Cognitive Sandbox » Invasive browser sniffing

Feb201019

Software development

0

Invasive browser sniffing

Take the a:visited pseudo-class and use it to determine if the client’s browser has visited a site. Do this en masse with a subset of Alexa’s top 1m websites and you can build up a fairly detailed profile of a visiting brower’s history.

var sites = [
  'http://google.com',
  'http://facebook.com'
];
$(function(){
  for (var i in sites) {
    $("#test").html("
      <li><a href='"+sites[i]+"'>"+sites[i]+"</a> </li>
    ");
    if ($("#test a").css('color') == "rgb(0, 204, 0)")
      $("#test li").appendTo("#visited");
    else
      $("#test li").appendTo("#not-visited");
    }
});

Try the code

The ethics of this technique are questionable, especially if you retain this data and associate it with an email address or a registered user account. The only way I can see to protect against it is to disable JavaScript on all but the few sites you trust.

You could augment it to only send a sampling of 50 sites, respond with an ajax post, then determine which 50 to check next (e.g. if a user has visited a site specific to tech news, poll your next 50 on the most popular tech news sites). This concept is used at What The Internet Knows About You.

Leave a Reply

Click here to cancel reply.