Browser History Sniffing and Other Tracking Techniques
Sometimes the desire to contextualize content delivery can go too far and can be used for malicious purposes. Here's how to block browser history sniffing, cache timer attacks, and Adobe Flash offsite cookie storing.
Improving user experience is an important aspect of website content delivery and advertising (which enables the vast majority of content on the Web to be offered free of charge). But sometimes, the desire to contextualize content delivery can go too far - and it can even be used for malicious purposes.
For example, successful browser history sniffing can let a phisher know exactly which banking and ecommerce sites you use, enabling criminals to target phishing scams specific to those sites. Following are three examples of techniques that may be used to track where you've been online, and tips to protect against these.
Browser History Sniffing
By default, links change color when you have visited them. Browser history sniffing compares the link colors of links in your history folder to a master list of links (and their default non-visited colors) maintained by the website operator. A color mismatch indicates a particular site has been visited. Clearing your browser history can help prevent browser history sniffing. If clearing and keeping your browser history set to zero isn't an option, you can change how Internet Explorer and Firefox handle visited link colors.
How to Prevent Link Color History Sniffing in Internet Explorer How to Prevent Link Color History Sniffing in Firefox
Cache Timer Attacks
Each time you visit a website, the browser stores a local copy of the files accessed on that site.
This cache (pronounced 'cash') helps speed up performance and make subsequent visits to the site even faster because these cached files can now be loaded directly from your hard drive instead of via the Internet. The amount of time it takes a website file to load can thus be an indication of whether or not the user visited a particular site. For example, Site B wants to know whether a visitor also visited Site A. So when a visitor surfs to Site B, Site B also loads a file that belongs to Site A. Based on how long it takes the Site A file to load, the tracker can determine whether it was loaded locally (from the user's cache) or from the original site. If the time indicates it was loaded locally, the tracker (Site B) knows you have visited Site A in the past.
How to Prevent Cache Timer Attacks in Internet Explorer How to Prevent Cache Timer Attacks in Firefox
Adobe Flash Cookies
Adobe Flash cookies work through the ubiquitous Adobe Flash and enables any of Adobe's partners to set global cookies that are maintained on Adobe's servers instead of your own computer. Adobe Flash cookie partners includes sites such as Microsoft, Weather.com, Paypal, eWeek, Flickr and many others. This means that no matter how, or how often, you try to delete your cookies, just having Adobe Flash installed negates that effort. To delete or deny these offsite cookies, you will need to visit the Adobe Flash Player Settings Manager site, click Website Privacy Settings Panel, delete the 'Visited Websites' list and then select 'Always Deny' (or 'Always Ask' to choose on a case-by-case basis). It's worth noting that having Adobe Flash installed also enables websites to access your webcam and microphone settings; while you're at the Adobe Flash Player Settings Manager, you can block this unauthorized access as well.
Improving user experience is an important aspect of website content delivery and advertising (which enables the vast majority of content on the Web to be offered free of charge). But sometimes, the desire to contextualize content delivery can go too far - and it can even be used for malicious purposes.
For example, successful browser history sniffing can let a phisher know exactly which banking and ecommerce sites you use, enabling criminals to target phishing scams specific to those sites. Following are three examples of techniques that may be used to track where you've been online, and tips to protect against these.
Browser History Sniffing
By default, links change color when you have visited them. Browser history sniffing compares the link colors of links in your history folder to a master list of links (and their default non-visited colors) maintained by the website operator. A color mismatch indicates a particular site has been visited. Clearing your browser history can help prevent browser history sniffing. If clearing and keeping your browser history set to zero isn't an option, you can change how Internet Explorer and Firefox handle visited link colors.
Cache Timer Attacks
Each time you visit a website, the browser stores a local copy of the files accessed on that site.
This cache (pronounced 'cash') helps speed up performance and make subsequent visits to the site even faster because these cached files can now be loaded directly from your hard drive instead of via the Internet. The amount of time it takes a website file to load can thus be an indication of whether or not the user visited a particular site. For example, Site B wants to know whether a visitor also visited Site A. So when a visitor surfs to Site B, Site B also loads a file that belongs to Site A. Based on how long it takes the Site A file to load, the tracker can determine whether it was loaded locally (from the user's cache) or from the original site. If the time indicates it was loaded locally, the tracker (Site B) knows you have visited Site A in the past.
Adobe Flash Cookies
Adobe Flash cookies work through the ubiquitous Adobe Flash and enables any of Adobe's partners to set global cookies that are maintained on Adobe's servers instead of your own computer. Adobe Flash cookie partners includes sites such as Microsoft, Weather.com, Paypal, eWeek, Flickr and many others. This means that no matter how, or how often, you try to delete your cookies, just having Adobe Flash installed negates that effort. To delete or deny these offsite cookies, you will need to visit the Adobe Flash Player Settings Manager site, click Website Privacy Settings Panel, delete the 'Visited Websites' list and then select 'Always Deny' (or 'Always Ask' to choose on a case-by-case basis). It's worth noting that having Adobe Flash installed also enables websites to access your webcam and microphone settings; while you're at the Adobe Flash Player Settings Manager, you can block this unauthorized access as well.
Source...