back to article Safari purged of decade-old browser history leak

Apple Safari has become the first major browser to be purged of one of the web's longest-running privacy defects: The ability for any site owner to effortlessly steal a complete copy of your recent browsing history. The browser history disclosure leak is as old as the World Wide Web itself, and it afflicted every major browser …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Grenade

    Didn't work on my browser

    I'm running Firefox 3.6.3 on Windows XP. When I visited both of the test sites with Private Browsing enabled, they found nothing. Private Browsing can be enabled by default (under Tools > Options... > Privacy).

    1. Inachu

      hmmm

      nice to know how to do it manually but not turned off at the finnish of the install of the browser is insane.

      I am sure they did this to appease websites to make money from your info

  2. DuncanP
    Thumb Up

    Google Chrome dev channel appears to be fixed already

    The two sites linked in the article failed to find any history. My version of Chrome is 6.0.422.0.

  3. Anonymous Coward
    Anonymous Coward

    As old as the web?

    "The browser history disclosure leak is as old as the World Wide Web itself"

    How do you work that out? The web started without Javascript, and even when it did arrive, it was a long while before there were methods to determine the colour of a link.

    1. Mike Cardwell

      JS not required

      The flaw can be, and is, exploited without any javascript. It can be done entirely with css.

      1. Anonymous Coward
        Anonymous Coward

        You missed the point arguing semantics

        CSS isn't "as old as the World Wide Web itself" either.

  4. Gordon 17
    Happy

    firefox 3.6.3.

    on my mac with firefox 3.6.3, i went on both sites and it showed no history, i have not got my private browsing set to on.

    my system clears all history when i close browser and also all cache, cookies etc sametime.

    I also have system fully Stealthed to internet, i do this with all systems.

    so no problems here then :-)

    1. Chris 3
      Thumb Up

      Sure...

      If your browser doesn't save any history, then there is no history to be retrieved.

      The problem is that some of us find the history function rather useful, so I for one welcome, etc etc

  5. Anonymous Coward
    Anonymous Coward

    "As old as the web"?

    HTML was around for a while before css become available.

  6. Ken Hagan Gold badge

    A risk/benefit analysis

    "The history leak is the result of [...] technology that causes a browser to display links that have been visited in a different color than addresses that have not been visited."

    Shit. It would be disastrous if that ever broke.

    "It also allows webmasters to customize content and user interfaces on their sites based on the links individual users regularly visit."

    You mean, it lets them violate your privacy? Er, yes, that's rather the point.

    "Microsoft has so far [only warned] that browser fixes could break websites."

    For the reasons given above, I'm inclined to think that this is a load of cobblers. Is there something I've missed? As far as I can see, not only is this an easy fix but it has actually been fixed (through private browsing) in several browsers with no observable ill effects whatsoever.

This topic is closed for new posts.

Other stories you might like