…a specially written chunk of code sitting on a website that interrogates a visitors browser to see what it does to a given list of websites. Any displayed in a different colour are judged to be those a user has already seen.
A survey of 50,000 of the web’s most visited websites by the team from UC San Diego found 485 sites using this method to get at browser histories, 63 were copying the data it reveals and 46 were found to be “hijacking” a user’s history.
The most popular site that uses the technique is adult site YouPorn. Many other porn sites use it too as well as sports, news, movies and finance websites.
Do you wonder if Site Dilaceratus is tracking your nasty habits (visiting financial websites) as well? No– That would imply some belief that you were worth knowing about.
The researchers pointed out that some modern browsers, such as Chrome and Safari, are not vulnerable to history hijacking and that the most recent version of Mozilla [Firefox] has closed the loophole. Users of Internet Explorer can defeat the bug by turning on “private browsing”.
Users can also check how much information they are leaking by visiting a webpage set up by security researchers that tries to grab their history.
No doubt the researchers also suggested that you try entering your PayPal login a few times, too, just to be sure it was secure.