Feeds

back to article Safari purged of decade-old browser history leak

Apple Safari has become the first major browser to be purged of one of the web's longest-running privacy defects: The ability for any site owner to effortlessly steal a complete copy of your recent browsing history. The browser history disclosure leak is as old as the World Wide Web itself, and it afflicted every major browser …

COMMENTS

This topic is closed for new posts.
Grenade

Didn't work on my browser

I'm running Firefox 3.6.3 on Windows XP. When I visited both of the test sites with Private Browsing enabled, they found nothing. Private Browsing can be enabled by default (under Tools > Options... > Privacy).

0
0

hmmm

nice to know how to do it manually but not turned off at the finnish of the install of the browser is insane.

I am sure they did this to appease websites to make money from your info

0
0
Thumb Up

Google Chrome dev channel appears to be fixed already

The two sites linked in the article failed to find any history. My version of Chrome is 6.0.422.0.

0
0
Anonymous Coward

As old as the web?

"The browser history disclosure leak is as old as the World Wide Web itself"

How do you work that out? The web started without Javascript, and even when it did arrive, it was a long while before there were methods to determine the colour of a link.

2
1

JS not required

The flaw can be, and is, exploited without any javascript. It can be done entirely with css.

1
2
Anonymous Coward

You missed the point arguing semantics

CSS isn't "as old as the World Wide Web itself" either.

2
2
Happy

firefox 3.6.3.

on my mac with firefox 3.6.3, i went on both sites and it showed no history, i have not got my private browsing set to on.

my system clears all history when i close browser and also all cache, cookies etc sametime.

I also have system fully Stealthed to internet, i do this with all systems.

so no problems here then :-)

0
0
Thumb Up

Sure...

If your browser doesn't save any history, then there is no history to be retrieved.

The problem is that some of us find the history function rather useful, so I for one welcome, etc etc

1
0
Anonymous Coward

"As old as the web"?

HTML was around for a while before css become available.

1
0
Gold badge

A risk/benefit analysis

"The history leak is the result of [...] technology that causes a browser to display links that have been visited in a different color than addresses that have not been visited."

Shit. It would be disastrous if that ever broke.

"It also allows webmasters to customize content and user interfaces on their sites based on the links individual users regularly visit."

You mean, it lets them violate your privacy? Er, yes, that's rather the point.

"Microsoft has so far [only warned] that browser fixes could break websites."

For the reasons given above, I'm inclined to think that this is a load of cobblers. Is there something I've missed? As far as I can see, not only is this an easy fix but it has actually been fixed (through private browsing) in several browsers with no observable ill effects whatsoever.

0
0
This topic is closed for new posts.