…and what you’re planning to do tonight!
When the internet evolved there was the notion that it was an anonymous forum where people could post and travel wherever a vagrant thought might lead. As the evolution continues it has become more of a tool for malefactors to peer into your mind.
I say malefactors because it is unhealthy for third parties to track my surfing patterns. Whether I like Coke or Pepsi may seem innocent enough but to know my sexual proclivities, who I bank with, my political views, when aggregated creates a model of my mind from which actions can be predicted.
If I am curious about something, say bomb making, my edossier is updated and the code profile is changed. Eventually (just because it’s possible) we all will be graded à la “1984.” We are already traceable via the GPS in our cell phones. I may be a bit paranoid having been photographed being slow making a left-hand turn on a yellow light, however, times change and I can see a time where laws may change what is legal or accepted today may be criminalized tomorrow. Our dossiers will remain the same.
== == ==
December 3, 2010
“Nobody knew if anyone on the Internet was using history sniffing to get at users’ private browsing history. What we were able to show is that the answer is yes,” said UC San Diego computer science professor Hovav Shacham.
History sniffing can be used by website owners to learn which competitor sites visitors have or have not been to. History sniffing can also be deployed by advertising companies looking to build user profiles, or by online criminals collecting information for future phishing attacks. Learning what banking site you visit, for example, suggests which fake banking page to serve up during a phishing attack aimed at collecting your bank account login information.
The latest versions of Firefox, Chrome, and Safari now block the history sniffing attacks the computer scientists monitored. Internet Explorer, however, does not currently defend against history sniffing. In addition, anyone using anything but the latest versions of the patched browsers is also vulnerable.
Sniffing out History Sniffing
The computer scientists looked for history sniffing on the front pages of the top 50,000 websites, according to Alexa global website rankings. They found that 485 of the top 50,000 sites inspect style properties that can be used to infer the browser’s history. Out of 485 sites, 63 transferred the browser’s history to the network. “We confirmed that 46 of them are actually doing history sniffing, one of these sites being in the Alexa global top 100,” the UC San Diego computer scientists write in the CCS 2010 paper.
History Sniffing in Perspective
The computer scientists say that history sniffing does not pose as great a risk to your privacy or identity as malicious software programs (malware) that can steal your banking information or your entire Facebook profile. But, according to Shacham, “history sniffing is unusual in effectively allowing any site you visit to learn about your browsing habits on any other site, regardless if the two sites have any business relationship.”
To see history sniffing in action, visit: http://www.whatthe … aboutyou.com.
“I think people who have updated or switched browsers should now worry about things other than history sniffing, like keeping their Flash plug-in up to date so they don’t get exploited. But that doesn’t mean that the companies that have engaged in history sniffing for the currently 60 percent of the user population that is vulnerable to it should get a free pass,” said Shacham.
Tracking History Sniffing
“We detected when browser history is looked at, collected on the browser and sent on the network from the browser to their servers. What servers then do with that information is speculation,” said Lerner.