>I thought that browser venders we're having the :visited selector lie to you wh... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

anon1385 on July 18, 2015 | parent | context | favorite | on: Unsanctioned Web Tracking

>I thought that browser venders we're having the :visited selector lie to you when you call getComputedStyle on them?

It's possible to probe the users history even though getComputedStyle doesn't give it away anymore.

See page 6 of this article: http://www.contextis.com/documents/2/Browser_Timing_Attacks....

Obviously turning off Javascript prevents these types of things to some extent, but even then there are ways: https://www.nds.rub.de/media/nds/veroeffentlichungen/2014/07...

The web is just not designed with preventing information leaks in mind.

jtuchsen on July 20, 2015 [–]

Interesting papers, thanks for calling my attention to them. They made me paranoid enough to disable the styling of visited links in Firefox to prevent the large amount of timing attacks that are possible.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact