New browser history exploit could expose user data
The Big Brother implications are numerous. Imagine online retailers looking to see which of their competitors you may have shopped with (or at least searched for), an insurance company looking at what medical terms you’ve looked for, or indeed any phisher or spammer getting a better picture of your lifestyle by what you’ve searched for online.
It’s said to work because search engines have their own set way of forming web queries (look in the address bar when you’ve done a Google search and you’ll see) By default, that gets stored in your browser history just like the pages you visit, until it’s automatically or manually cleared.
Vnunet.com has spoken with a representative at security firm Spi Dynamics, who have created a ‘proof of concept’ site that you can use to check if you might be vulnerable to this exploit.
Though the legal status of this is unclear, it does sound very dodgy. Effectively it’s someone snooping on your browser history.
Billy Hoofman of Spi Dynamics said that if a marketer had got hold of the technique, they would be unlikely to disclose its use. Most users would remain unaware of it, as well, as you’d probably have to search the source code and it could conceivably be masked in some way. Maybe we’ll be able to see if it spreads with Google Code.
It’ll be interesting to see if anything comes of this. For the moment, if you’ve searched for anything sensitive, clear out your browser history. Might be a pain if you like to see what you’ve visited recently, but could maintain some of your privacy.
For the in-depth report, read this excellent PDF