Jump to content



Photo
firefox

  • Please log in to reply
26 replies to this topic

#1 Cheryl_27

Cheryl_27

    Neowinian

  • Joined: 09-January 07

Posted 13 September 2012 - 15:42

How / why is it possible for sites / "others" to figure out which sites / links were visited, when Fx is set to change color of visited links? IOW, why is this allowed?
Other than constantly clearing history, is there any way / addon, etc., to allow changing visited links color & NOT give sites access to links visited on OTHER sites?

For a long time, this "problem" was apparently not widely known, as advanced users frequently posted workarounds to force Fx to change visited links color (if they didn't change automatically); such as adding command to userContent.css. Mods read those posts & also apparently weren't aware of privacy side effects (nor was anyone else).

Why would developers allow ANY persistent Fx / other browsers settings that potentially enable sites to see all sites / links users visited (that are still in their history)?
What makes it so difficult for devs to prevent this from happening & why has it taken so long to address the issue?

For many users, if "change visited link color" is effectively disabled, it reduces browser function tremendously, like on sites w/ long lists of articles, etc. Quite a conundrum.
MANY sites / articles discuss this issue. One link from another poster- article by David Baron, Mozilla Corporation: https://hacks.mozill... ... /#comments

It's been widely known for a while that CSS's ability to style visited links differently from unvisited ones, combined with other Web technology such as JavaScript or simply loading of background images, lets Web pages determine whether a URL is in the user's history very quickly [emphasis added] and without any interaction from the user. This is true in current versions of all major Web browsers. I have a solution that I believe fixes this problem, and therefore helps users keep their history private when they use a Web browser implementing that solution.


Another "reliable" site says: https://hacks.mozill... ... /#comments

...someone can walk through your history and figure out where you’ve been. And quickly – some tests show the ability to test 210,000 URLs per minute.




#2 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 56
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 13 September 2012 - 15:46

Um, the site does not have access to this data, you do. The browser is merely being helpful in showing links that were already visited.

#3 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 7
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 13 September 2012 - 15:49

yeah As Neobond says the website canniot see the data you have access but the browser knows you have so marks it like that with the css

#4 OP Cheryl_27

Cheryl_27

    Neowinian

  • Joined: 09-January 07

Posted 13 September 2012 - 15:50

Wrong, Read articles at the links, or tens of dozens of other tech articles. It is a privacy concern / issue.

#5 +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 1
  • Joined: 14-January 03

Posted 13 September 2012 - 16:02

Nope!

#6 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 7
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 13 September 2012 - 16:03

hmmmm found some info on this

http://sharovatov.wo...-privacy-issue/

#7 MarkusDarkus

MarkusDarkus

    Neowinian Senior

  • Joined: 11-October 04
  • Location: Birmingham, England

Posted 13 September 2012 - 16:03

At first I was gonna ridicule but then I decided to read. This is interesting. Oh well. I suppose that's what you get for using something that is free and managed by nobody. It does suck that this can be done.

#8 +Brando212

Brando212

    Causer of disasters

  • Tech Issues Solved: 10
  • Joined: 15-April 10
  • Location: right behind you
  • OS: OS X Mavricks, Windows 7/8.1 Pro
  • Phone: Sony Xperia ZL

Posted 13 September 2012 - 16:09

It does suck that this can be done.

how so? so websites can add a little script to be able to see your browsing history, bit woop, it's not like they're able to see your cookies doing this. It's like someone looking at only top part of reciepts in your kitchen drawer, and seeing that you've been to Target an Yonkers but not being able to see what you did/bought there.

I personally don't see the problem

#9 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 7
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 13 September 2012 - 16:13

what if they can see your have been to a clown porn site and then tell on you :woot: oh no lol

#10 Rudy

Rudy

    Neowinian Senior

  • Joined: 30-September 01
  • Location: Ottawa, On

Posted 13 September 2012 - 16:18

It's a non issue really

#11 Yusuf M.

Yusuf M.

  • Joined: 25-May 04
  • Location: Toronto, ON
  • OS: Windows 8.1
  • Phone: Nexus 5 (Android 4.4.2)

Posted 13 September 2012 - 16:22

I didn't know about this privacy issue but it isn't that big of a concern to me. I have nothing to hide in my browsing history. If anyone uses my computer, I wouldn't care if they checked it.

#12 rfirth

rfirth

    Software Engineer

  • Tech Issues Solved: 2
  • Joined: 11-September 09
  • Location: Baton Rouge, Louisiana
  • OS: Windows 8
  • Phone: Nokia Lumia 620

Posted 13 September 2012 - 16:31

It is exploitable, but impractical to exploit except on large sites with lots of legitimate links. For example, neowin could track which links users have visited at any time out of the set of links posted on neowin on pages you have loaded.

#13 Aethec

Aethec

    Neowinian Senior

  • Joined: 02-May 10

Posted 13 September 2012 - 16:41

Firefox lies to websites asking for :visited status on links. You see the special link status, but the websites don't.
See https://hacks.mozill...o-css-vistited/

#14 Ryoken

Ryoken

    The Other Other White Meat

  • Joined: 10-September 09
  • Location: Nova Scotia, Canada
  • OS: Windows 7 x64, MacOS
  • Phone: iPhone 4S, Nexus 7, iPad Mini

Posted 13 September 2012 - 16:45

If you are this concerned about privacy, the internet is not for you lol

#15 OP Cheryl_27

Cheryl_27

    Neowinian

  • Joined: 09-January 07

Posted 13 September 2012 - 17:15

Nope!

Nope what? Don't understand.



Click here to login or here to register to remove this ad, it's free!