"Wolf K" <
wol...@sympatico.ca> wrote
| > "The attacks the researchers developed, in the form of JavaScript code,
| > cause web browsers to behave differently based on whether a website had
| > been visited or not."
|
| Interesting.
|
| Defence: Clear History on exit from browser and/or clear manually at
| regular intervals.
I like to keep a long history because I often
want to revisit something but don't remember
the URL.
It seems this issue needs to be kept in
perspective. The new CSS methods are a surprise
to me. Personally I'd like to be able to disable
SVG altogether, anyway. As far as I know it's
only used for social media icons. But I'm not
sure it's possible to disable it.
If you enable javascript then this, and many
other spy mechanisms, have always been possible.
A site can just use script to check the color of
links and see whether they're visited color. One
of the linked articles talks about ending that
functionality, but it's very useful to see which
links you've visited.
But what, really, is the risk? If you visit a sleazy
site they can see where you've been. So what?
Maybe CBS.com would like to know whether you
visit NBC or ABC. But unless you visit a lot of big
commercial sites you're probably not giving away
much info.
One of the articles gives an example of someone
tracking that you've visited Chase banking and then
showing you a fake Chase login. But that would
involve numerous ifs. You'd need to bank online,
which is already a big risk. You'd need to visit a
malware site that wants to track you. Your bank
would have to be one that they have a fake login
page for. They'd have to find a convincing excuse
to show you a login page.... Very farfetched as
a risk.