CSS exploit allows detection of social site useMay 29, 2008 – 1:23 PM
Web developer Aza Raskin knows we visit Digg, Del.icio.us, Reddit and Facebook without even having to ask.
No, he isn’t employing privacy violating hackery, but he is exploiting a “cute” information leak in CSS that traditionally displays visited links differently than those that have yet to be visited. By loading in an iframe a list of social site URLs to see which are purple (visited) and blue (not visited), an assumption can be made on what sites to prompt users for submitting a story or blog entry.
Raskin has wrapped this functionality in a script called SocialHistory.js.
By employing this script on a blog, you can avoid showing users the traditional mass of social site icons, only a few of which they probably visit. In addition to the large list of social sites checked by SocialHistory — this includes more than 20 of the most-popular names — you additional ones that might be specific to your needs. For instance, you can check to see if the user has visited other blogs you author.
Raskin says while his script isn’t perfect, “it does get you 80% of the way there.” He also says there is little chance the bug — it’s documented in Bugzilla — will be fixed since it’s a core feature of the Web browser.
Data gleaned from either technique can be used for good or evil. Advertisers can determine if you’ve visited their site lately, and offer related information without the need for additional code on their site.
For now, the use of such browser functionality is left up to the site administrator.
Source: Download Squad