Remote removal of information about visited pages
Security experts pay attention to one of the most familiar and natural functions of the browser: information about visited links in the browser. As you know, after visiting the link and reloading the page, the link changes color. So, this information can be very easily removed using a special script . The danger of such an attack is often underestimated.
The site owner can easily see which links you have visited before. To do this, it can even specifically embed invisible links on the page, removing the information script. For example, he can check whether you went to a competitor's site, mark this fact in cookies and even change the content of the site for you accordingly. Of course, this is a clear violation of privacy. And it’s even more unpleasant to know that anyone can find out private information about you so easily. The developers of Mozilla drew attention to this danger back in 2002, but did not think of what can be done.
Of course, no one disputes the convenience of the function for the user himself. In fact, we all got used to it for a long time. In addition, site owners can apply fantasy and use remote data acquisition from another browser to better filter their content. For example, you can not put buttons on some social sites, if the user has already followed these links. But even in this case, the legality of such actions is questionable.
To reliably protect against such an attack, you can install a special plugin for Firefox.
The site owner can easily see which links you have visited before. To do this, it can even specifically embed invisible links on the page, removing the information script. For example, he can check whether you went to a competitor's site, mark this fact in cookies and even change the content of the site for you accordingly. Of course, this is a clear violation of privacy. And it’s even more unpleasant to know that anyone can find out private information about you so easily. The developers of Mozilla drew attention to this danger back in 2002, but did not think of what can be done.
Of course, no one disputes the convenience of the function for the user himself. In fact, we all got used to it for a long time. In addition, site owners can apply fantasy and use remote data acquisition from another browser to better filter their content. For example, you can not put buttons on some social sites, if the user has already followed these links. But even in this case, the legality of such actions is questionable.
To reliably protect against such an attack, you can install a special plugin for Firefox.
')
Source: https://habr.com/ru/post/27682/
All Articles