CircleID

A recent study reveals a browser history detection method, largely dismissed as an issue with minimal impact, can in fact be used against a vast majority of Internet users with significant malicious potential. Researchers, Artur Janc and Lukasz Olejnik, analyzed real-world results obtained from 271,576 Internet users and have reported the results in a paper titled, "Feasibility and Real-World Implications of Web Browser History Detection".

Some key highlight from the report include:

• Results indicated that at least 76% of Internet users are vulnerable to history detection.
• All major browsers allow their users' history to be detected, but apparently users of the more modern browsers such as Safari and Chrome are more affected; the study detected visited sites for 82% of Safari users and 94% of Chrome users.
• Visitors with JavaScript turned off are just as vulnerable to history detection as JS-enabled browsers. Histories for 77% of such users were detected; for some tests, users without JavaScript had more visited sites detected than others.

The results of this study will be presented at the upcoming Web 2.0 Security and Privacy 2010 workshop on May 20th.

Related Links:
Real-world Web browser history detection results (About | Full Paper)

Related topics: Malware, Privacy, Security, Web