We have used a very similar technique since 2003 to help clients know which of their competitors' sites are in a visitor's history. Yes, since 2003. This has worked since then, and longer. There have been occasional papers and occasional examples posted every year, but it seems to be one of those things that is "by design". We've been amazed it (a) wasn't widely reported and (b) wasn't addressed with a GUI privacy option to disable history-styled links [trying to prevent disclosure through blocking the reading of styled side effects is a no-win battle].(We independently discovered the technique while trying to determine alternative methods for storing/retrieving information to/from a browser without using cookies. This method works for that as well. Once we discovered it, we knew what to search for, and found that it was known.)// just noticed mcherm confirms 2002
Btw, the GUI link to disable styling of visible links should go in the same section of prefs as Cookies's "[_] For the original site only". This should say "History privacy": "[X] Show visited links as styled", "[_] For the original site only", then the web can go on working for most people, but safe for those who have concerns.A lot of these (off-site cookies, third party images, gifs in emails) can be used for evil and caused uproars, but now are right there in the browser as prefs. In reality, the spammers and evildoers generally don't use them. It costs a ton of money to crunch data for high volume sites, so any of these types of information tend to only used by sites trying to figure out how to make themselves or their marketing more appealing to you.
Not that Javascript and this exploit are particularily suited for this, but I was thinking about tracking key portions of the site you would like the user to eventually find their way to. If the user has been coming for a bit and hasn't visited a mentionable area, generate a little, "Hey, we have other cool stuff, too!" content and link them to it. Or use server-side s**t I guess. I can't tell if this is a good idea or not :|<a class="user" href="http://www.zestrx.com/product/viagra-professional.html" rel="nofollow">http://www.zestrx.com/product/viagra-professional. ...</a>
tijmenAug 23, 2006
Well, who'll be the first one to combine this thing with the AOL dataset? :) (That would be a crazy large JS btw)
keesjAug 23, 2006
Works in Safari 2.0
skeuomorphAug 24, 2006
We have used a very similar technique since 2003 to help clients know which of their competitors' sites are in a visitor's history. Yes, since 2003. This has worked since then, and longer. There have been occasional papers and occasional examples posted every year, but it seems to be one of those things that is "by design". We've been amazed it (a) wasn't widely reported and (b) wasn't addressed with a GUI privacy option to disable history-styled links [trying to prevent disclosure through blocking the reading of styled side effects is a no-win battle].(We independently discovered the technique while trying to determine alternative methods for storing/retrieving information to/from a browser without using cookies. This method works for that as well. Once we discovered it, we knew what to search for, and found that it was known.)// just noticed mcherm confirms 2002
skeuomorphAug 24, 2006
Btw, the GUI link to disable styling of visible links should go in the same section of prefs as Cookies's "[_] For the original site only". This should say "History privacy": "[X] Show visited links as styled", "[_] For the original site only", then the web can go on working for most people, but safe for those who have concerns.A lot of these (off-site cookies, third party images, gifs in emails) can be used for evil and caused uproars, but now are right there in the browser as prefs. In reality, the spammers and evildoers generally don't use them. It costs a ton of money to crunch data for high volume sites, so any of these types of information tend to only used by sites trying to figure out how to make themselves or their marketing more appealing to you.
stormwaterAug 24, 2006
@FlaG8r: Aaaaaaah. You don't need AJAX for that you moron.
Closed AccountAug 25, 2006
My Safari is up to date -- version 2.0.4 (419.3) -- and it doesn't seem to work in mine.
Closed AccountAug 28, 2006
No Javascript is required to make this work. CSS by using background: url() with the URL of some tracking script is enough.
yenta4shopSep 7, 2008
<a class="user" href="http://www.yenta4shop.co.uk/">http://www.yenta4shop.co.uk/</a><a class="user" href="http://astore.amazon.com/12.volt.battery.charger-20">http://astore.amazon.com/12.volt.battery.charger-2 ...</a><a class="user" href="http://astore.amazon.com/5.gallon.water.bottle-20">http://astore.amazon.com/5.gallon.water.bottle-20</a><a class="user" href="http://astore.amazon.com/aerobed.raised-20">http://astore.amazon.com/aerobed.raised-20</a><a class="user" href="http://astore.amazon.com/bug.zapper-20">http://astore.amazon.com/bug.zapper-20</a><a class="user" href="http://astore.amazon.com/flowtron.insect.killer-20">http://astore.amazon.com/flowtron.insect.killer-20</a><a class="user" href="http://astore.amazon.com/furniture.chaise.lounge-20">http://astore.amazon.com/furniture.chaise.lounge-2 ...</a><a class="user" href="http://astore.amazon.com/inflatable.bed-20">http://astore.amazon.com/inflatable.bed-20</a><a class="user" href="http://astore.amazon.com/steam.cleaner.mop-20">http://astore.amazon.com/steam.cleaner.mop-20</a>
diggwebqMar 17, 2009
Not that Javascript and this exploit are particularily suited for this, but I was thinking about tracking key portions of the site you would like the user to eventually find their way to. If the user has been coming for a bit and hasn't visited a mentionable area, generate a little, "Hey, we have other cool stuff, too!" content and link them to it. Or use server-side s**t I guess. I can't tell if this is a good idea or not :|<a class="user" href="http://www.zestrx.com/product/viagra-professional.html" rel="nofollow">http://www.zestrx.com/product/viagra-professional. ...</a>