By Thilak June 3, 2007

Spyjax: Your browse history is not private!

Your browser logs whatever pages you visit in browser history and most users think that it’s pretty much private because nobody else gets to see what pages you’ve been visiting, but that turns out to be false. I just came across Spyjax (via Mashable!) which shows your full browser history.

Spyjax extracts your browser history by exploiting the simplest feature of all, which is changes the color of links for sites you’ve visited. A simple piece of javascript should be good enough to determine the color of these links inorder to determine the sites visited by you, however, this can’t determine your entire browser history, because it needs a predefined list of URLs to test. Using AJAX, it’s not a problem at all… tons of URLs can be tested within seconds.

The only limitation is that this technique cannot scrape directly your browser history; it needs to test a predefined list of URLs to see if you’ve visited any of them.

Sounds pretty scary, but you can prevent this from happening by either disabling javascript in your browser all together or by limiting (or disabling) your browser history.

Optionally, you can also have fun by placing their widget on your web page and show your readers whatever sites they’ve been visiting. I’m not sure, if they’ll be happy about this, but they’ll pretty much be blown off. How good is this from Google Web History?

Related Posts that you may like:

Discussion

Comments for “Spyjax: Your browse history is not private!”

  • This is certainly something to keep in mind, but nothing to worry too much about, I think. Anyone who knows anything about computers knows that everything you do leaves a trail at some level. This is just one more example of that.

    This sort of information might be useful to marketers, which could be the major danger. But how long do you think it will take for some clever programmer to come up with a Firefox extension or a Greasemonkey script to block this particular exploit?

    I am guessing not too long.
  • By the way, I just found a Firefox extension that addresses this vulnerability: Stanford Safe History.
  • Interesting exploit. Too bad there's not a way to prevent Ajax applications from accessing such internal states. (I imagine it checks the "visited" state of a link instead of the actual color, which can vary from site to site.)

    I agree with other readers in that Google web history is a bit too much. I don't use any browsers that can run the official Google toolbar anyway so I couldn't enable it if I wanted to. (In the past as a Firefox user, I made sure to disable PageRank which sent the same data to Google.) However, I am beginning to use the Google search history function more often, and I find it very helpful that it can display what results I clicked on for each search. However, I am always careful to not leave myself logged in on public or shared machines, and I never set the cookie for search history login even on my own private machine.
  • Not as scary as it seemed to be. Well first the predefined list is a good de-limiter unless you visit popular sites a lot-i mean u are always in popular sites.. I guess people using sites as PayPal and such are in danger though..

    NoScript add-on in Firefox might be a good solution..
  • The Google Web history is pretty scary. I've gone onto there and see things I would have never searched for. When you log into another machine, you do have to make sure you're logout of your Google account and closing your browser, otherwise you're going to be getting other users search submissions.
blog comments powered by Disqus

Welcome to TechBuzz

TechBuzz is a technology blog read by 3000+ readers every day. We regularly write about new trends in technology, useful computer application and new web services. If you are new here, please subscribe our feed or opt for email updates to get new articles to your inbox.

Free Daily Updates

You can get fresh daily articles delivered straight to your feed reader or email inbox. Please subscribe to our RSS feed or opt for our free newsletter

Recent Posts

Google’s Chrome Tablet Concept Revealed
Google’s Chrome Tablet Concept Revealed
February 3, 2010
By Thilak
Ixquick. Ixquick allows users to surf the web with complete privacy. It let’s users surf the world wide web safely without revealing any personally identifiable or private information to the websites being viewed.

Ixquick is a free service which provides complete anonymity to the user enabling the user to surf the internet anonymously and safely. They claim it to be world’s most private search engine.

Surf The Internet Anonymously With Ixquick!

Surf The Internet Anonymously With Ixquick!
January 28, 2010
By Meghan
Apple iPad Unveiled
Apple iPad Unveiled
January 28, 2010
By Meghan
Happy New Year!
Happy New Year!
January 1, 2010
By Meghan
WordPress Version 2.9 Is Out!
WordPress Version 2.9 Is Out!
December 19, 2009
By Meghan