In Focus

➢ Study Shows How Third Parties Access Your Browsing History

Although you might believe your Web history is safe, your browser might be secretly allowing online criminals and others to determine what Websites you have and have not visited. New research from computer scientists at the University of California-San Diego has documented how your data can be collected and then transmitted across a network—all without your permission.

In this dangerous phenomenon—known as "history sniffing"—JavaScript code secretly reveals your browser history to third parties. The privacy implications of history sniffing have been explored in previous studies, but the UC San Diego research is the first analysis of real-life history sniffing on the Web.

"Nobody knew if anyone on the Internet was using history sniffing to get at users' private browsing history. What we were able to show is that the answer is yes,"

History sniffing takes advantage of a seemingly helpful characteristic of Web browsers: the fact that they label visited links as purple and unvisited links as blue. History sniffers use the JavaCode recorded about link colors to determine whether or not you've visited a specific site.

History sniffing has many possible uses, some more malicious than others. Website owners, for example, might use it to find out if you have visited competitors' sites; advertising companies might use it to explore consumer personalities; and online criminals might use it to plot their next attack.

"JavaScript is a great thing. It allows things like Gmail and Google Maps and a whole bunch of Web 2.0 applications, but it also opens up a lot of security vulnerabilities, we want to let the broad public know that history sniffing is possible, it actually happens out there, and that there are a lot of people vulnerable to this attack."

Although the latest versions of Firefox, Safari and Chrome now block history sniffing, users with other browsers, such as Internet Explorer, or outdated versions...