My OperaYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
CSS history hack - is this a privacy problem?
“ What if I told you that in the time it takes you to read this sentence I could have stolen a large portion of your browsers history? whhaaaaaat? While open access to the browsers history is not possible for obvious security reasons, you can still query it.”Quoted from alanayoub.com/css-history-hack.
I use Opera 9.64 and this version is vulnerable to this.
Test sites: what the internet knows about you.com and using your browser url history estimate gender. Opera is not vulnerable to the last site unless Floating Frames is enabled.
Most of you are using Opera 10, do you get the same results? Is this exploit forever going to be possible?
http://my.opera.com/community/forums/topic.dml?id=581082 
Opera 12.16 build 1860 Windows Vista Premium SP2
Be helpful to the shyman, and be wary of the slyman.
Be guidance to the blindman, and be thankful to the kindman.
ʎzzıp ʇǝƃ llıʍ noʎ ʇıq sıɥʇ pɐǝɹ ʇ,uop
Be helpful to the shyman, and be wary of the slyman.
Be guidance to the blindman, and be thankful to the kindman.
ʎzzıp ʇǝƃ llıʍ noʎ ʇıq sıɥʇ pɐǝɹ ʇ,uop
Originally posted by Luxor:
That topic was closed due to arguing.
The history leak is a vulnerability and I wonder if I can do anything to prevent it?
15. June 2010, 14:25:12 (edited)
Originally posted by Vikingen:
That topic was closed due to arguing.
Just to be precise:
Reason: Non-descriptive title, poor description
Originally posted by Vikingen:
You can visit "risky" sites in private tabs (of course you must install Opera 10.5X to have this option).(...) I wonder if I can do anything to prevent it?
There's also an option to override CSS properties, which are used in this hack, with User CSS - e.g. (that's an example written now by me, so it may prevent some sites from detecting your history, but I don't say that there's no mistakes):
a:visited {
background-image: none !important;
}
Edit: Looks like using private tabs doesn't work (although it should). Also remember that there are two ways of performing history detection: CSS only, or with JavaScript. So, you would also have to disable JavaScript for this not to work.
I can maybe do that CSS fix if you point me to where I can download it. But I can't turn off JS as default because almost every website uses it. I tried but ended up enabling it as default.
So that means the CSS fix is not helping much. If someone wants to read the browsing history then they are probably smart enough to use JS as well.
So that means the CSS fix is not helping much. If someone wants to read the browsing history then they are probably smart enough to use JS as well.