Web bug reveals browsing history

Searching for porn, BBC Porn sites are among those hijacking the history files of visitors to their sites.

Related Stories

Porn sites are among the top users of a browser bug that reveals all the places people go online, finds research.

Carried out by computer science researchers at UC San Diego the study found 485 sites exploiting the bug.

The flaw gives sites access to all the other sites that user has visited. Many use it to target ads or see if users are patronising rivals.

The researchers said their work showed a need for better defences against history tracking.

The bug exploits the way that many browsers handle links people have visited. Many change the colour of the text to reflect that earlier visit.

This can be abused with a specially written chunk of code sitting on a website that interrogates a visitors browser to see what it does to a given list of websites. Any displayed in a different colour are judged to be those a user has already seen.

A survey of 50,000 of the web's most visited websites by the team from UC San Diego found 485 sites using this method to get at browser histories, 63 were copying the data it reveals and 46 were found to be "hijacking" a user's history.

The most popular site that uses the technique is adult site YouPorn. Many other porn sites use it too as well as sports, news, movies and finance websites.

The researchers also looked at other popular techniques that sites use to map and monitor what visitors do. Some, such as YouTube, run scripts that track the trail a user's mouse pointer takes on and across pages.

"Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows," wrote the researchers.

The researchers pointed out that some modern browsers, such as Chrome and Safari, are not vulnerable to history hijacking and that the most recent version of Mozilla has closed the loophole. Users of Internet Explorer can defeat the bug by turning on "private browsing".

Users can also check how much information they are leaking by visiting a webpage set up by security researchers that tries to grab their history.

Despite these safeguards, the researchers said there was a "pressing need to devise flexible, precise and efficient defenses" against the history hijacking technique.

The research team is now planning more in-depth work that it hopes will result in tools that will more comprehensively defend against attempts to exploit the bug.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

Elsewhere on the BBC

  • Audi R8Need for speed

    Audi unveils its fastest production car ever - ahead of its Geneva debut


  • A bicycle with a Copenhagen WheelClick Watch

    The wheel giving push bikes an extra boost by turning them into smart electric hybrids

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.