Comments on: Spyjax: Your browse history is not private!

By: Samir

Samir — Wed, 06 Jun 2007 00:08:02 +0000

This is certainly something to keep in mind, but nothing to worry too much about, I think. Anyone who knows anything about computers knows that everything you do leaves a trail at some level. This is just one more example of that.

This sort of information might be useful to marketers, which could be the major danger. But how long do you think it will take for some clever programmer to come up with a Firefox extension or a Greasemonkey script to block this particular exploit?

I am guessing not too long.

By: Eliot

Eliot — Tue, 05 Jun 2007 16:44:07 +0000

By the way, I just found a Firefox extension that addresses this vulnerability: Stanford Safe History.

By: Eliot

Eliot — Tue, 05 Jun 2007 16:40:09 +0000

Interesting exploit. Too bad there’s not a way to prevent Ajax applications from accessing such internal states. (I imagine it checks the “visited” state of a link instead of the actual color, which can vary from site to site.)

I agree with other readers in that Google web history is a bit too much. I don’t use any browsers that can run the official Google toolbar anyway so I couldn’t enable it if I wanted to. (In the past as a Firefox user, I made sure to disable PageRank which sent the same data to Google.) However, I am beginning to use the Google search history function more often, and I find it very helpful that it can display what results I clicked on for each search. However, I am always careful to not leave myself logged in on public or shared machines, and I never set the cookie for search history login even on my own private machine.

By: Beta3

Beta3 — Tue, 05 Jun 2007 16:32:18 +0000

Not as scary as it seemed to be. Well first the predefined list is a good de-limiter unless you visit popular sites a lot-i mean u are always in popular sites.. I guess people using sites as PayPal and such are in danger though..

NoScript add-on in Firefox might be a good solution..

By: listikal

listikal — Sun, 03 Jun 2007 21:28:50 +0000

The Google Web history is pretty scary. I’ve gone onto there and see things I would have never searched for. When you log into another machine, you do have to make sure you’re logout of your Google account and closing your browser, otherwise you’re going to be getting other users search submissions.

By: Shankar Ganesh

Shankar Ganesh — Sun, 03 Jun 2007 04:20:54 +0000

It’s really worth scaring my friends

By: Ken Xu

Ken Xu — Sun, 03 Jun 2007 03:41:08 +0000

This indeed dangerous. Luckily, I seldom put my javascript on. So, I can defend myself from any strange script and Intruder Script.
Btw, Nice sharing!

By: Labanon

Labanon — Sun, 03 Jun 2007 02:56:03 +0000

nice sharing

By: brendan

brendan — Sat, 02 Jun 2007 22:20:53 +0000

That’s pretty scary. But also really funny. I always keep my web history off anyway. Oh, and when I first saw Google Web history there was no way I was going to turn that on. That’s like putting a sign on your shirt that says “spy on me.”

By: Haris

Haris — Sat, 02 Jun 2007 20:17:42 +0000

WOW! I never knew about this.

Thanks for sharing!