By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Amaronline.comAmaronline.comAmaronline.com
  • Cloud
  • Gadgets
  • Mobile
  • Social Media
  • Technology
  • Web Guide
Reading: JavaScript can expose your browsing history
Share
Sign In
Notification
Font ResizerAa
Amaronline.comAmaronline.com
Font ResizerAa
  • Cloud
  • Gadgets
  • Mobile
  • Social Media
  • Technology
  • Web Guide
  • Cloud
  • Gadgets
  • Mobile
  • Social Media
  • Technology
  • Web Guide
Have an existing account? Sign In
Follow US
  • Contact
  • Blog
  • Complaint
  • Advertise
  • Advertise
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Amaronline.com > Blog > Social Media > JavaScript can expose your browsing history
Social Media

JavaScript can expose your browsing history

amaronline
Share
SHARE

WASHINGTON: A new study has shown that your web surfing history is easily accessible without your permission – through JavaScript code.

Research from computer scientists at the University of California, San Diego, showed that JavaScript code deployed by real websites and online advertising providers uses browser vulnerabilities to determine which sites you have and have not visited.

“JavaScript is a great thing, it allows things like Gmail and Google Maps and a whole bunch of Web 2.0 applications; but it also opens up a lot of security vulnerabilities,” said Sorin Lerner. The researchers documented JavaScript code secretly collecting browsing histories of Web users through “history sniffing” and sending that information across the network.

“Nobody knew if anyone on the Internet was using history sniffing to get at users’ private browsing history. What we were able to show is that the answer is yes,” said Hovav Shacham.

History sniffing takes place without your knowledge or permission and relies on the fact that browsers display links to sites you’ve visited differently than ones you haven’t: by default, visited links are purple, unvisited links blue.

History sniffing JavaScript code can be used by website owners to learn which competitor sites visitors have or have not been to or can also be deployed by advertising companies looking to build user profiles, or by online criminals collecting information for future phishing attacks.

In addition, anyone using anything but the latest versions of the patched browsers is also vulnerable. “We built a dynamic data flow engine for JavaScript to track history sniffing in the wild. I don’t know of any other practical tool that can be used to do this kind of extensive study,” said Dongseok Jang.

Out of 485 sites, 63 transferred the browser’s history to the network. “We confirmed that 46 of them are actually doing history sniffing, one of these sites being in the Alexa global top 100,” the UC San Diego computer scientists wrote. “I think people who have updated or switched browsers should now worry about things other than history sniffing, like keeping their Flash plug-in up to date so they don’t get exploited.

But that doesn’t mean that the companies that have engaged in history sniffing for the currently 60 percent of the user population that is vulnerable to it should get a free pass,” said Shacham.

The UC San Diego history-sniffing detection tool analyzes the JavaScript running on the page to identify and tag all instances where the browser history is being checked. The way the system tags each of these potential history tracking events can be compared to the ink or paint packets that banks add to bags of money being stolen.

“As soon as a JavaScript tries to look at the color of a link, we immediately put ‘paint’ on that. Some sites collected that information but never sent it over the network, so there was all this ‘paint’ inside the browser. But in other cases, we observed ‘paint’ being sent over the network, indicating that history sniffing is going on,” explained Lerner.

“We detected when browser history is looked at, collected on the browser and sent on the network from the browser to their servers. What servers then do with that information is speculation,” he said.

The “paint” tracking approach to monitoring JavaScript could be useful for more than just history sniffing, Lerner explained. “It could be useful for understanding what information is being leaked by applications on Web 2.0 sites. Many of these apps use a lot of JavaScript.”

The computer scientists from the UC San Diego Jacobs School of Engineering presented this work in October at the 2010 ACM

Conference on Computer and Communications Security (CCS 2010).

You Might Also Like

Opera Mini 5 Beta Now Available For Android
L-1 visas to Indian IT cos decline
Ballmer: We’re beating Google in the cloud
2G spectrum scam: CBI to confront A Raja with Shahid Balwa
Microsoft Kinect: Who says it’s just for gaming
TAGGED:JavaScript can expose your browsing history
Previous Article Google unveils new smartphone, Nexus S
Next Article Andy Rubin Shows Off Android 3.0 On Prototype Motorola Tablet

Stay Connected

248.1kLike
69.1kFollow
134kPin
54.3kFollow
banner banner
Create an Amazing Newspaper
Discover thousands of options, easy to customize layouts, one-click to import demo and much more.
Learn More

Latest News

Honor Win 2 specs leak alongside some details about the Win 2 RT
Mobile
Motorola Razr Fold launches in the US and Canada, Razr 2026 family available in the US
Mobile
Trump Mobile confirms that it exposed customer data
Mobile
Spotify’s new Personal Podcast feature lets you create podcasts with text prompts
Mobile

You Might also Like

Social Media

IBM; Oracle end legal battle over poaching execs

amaronline
amaronline
1 Min Read
Social Media

Citi: Over 3,60,000 customers hacked

amaronline
amaronline
1 Min Read

Microsoft, Outlook Is Broken, Says 6,000 Tweets (And Growing). Fix It.

amaronline
amaronline
3 Min Read
//

We influence 20 million users and is the number one business and technology news network on the planet

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id=”1616″]

Amaronline.comAmaronline.com
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?