discovered that 46 websites are sniffing browser history.
A recent study conducted by researchers at the University of California, San Diego has revealed that 46 websites are exploiting a security flaw in current and older browsers that reveal where the user previously visited.
Called "history hijacking" or "history sniffing," these websites are harvesting browsing histories for various reasons. As the Associated Press reports, e-commerce companies can adjust ads or prices on the spot-- an example given was a website using the information to match a lower price offered by a previously visited competitor. Malicious sites can even use the information to learn more about visitors and create personalized attacks.
According to the study, history sniffing is essentially the act of a website or advertisement pulling out a web browser's history and comparing itself to the listed sites the user previously visited. The study indicated that one popular porn site was checking visitor browsing histories to see if they visited 23 other related sites. Code used on two other sites looked for matches against 40 specific websites related to Ford automobiles.
The study investigated around 50,000 of the world's most popular websites and discovered that there were 500 sites that behaved suspiciously, however there wasn't enough evidence to prove any "history hijacking." 60 websites reportedly transferred browser histories to their networks. The 46 sites actually caught stealing personal browsing history included news site Newsmax.com and financial research site Morningstar.com
"Browser vendors should have fixed this a long time ago," said Jeremiah Grossman, an Internet security expert at WhiteHat Security Inc. "It's more evidence that we not only needed the fix, but that people really should upgrade their browsers. Most people wouldn't know this is possible."
The latest versions of Apple's Safari and Google's Chrome now have built-in protection against history sniffing-- Mozilla plans to add the feature in the next full release of Firefox. Internet Explorer has a toggle to enable private browsing mode (which prevents snooping), however it limits the way the browser tracks its own history for the user.
The study said that typically users have no idea that websites are harvesting their browsing history. Currently U.S. Federal regulators are proposing a "Do Not Track" tool that prevents advertisers from following Web surfers across the Internet to sell them more products.
- 3D Model of Landmarks Built With Flickr Images
- DARPA Gives Robots Artificial Memristor Brains
- WikiLeaks Asking Community to Establish Mirrors
- Get The iPhone 4 for $25 at Radio Shack
- Tougher-than-Kevlar Fiber Developed
- Turn your iPhone into a Windmill with the iFan
- MSFT Aims to Patent Every Aspect of Kinect
- Sony Launches 22" Bravia with Built-In PS2
- SIL-BOT: First Robotic Tango in Korea?
- Samsung Sells a Million Galaxy Tabs
- Sony's PlayStation Phone Caught on Video (Again)
- Facebook Profiles Get a Fancy New Layout
- The Special Keyboard for Chrome OS Laptops
- Three Russian Satellites Crash Into Pacific Ocean
- Is the PSP Phone a Eureka Moment For Microsoft?
- iPad Gets Hole Punched With Water Cutter
- Honeycomb Demoed on Tablet; Coming 2011
- Google: Android Is Profitable for Us
- Calculating the Rarity of Your Fingerprint
this is another reason why you disable third party cookies
And then the BIG HOLLYWOOD companies complain and prosicute poor old folk taking a look at movies via TORRENT sites!!!!
Who's fooling who here?
You rob from us and we rob from you!
I guess it's a good thing I use NoScript, have my history wiped when I close the browser, and restart the browser after using sites containing sensitive information. It is surprising to see Morningstar mentioned, though.
Regarding Firefox: Since when is patching a security hole a feature?
Where is the list of these 46 websites? I'm not seeing it here or on the yahoo linked to in this article.
I'd laugh if I looked at a pile of Obama sites and I got an advertisement offering me something even better: crap-covered glitter.
Yea why no list of these sites!!!??? That should be first!!! If we where In Soviet Russia, President publicly shame and blame you!!!
Of all the stupid things a browser lets you do, this is ridiculous. Are we talking about tracking cookies, or can a website literally just request the browsing history from a crappy browser? I understand that embedded code, say from an advertising server, could access a cookie from numerous pages and build its own history, but the websites would have to include this code themselves. How does Site A access the fact that I've visited Site B if they don't share this same code/cookie?
They are explioting a secuity hole in the browser and are able to get the list of all the web sites the user has visited.
Step 1 : Create a bogus website with items I want to buy at ridiculously low prices.
Step 2 : Visit the bogus site.
Step 3 : Visit one of the sites that sniff my history and match my prices.
Step 4 : ???
Step 5 : Profits.
All one needs to do is to inspect the color of the anchor text of a hidden hyperlink to determine if you've visited a page in the past.
wait... people don't want companies to reprice thier items competitivly after you visit a competitor's site? i'm confused while how they are getting the data is bad and maybe they should be pricing to compete from the get go if i get a good product for less money then whats the problem
so where can I see the list of the 46 culprits? did I miss it?
yes, list please!
And this is why I surf Incognito!
"The latest versions of Apple's Safari and Google's Chrome now have built-in protection against history sniffing--Mozilla plans to add the feature in the next full release of Firefox. Internet Explorer has a toggle to enable private browsing mode (which prevents snooping), however it limits the way the browser tracks its own history for the user."
So are you saying that Mozilla has no feature to control cached files and not "record" history but every other major browser does??? Interesting...maybe word things a little differently...
LOL @ SPAM
As computers and software in general becomes more advanced and capable of powerful things, these issues exactly highlight the need for either more education, creation of an ethical standard or the strengthening the platform.