The script on YouPorn’s site that checks a user’s history (which you can see for yourself by going to the site and checking out its html with 'View Source')
Nothing new here, this is an old technique that already exploded a while back. The Mozilla team said they would be removing this "security hole", I don't know if they have yet.
What most reporting on it fails to cover is the nature of the "history sniffing". They cannot view your browser history. What they can do is query specific URLs against a black box that either says "yes" or "no" to the question "has this user been to this exact URL at some point in the past?"
So I don't think history sniffing using this method is possible anymore in Chromium. I disappointingly found this out when playing around with facebook history sniffing, so if anyone thinks I'm wrong please let me know!
I've seen this technique used, in conjunction with popular sites that skew heavily male or female, to guess the gender of the user for ad targeting.
I've also seen this technique used on software-as-a-service sites to check for visits to competitors. If the user's already visited a competitor's landing page, an us vs. them feature comparison is shown. If the user's visited a competitor's page that's only accessed by their paying customers, offer them a coupon for switching. If the user has never visited a competitor at all, don't mention any - why educate the user about alternatives?
Using history sniffing to validate the quality of data purchased from BlueKai is a new one to me, but plausible.
Whatever the rationale, it's still a violation of user privacy.
18 comments
[ 2.9 ms ] story [ 55.1 ms ] threadDid Forbes just tell me to go to YouPorn.com? :)
What most reporting on it fails to cover is the nature of the "history sniffing". They cannot view your browser history. What they can do is query specific URLs against a black box that either says "yes" or "no" to the question "has this user been to this exact URL at some point in the past?"
To support your statement, I haven't found anything saying this has been removed.
http://code.google.com/p/chromium/issues/detail?id=56802
So I don't think history sniffing using this method is possible anymore in Chromium. I disappointingly found this out when playing around with facebook history sniffing, so if anyone thinks I'm wrong please let me know!
I've also seen this technique used on software-as-a-service sites to check for visits to competitors. If the user's already visited a competitor's landing page, an us vs. them feature comparison is shown. If the user's visited a competitor's page that's only accessed by their paying customers, offer them a coupon for switching. If the user has never visited a competitor at all, don't mention any - why educate the user about alternatives?
Using history sniffing to validate the quality of data purchased from BlueKai is a new one to me, but plausible.
Whatever the rationale, it's still a violation of user privacy.
pornhub.com
redtube.com
adultfriendfinder.com
xvideos.com
tube8.com
xnxx.com
megaporn.com
megarotic.com
xhamster.com
awempire.com
realitykings.com
brazzers.com
xtube.com
bangbros1.com
fling.com
freeones.com
myfreepaysite.com
debonairblog.com
payserve.com
maxporn.com
videosz.com
aebn.net
pornorama.com