a javascript history sniffing script with a past and implications

Posted by joy


I happened to catch this blog post by Jeremiah Grossman that detailed a way a Web site owner could “steal” your browser history and check where you have been via Javascript and a list of Web sites. See his blog’s page source for his script. This concept is different than a mere Web referrer as a referrer only names the site you’ve been referred from, and this point of concept checks browser history.

After reading the post, I thought that I had heard of this concept before, and voilĂ , some of the later comments on the postings noted that there have been proof of concepts on this theme for a number of years. So I was correct.

And I’m thinking now, how could this (or other javascript history sniffing scripts) be any worse than the scripts that track advertising cookies?

However, I thought it amusing that Jeremiah wrote:

I wonder how long until the marketers start using this for additional visitor profiling.

Oh yes, it’s the *marketers* we have to be afraid of. Personally I was thinking of bad guys who want to figure out where one does their online banking.

[tags]javascript, point of concept, tracking, cookies, advertising, black hat [/tags]


One Response to “a javascript history sniffing script with a past and implications”

  1. bert Says:

    I don’t think it worked on me. Only shows Amazon and Yahoo, the former which I haven’t been to in several days, and the latter which, heck, most everybody visits. Didn’t show google though. Or online banking. Then again, I keep all my piles of money under the mattress anyway.

    As for who to be afraid of, well, the bad guys can only rob you once. Marketers hound you for life :P

Leave a Reply