Feasibility and Real-World Implications of Web Browser History Detection

Date Added: May 2010
Format: PDF

Analyzing history detection techniques based on Cascading Style Sheets (CSS) and their impact on internet users has widespread effects. History detection is a consequence of an established and ubiquitous W3C standard and has become a common tool employed in privacy research and as such has important implications for the privacy of Internet users. Full understanding of the implementation, performance, and browser handling of history detection methods is thus of high importance to the security community. The research describes a basic cross-browser implementation of history detection in both CSS and JavaScript and analyzes Web browser behavior for content returned with various HTTP response codes and as frames or iframes. It provides an algorithm for efficient examination of large link sets and evaluates its performance in modern browsers. Compared to existing methods this approach was found to be up to six times faster, and also was able to detect up to 30,000 links per second in recent browsers on modern consumer-grade hardware. The study also provides and analyzes results from existing testing system, gathered from total number 271,576 of users. The results indicate that at least 76% of Internet users are vulnerable to history detection and also proves that CSS-based history detection does work in practice on a large scale, can be realized with minimal resources and is of great practical significance.