Security Sidebar: I Can See Your Browsing History

Is there any expectation of browsing privacy on the Internet any more?  Well, there shouldn't be.  A few years ago, Internet browsers were widely known to have vulnerabilities that allowed websites the ability to search a user's browsing history.  Websites could use a combination of JavaScript and Cascading Style Sheet (CSS) features to figure out what websites you visited.  In 2010, researchers at the University of California at San Diego found that several pornographic sites would search a user's browser history to see if the user had visited other pornographic sites.  But it wasn't just the porn industry viewing user habits.  These same researchers found several news sites, finance sites, and sports sites doing the same thing. 

Over time, browser security updates were supposed to have fixed these vulnerabilities...and they did for a while.  But recently, security researchers have uncovered new vulnerabilities that allow this behavior once again.  There's a new attack that uses the requestAnimationFrame function to determine how long it takes a browser to render a webpage.  Simply stated, if the page renders quickly, the user has probably visited it before.  You get the idea. 

 

There are ways to work around these browser history vulnerabilities.  The primary workaround is to make sure you never have any browser history.  You can clear all your history when you close your browser (in fact, you can do this automatically on most browsers).  While this might keep someone from knowing your browsing history, it can also prove to be very inconvenient.  After all, if you clear your history...well, you lose your history.  Let's be honest, it's nice to have your browser remember the sites you've visited.  What a pain to reestablish your user identity on all the websites you like to hit, right?

 

So why is your browsing history so interesting?  Many companies want to target you with ads and other marketing initiatives based on your browsing habits.  They also want to sell your browsing habits to other interested parties.  I could also talk about how the government might use this information to spy on help you, but I'll refrain for now. 

Allan Friedman, a research scientist at George Washington University, recently said that websites are very likely searching your browser history to determine the selling price for a particular item.  They might offer you a better deal if they find that you've been shopping their competitors for the same item.  Likewise, they might charge more if they find nothing related to said purchase in your browser history.  Justin Brookman, a director at the Center for Democracy and Technology, echoed this sentiment when he said browsing history could come at a cost.  For example, if you have been shopping on a high-end retail site, you will likely see advertisements for higher priced businesses displayed on your browser.  Another way this could affect your daily life is in the area of smartphone geolocation.  Your smartphone will broadcast location information every few seconds, and businesses can use this information to send marketing emails (coupons, daily deals, etc) when they know you are close by.  Currently, there is no federal law that prohibits this behavior.  As long as businesses aren't lying about what they are doing, it's perfectly legal.

 

Don't be surprised when you conveniently get a "check out our great deals" email from the store you just passed by.  Ours is a really cool, technology-filled world...and it's kind of scary at the same time.

 

 

 

 

 

 

Published Jun 17, 2014
Version 1.0
  • ad targeting is creepy, and a little off when you share the house and internet with a wife and kids. I love it when I start to see lady clothes advertisements when I go on facebook. :)