
What the Internet knows about you - kqr2
http://whattheinternetknowsaboutyou.com/
======
geuis
Unfortunately, this is just really old news and really lame. Man, I hate using
the word lame. Its not an "attack". Its simply taking advantage of a feature
built into all browsers since like 2000 or before.

~~~
mildweed
This is now the 5th time this topic has been posted to HN. May 2008 was when
it all started:

<http://www.azarask.in/blog/post/socialhistoryjs/>

<http://news.ycombinator.com/item?id=248558>

<http://news.ycombinator.com/item?id=404564>

<http://news.ycombinator.com/item?id=617546>

<http://news.ycombinator.com/item?id=717802>

~~~
marchewa
That's true -- there have been several projects making use of the CSS :visited
history sniffing technique. The method itself was originally reported in early
2000. See
[http://whattheinternetknowsaboutyou.com/docs/details.html#re...](http://whattheinternetknowsaboutyou.com/docs/details.html#references)

------
aarongough
Wow. That is very clever, and very, _very_ scary.

I was unaware of that particular attack, though now that I've read about it,
it makes perfect sense.

Maybe it's time to set my work machine to not keep my browsing history (like
my home machine)...

------
jeroen
At least 3 years old: [http://jeremiahgrossman.blogspot.com/2006/08/i-know-
where-yo...](http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-
been.html)

------
thisduck
The information on that site is a bit misleading. How would they figure out
your name? Or who your friends were?

They would have to already know your name to search for URLs then that would
contain your name. That is a lot of work to be doing in a browser. And if you
have a common name, then whoptido. So what?

You can only use this technique against a set of URLs, you can't determine
URLs unless you already know what to check against. At that, you would have to
know the _exact_ URL to check against.

------
rwolf
"This site normally works even when JavaScript is disabled, but we temporarily
switched off that functionality for performance reasons. Please come back in a
couple of hours."

Riiight.

~~~
marchewa
It looks like it's working now even without JS. The history detection method
itself doesn't need JavaScript at all; see
<http://whattheinternetknowsaboutyou.com/docs/details.html>

------
matstc
Hacker News is among the 5000 most popular sites!

------
snprbob86
This site produces a HTTP 500 error for me. Would someone please provide a
description of what was there?

~~~
there
that _is_ what it knows about you.

------
katamole
Site's down. Is it this exploit?:

[http://thecoffeedesk.com/news/index.php/2009/08/02/view-
remo...](http://thecoffeedesk.com/news/index.php/2009/08/02/view-remote-
browser-history/)

------
omouse
I think they mean what the _Web_ knows about you. The Internet sure as hell
doesn't know about my email habits or how much streaming I do of music.

------
pierrefar
Ubuntu, xkcd, freepatentsonline.com, bing, google, yahoo, mozilla, technorati,
wordpress, winamp, posterous, and HN.

I guess the internet thinks I'm a geek.

------
fnid
Congratulations, we did not find anything in this category in your browser
history. Feel free to try our other browser history tests.

------
gloob
Apparently the Internet knows nothing about me. That is ... rather surprising.

~~~
barrkel
Me too. This "attack" is very old and well-known on the browser side. It
doesn't work particularly well on me because I keep no history.

~~~
aarongough
I had never heard of it before. I wouldn't consider myself anywhere near an
expert on client-side exploits but still...

I keep up with most tech-related news as well as I can and I had never heard
of it until now...

I'd be interested to see how many people actually _have_ heard about it
before.

~~~
blhack
This isn't an exploit, it is a feature of almost every modern browser.

~~~
redcap
I wasn't aware that sharing your browser history with every website that cares
to check it was a 'feature'.

~~~
blhack
I think that was the point...

Most people aren't aware of this.

Hopefully it was a success for you!

