
SocialHistory.js: See Which Sites Your Users Visit - sant0sk1
http://www.readwriteweb.com/archives/socialhistoryjs_see_which_site.php
======
typicaljoe
I wonder what other creative uses there are for this. For example, if someone
visits digg you know they are likely to be a techie. If they visit
seattle.craigslist.com you know they are likely to be in Seattle. If they
visit drudgereport they may be a news buff. You could create a collection and
if there user uses your site a lot you could try hundreds of things and pass
them back to the server....interesting...

------
JacobAldridge
I'm suffering severe internal ambivalence; this is either great or terrible.

Business part of Jacob's brain: "Great" User part of Jacob's brain: "Terrible"

I wonder how the public would split? And then I realise there will always be
more users than businesses.

------
auston
<http://news.ycombinator.com/item?id=78939>

You could use that as a barebones way to send data to google analytics or
getclicky, or plug it in to a user profile (generated by yourself). Of course
Aza's solution is waayyy more elegant.

And I'm sure firefox/opera/webkit will be closing up this vulnerability in the
near future.

~~~
martian
This is cool.

Last summer I had an inkling of an idea that used basically the same strategy.
My idea (never implemented) was to set the background images on visited
anchors to a dynamic image url that could be used to track pageviews from
other sites, to perhaps determine what links from your site your visitors
found most interesting, even if they didn't click to them _from_ your site.

There are plenty of terrible use cases for something like this, but also
plenty of benign and probably useful cases as well. If you were a search
engine, for example, you could determine if a user has been to sites that show
up in the search results, even if they don't click on the links from your
site.

The full write-up of my strategy is here: <http://tinyurl.com/6fnjod>

------
mojuba
This is not the scariest hack that can be done with HTML/JS. There is another
one that checks if you are logged in to some web site, your bank for instance.
Once a malicious page finds a site you are in, a hidden iframe can click on
links and even submit forms on your behalf.

------
pchristensen
<http://azarask.in/blog/post/socialhistoryjs/>

<http://news.ycombinator.com/item?id=201912>

------
Rickasaurus
Phew, this is way less creepy than I thought from the title. At least they
have to specify the sites.

------
bobp
nice hack!

------
rapind
clever

