Add to 
Your browser logs whatever pages you visit in browser history and most users think that it’s pretty much private because nobody else gets to see what pages you’ve been visiting, but that turns out to be false. I just came across Spyjax (via Mashable!) which shows your full browser history.
Spyjax extracts your browser history by exploiting the simplest feature of all, which is changes the color of links for sites you’ve visited. A simple piece of javascript should be good enough to determine the color of these links inorder to determine the sites visited by you, however, this can’t determine your entire browser history, because it needs a predefined list of URLs to test. Using AJAX, it’s not a problem at all… tons of URLs can be tested within seconds.
The only limitation is that this technique cannot scrape directly your browser history; it needs to test a predefined list of URLs to see if you’ve visited any of them.
Sounds pretty scary, but you can prevent this from happening by either disabling javascript in your browser all together or by limiting (or disabling) your browser history.
Optionally, you can also have fun by placing their widget on your web page and show your readers whatever sites they’ve been visiting. I’m not sure, if they’ll be happy about this, but they’ll pretty much be blown off. How good is this from Google Web History?
Written by 
wrote, on June 3rd, 2007
WOW! I never knew about this.
Thanks for sharing!
wrote, on June 3rd, 2007
That’s pretty scary. But also really funny. I always keep my web history off anyway. Oh, and when I first saw Google Web history there was no way I was going to turn that on. That’s like putting a sign on your shirt that says “spy on me.”
wrote, on June 3rd, 2007
nice sharing
wrote, on June 3rd, 2007
This indeed dangerous. Luckily, I seldom put my javascript on. So, I can defend myself from any strange script and Intruder Script.
Btw, Nice sharing!
wrote, on June 3rd, 2007
It’s really worth scaring my friends
wrote, on June 4th, 2007
The Google Web history is pretty scary. I’ve gone onto there and see things I would have never searched for. When you log into another machine, you do have to make sure you’re logout of your Google account and closing your browser, otherwise you’re going to be getting other users search submissions.
wrote, on June 5th, 2007
Not as scary as it seemed to be. Well first the predefined list is a good de-limiter unless you visit popular sites a lot-i mean u are always in popular sites.. I guess people using sites as PayPal and such are in danger though..
NoScript add-on in Firefox might be a good solution..
wrote, on June 5th, 2007
Interesting exploit. Too bad there’s not a way to prevent Ajax applications from accessing such internal states. (I imagine it checks the “visited” state of a link instead of the actual color, which can vary from site to site.)
I agree with other readers in that Google web history is a bit too much. I don’t use any browsers that can run the official Google toolbar anyway so I couldn’t enable it if I wanted to. (In the past as a Firefox user, I made sure to disable PageRank which sent the same data to Google.) However, I am beginning to use the Google search history function more often, and I find it very helpful that it can display what results I clicked on for each search. However, I am always careful to not leave myself logged in on public or shared machines, and I never set the cookie for search history login even on my own private machine.