

Tracking browser behavior without any tools (security breach in most browsers) - urlwolf
http://startpanic.com/

======
fertqer13412
This issue is nine years old at this point and has been published,
republished, and blogged countless times. I yearn for the day it stops wasting
space on the front page of news aggregators.

A partial bibliography:

2000:

<http://bugzilla.mozilla.org/show_bug.cgi?id=57351>

2002:

<http://seclists.org/bugtraq/2002/Feb/0271.html>

<http://bugzilla.mozilla.org/show_bug.cgi?id=147777>

2006:

<http://portal.acm.org/citation.cfm?id=1135777.1135884>

<http://portal.acm.org/citation.cfm?id=1135777.1135854>

[http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-
yo...](http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-
been.html)

2008:

<http://azarask.in/blog/post/socialhistoryjs/>

[http://www.mikeonads.com/2008/07/13/using-your-browser-
url-h...](http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-
estimate-gender/)

------
varenc
One of the coolest uses I've seen of this vulnerability is to look at the
users history to only show them the digg/reddit/HN/technorati/etc share links
to websites they use.

<http://www.azarask.in/blog/post/socialhistoryjs/>

------
ars
<https://bugzilla.mozilla.org/show_bug.cgi?id=147777>

~~~
huhtenberg
_Reported: 2002-05-28_

Lovely.

------
tptacek
Wow am I ever not OK with browser security demonstrations that crash my
browser.

From the JS, It looks like this is just this old trick:

<http://ha.ckers.org/weird/CSS-history-hack.html>

------
arantius
I was worried for a brief moment, when I saw my personal site (domain: my
username + dot com) show up in the list. I thought: that couldn't be in their
list of sites to check for via the visited-link-css-pseudoclass trick, could
it? It is! And 99,999 other sites:

<http://startpanic.com/db/db_en.txt>

As mentioned, this isn't new.

------
DenisM
Cute.

So suppose I want to know who my visitors are, but I do not want to resort to
underhanded tactis like this. Any ideas on how to get to know my customers yet
respect their privacy?

------
barrkel
I don't get it. It didn't do _anything_. It just says this:

[img: Ready now?]

Correct? You bet [...]

~~~
barrkel
On reading more, perhaps it's because I don't keep history and clear private
details every browsing session.

