Chrome, Internet Explorer, and Firefox are vulnerable to easy-to-execute techniques that allow unscrupulous websites to construct detailed histories of sites visitors have previously viewed, an attack that revives a long-standing privacy threat many people thought was fixed.
Until a few years ago, history-sniffing attacks were accepted as an unavoidable consequence of Web surfing, no matter what browser someone used. By abusing a combination of features in
JavaScript and
cascading style sheets, websites could probe a visitor's browser to check if it had visited one or more sites. In 2010, researchers at the University of California at San Diego caught YouPorn.com and 45 other sites using the technique to
determine if visitors viewed other pornographic sites. Two years later, a widely used advertising network settled federal charges that it
illegally exploited the weakness to infer if visitors were pregnant.
