User tracking via JavaScript

We have been blogging here before on history sniffing attacks showing that this kind of attack is a real threat to users. Recently, a paper has been published by scientists of the University of California in San Diego examining this and other attacks in a broader context. They checked the top 50.000 websites concluding that

"485 of the top 50.000 sites inspect style properties that can be used to infer the browser's history. Out of 485 sites, 63 transferred the browser's history to the network [and] 46 of them are actually doing history sniffing, one of these sites in the Alexa global top 100." (quoted from here).

Besides this well known attack they examined the deployment of other JavaScript means to track the user. The so-called attention tracking tries to determine how the user is behaving on a visited website. Is she scrolling or clicking somewhere? Or did she have her mouse over a particular link? The scientists found that a lot of the top 100 sites, including youtube.com and microsoft.com, are using these means to learn things about a current visitor.
Therefore, the lesson for us is: use the JonDoFox profile and try to avoid enabling JavaScript as often as you can, if your privacy is important to you.

Trackbacks

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.