Your Web Surfing History is Accessible (Without Your Permission) via JavaScript

Paper website Sorin Lerner website Hovav Shacham website Jacobs School of Engineering on Twitter Jacobs School of Engineering blog December 02, 2010 By Daniel Kane The Web surfing history saved in your Web browser can be accessed without your permission. JavaScript code deployed by real websites and online advertising providers use browser vulnerabilities to determine which sites you have and have not visited, according to new research from computer scientists at the University of California, San Diego. The researchers documented JavaScript code secretly collecting browsing histories of Web users through "history sniffing" and sending that information across the network. While history sniffing and its potential implications for privacy violation have been discussed and demonstrated, the new work provides the first empirical analysis of history sniffing on the real Web. "Nobody knew if anyone on the Internet was using history sniffing to get at users' private browsing history. What we were able to show is that the answer is yes," said UC San Diego computer science professor Hovav Shacham. "JavaScript is a great thing, it allows things like Gmail and Google Maps and a whole bunch of Web 2.0 applications; but it also opens up a lot of security vulnerabilities.
account creation

TO READ THIS ARTICLE, CREATE YOUR ACCOUNT

And extend your reading, free of charge and with no commitment.

Register


Login

Your Benefits

  • Access to all content
  • Receive newsmails for news and jobs
  • Post ads

myScience