Corpus ID: 15710234

Feasibility and Real-World Implications of Web Browser History Detection

@inproceedings{Janc2010FeasibilityAR,
  title={Feasibility and Real-World Implications of Web Browser History Detection},
  author={A. Janc and ukasz Olejnik},
  year={2010}
}
  • A. Janc, ukasz Olejnik
  • Published 2010
  • Browser history detection through the Cascading Style Sheets visited pseudoclass has long been known to the academic security community and browser vendors, but has been largely dismissed as an issue of marginal impact. In this paper we present several crucial real-world considerations of CSS-based history detection to assess the feasibility of conducting such attacks in the wild. We analyze Web browser behavior and detectability of content returned via various protocols and HTTP response codes… CONTINUE READING
    32 Citations

    Figures and Tables from this paper

    Toward Exposing Timing-Based Probing Attacks in Web Applications †
    • 7
    • PDF
    Scriptless Timing Attacks on Web Browser Privacy
    • 17
    • PDF
    Survey on JavaScript security policies and their enforcement mechanisms in a web browser
    • 46
    • PDF
    Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers
    • PDF
    An empirical study of privacy-violating information flows in JavaScript web applications
    • 182
    • PDF
    Detecting and Defending Against Third-Party Tracking on the Web
    • 368
    • PDF
    Veil: Private Browsing Semantics Without Browser-side Assistance
    • 2
    • PDF
    RePriv: Re-Envisioning In-Browser Privacy
    • 51
    • PDF
    Fingerprinting Information in JavaScript Implementations
    • 127
    • PDF

    References

    SHOWING 1-10 OF 11 REFERENCES
    Protecting browser state from web privacy attacks
    • 223
    • PDF
    Timing attacks on Web privacy
    • 305
    • PDF
    Privacy-Preserving History Mining for Web Browsers
    • 8
    • PDF
    Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks
    • 20
    A Practical Attack to De-anonymize Social Network Users
    • 345
    • PDF
    Cascading style sheets
    • 42
    Social phishing
    • 627
    • PDF
    Thorsten Holz
    • A practical attack to de-anonymize social network users, ieee security and privacy. In IEEE Security and Privacy, Oakland, CA, USA
    • 2010
    Preventing attacks on a user’s history through css :visited selectors
    • http://dbaron.org/mozilla/visited-privacy
    • 2010
    Browser security handbook
    • part 2. http://code.google.com/p/browsersec/wiki/Part2
    • 2009