Salut les kids : je vous joins le lien, avec l'email d'explication qui
va bien, d'un truc q'un colleque du bureau a fait, qui utilise la
possisbilite de formater des liens differements selons qu'ils aient
ete visite ou pas pour determiner les pages de la wikipedia que vous
avez visitees (parce que leurs URL sont standard )
J'ai trouve ca impressionnant (et flippant)
Hi Trash,
I've been experimenting with the css history “feature” that allows the
browser to style links differently depending upon whether they've been
visited or not. By styling visited links differently it is possible for
javascript, and hence the server, to detect whether a web browser has an
arbitrary url in its history.
There are a very large number of possible urls, so trying to discover
the browser's history by random guessing doesn't get very far, and isn't
usually personally revealing.
However, sites like wikipedia have a standard url structure and
statistics about the links between pages and the page popularity. So
it's possible to iteratively guess which pages a user will have been to
based upon what pages you have previously discovered in the browser
history, and so discover more of the wikipedia browsing history.
I've created a proof of concept of this here (WARNING, if there are
items in your wikipedia history that you don't want revealed don't go to
this link):
If anyone would like to test it out, that would be useful as I'm trying
to gather statistics about how quickly links can be discovered.
Currently the webpage takes about 10 minutes to cycle through the top
500000 wikipedia pages, and check the pagelinks from any pages it finds
in the browser history.
If you want to try it out, I'd recommend using Chrome rather than
firefox, it slows down firefox and makes firebug debugging difficult.
And if it doesn't find any links, try going to wikipedia and clicking
around some popular pages.
If you're interested in the browser history hack here are some prior
examples, the innovative feature of this project is that it iteratively
searches for the browser history:
http://ha.ckers.org/blog/20070228/steal-browser-history-without-javascript/
http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html
http://linuxbox.co.uk/stealing-browser-history-with-javascipt-and-css.php