Friday, December 3, 2010

"Wired.com and Huffington Post Amongst List of Privacy-Invading Websites"

As we've linked to both these sites over the years we thought we should give you the heads up.
From MIT's Mims' Bits blog:
Behavior and history-sniffing websites know what you copy, click, and rollover, and even which of their competitors you're visiting.

A new paper (pdf) from researchers at the University of California, San Diego reveals that a significant proportion of the 50,000 most-visited sites on the web are engaging in some level of behavioral tracking. Furthermore, and more disturbingly, a few are actually examining your browser's history to determine what other sites you visit, exploiting a security vulnerability known about for a decade.
Not all of the transgressions uncovered by lead author Dongseok Jan are equally invasive. Less offensive are sites like Wired, Technorati, Answerbag, and Perez Hilton, which are using analytics service Tynt.com to, for example, track what content users are copying and pasting from their websites, a process called "behavior sniffing." More worrisome is behavior known as "history sniffing," in which a site uses javascript to query a browser about what sites its users have visited previously. Jan's list includes 46 websites engaging in this behavior.

Youporn.com, which determines whether a user has visited its competitors' websites, even went so far as to engage in a primitive form of cryptography in order to hide the URLs of the sites it's asking about.
History sniffing works because browsers change the color of links a user has already visited: the javascript used on these sites simply queries those specific links to see if their color has been changed. The exploit does not work in Google's Chrome or Apple's Safari browsers, and a fix for Firefox is available in its newest version. Internet Explorer, however, remains vulnerable to this exploit.

The researchers singled out the Huffington Post for special opprobrium...MORE