Safari purged of decade-old browser history leak
Apple Safari has become the first major browser to be purged of one of the web's longest-running privacy defects: The ability for any site owner to effortlessly steal a complete copy of your recent browsing history. The browser history disclosure leak is as old as the World Wide Web itself, and it afflicted every major browser …
I'm running Firefox 3.6.3 on Windows XP. When I visited both of the test sites with Private Browsing enabled, they found nothing. Private Browsing can be enabled by default (under Tools > Options... > Privacy).
nice to know how to do it manually but not turned off at the finnish of the install of the browser is insane.
I am sure they did this to appease websites to make money from your info
The two sites linked in the article failed to find any history. My version of Chrome is 6.0.422.0.
"The browser history disclosure leak is as old as the World Wide Web itself"
How do you work that out? The web started without Javascript, and even when it did arrive, it was a long while before there were methods to determine the colour of a link.
The flaw can be, and is, exploited without any javascript. It can be done entirely with css.
CSS isn't "as old as the World Wide Web itself" either.
on my mac with firefox 3.6.3, i went on both sites and it showed no history, i have not got my private browsing set to on.
my system clears all history when i close browser and also all cache, cookies etc sametime.
I also have system fully Stealthed to internet, i do this with all systems.
so no problems here then :-)
If your browser doesn't save any history, then there is no history to be retrieved.
The problem is that some of us find the history function rather useful, so I for one welcome, etc etc
HTML was around for a while before css become available.
"The history leak is the result of [...] technology that causes a browser to display links that have been visited in a different color than addresses that have not been visited."
Shit. It would be disastrous if that ever broke.
"It also allows webmasters to customize content and user interfaces on their sites based on the links individual users regularly visit."
You mean, it lets them violate your privacy? Er, yes, that's rather the point.
"Microsoft has so far [only warned] that browser fixes could break websites."
For the reasons given above, I'm inclined to think that this is a load of cobblers. Is there something I've missed? As far as I can see, not only is this an easy fix but it has actually been fixed (through private browsing) in several browsers with no observable ill effects whatsoever.
Sign up, sign up for The Register's weekly IT security newsletter - click here
