18 comments

[ 2.9 ms ] story [ 55.1 ms ] thread
The script on YouPorn’s site that checks a user’s history (which you can see for yourself by going to the site and checking out its html with 'View Source')

Did Forbes just tell me to go to YouPorn.com? :)

Why yes, it did. You seem a little prudish for someone who goes by the moniker of Mr Goatse.
Nothing new here, this is an old technique that already exploded a while back. The Mozilla team said they would be removing this "security hole", I don't know if they have yet.

What most reporting on it fails to cover is the nature of the "history sniffing". They cannot view your browser history. What they can do is query specific URLs against a black box that either says "yes" or "no" to the question "has this user been to this exact URL at some point in the past?"

Here's Mozilla's linked post on this, from March of this year - http://blog.mozilla.com/security/2010/03/31/plugging-the-css...

To support your statement, I haven't found anything saying this has been removed.

The styling of a:visited elements seems to have been removed in Chromium, there's some discussion of this here:

http://code.google.com/p/chromium/issues/detail?id=56802

So I don't think history sniffing using this method is possible anymore in Chromium. I disappointingly found this out when playing around with facebook history sniffing, so if anyone thinks I'm wrong please let me know!

I've seen this technique used, in conjunction with popular sites that skew heavily male or female, to guess the gender of the user for ad targeting.

I've also seen this technique used on software-as-a-service sites to check for visits to competitors. If the user's already visited a competitor's landing page, an us vs. them feature comparison is shown. If the user's visited a competitor's page that's only accessed by their paying customers, offer them a coupon for switching. If the user has never visited a competitor at all, don't mention any - why educate the user about alternatives?

Using history sniffing to validate the quality of data purchased from BlueKai is a new one to me, but plausible.

Whatever the rationale, it's still a violation of user privacy.

(comment deleted)
I didn't need to imagine a porn site sniffing anything thank you.
These are the 23 sites that YouPorn is checking for:

pornhub.com

redtube.com

adultfriendfinder.com

xvideos.com

tube8.com

xnxx.com

megaporn.com

megarotic.com

xhamster.com

awempire.com

realitykings.com

brazzers.com

xtube.com

bangbros1.com

fling.com

freeones.com

myfreepaysite.com

debonairblog.com

payserve.com

maxporn.com

videosz.com

aebn.net

pornorama.com

Thanks for the links.
my fav use of this: http://didyouwatchporn.com/ esp the viral part where you can get a report from all your friends.
Totally broken for me. Says I didn't watch pr0n. oops!
"Porn enthusiasts" is quite a descriptor.
Perhaps "aficionado" would be better, you know, for classy porn.