Browser History - 75% of users need to improve privacy safeguards
This decade old vulnerability is now enhanced by an algorithm that can process 30,000 sites per second, in comparing browser history verses a list of specific web sites. While I had every browser set to zero days history, that's still not enough. The online DEMO link at bottom is a neat test and certainly made me a little more aware.
It's always beneficial to modify settings in your browser to improve privacy. Some techniques include: keep zero days of history and to clear history on exit. There are also new features like IE8's inPrivate browsing mode or the special security extenstions in Firefox 3.
On the Web, your browser history is an open book
QUOTE: They wrote: “We present a web-based system capable of effectively detecting clients' browsing histories and categorizing detected information. We analyze and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76% of Internet users are vulnerable to history detection; for a test of most popular Internet websites we were able to detect, on average, 62 visited locations. We also demonstrate the potential for detecting private data such as zip codes or search queries typed into online forms. Our results confirm the feasibility of conducting attacks on user privacy using CSS-based history detection and demonstrate that such attacks are realizable with minimal resources.”
Most browsers silently expose intimate viewing habits
QUOTE: While the underlying browser history disclosure vulnerability was disclosed a decade ago, researchers on Thursday disclosed a variety of techniques that make attacks much more efficient. Among other things, the researchers described an algorithm that can scan as many as 30,000 links per second. To exploit the history-pilfering weakness, webmasters must compare a victim's HTTP response code against a list of specific web addresses, a requirement many have long said limited the effectiveness of practical attacks.
CSS History Probing, or: "I know where you went last week"
CSS History Sniffer - ONLINE DEMO
WAYS TO IMPROVE PRIVACY: Use your browser's privacy features. If you set your browser history to Clear-on-Exit, or your history to expire regularly (see Tools / Options / Browsing History), you can scope down the duration that Visited Links are retained. Better still, IE8's InPrivate Browsing feature blocks CSS visited link detection (Firefox 3.5's Private Browsing feature and Chrome 2's Incognito feature do the same). For Firefox users, there is also the SafeHistory extension which offers enhanced privacy.