25 August 2006
A New Way of Tracking Users’ Browsing Habits
Posted by Mikhail Esteves under: General .
Jeremiah Grossman came up with a really clever way of using Javascript to find what pages you’ve visited recently. It goes like this: when a link has been visited, you can use the
:visitedpseudo-class to style it. Using Javascript, you can walk through all of the links on your page and grab their styles; comparing a link’s style to the style given to visited links in the CSS will tell you whether or not a site has been visited. Seems innocent enough, until you realize that this can be applied to a large list of links. A site will know whether or not have been to any of the sites on their list. Combine that with a little Ajax, a database and a cookie, and you can track where your return users have been over time.This technique is worrying, but probably not the end of privacy as we know it. It can only be applied to a finite list of links, so it’s not able to find out all of the sites you’ve been to. It’s done using Javascript, so you can’t hide the fact that you’re using it; the code can be obfuscated, but eventually someone will figure out that Evil Corp. is tracking whether users have visited their competitors’ sites first. And it can be prevented by emptying your cache or reseting your visited links. It will be interesting to see if any popular sites risk the bad publicity of actually using this.