29 March 2017

How websites can find out which other sites you visit

When a web browser renders a page that includes hyperlinks to other pages, one of two different colours is normally used for each link, depending on whether you already have visited the page to which the link points. To make this feature work, the browser needs a history file, in other words a list of all websites you have visited within a certain period. Browsers usually save this file on the local hard disk drive.

The history file can be a privacy threat to you. You probably know that other persons, such as co-workers or family members, could use your web history to gain information on which sites you have visited. However, it is often also possible for web servers to determine whether you have visited a particular page, for example that of a competitor.

This can be done by using CSS styles that e.g. apply a background image to visited links; when the browser displays such a link, it downloads the background image, and this download creates an entry in the server log, from which the web site operator can then retrieve the results. Also, note that if you allow your browser to run scripts (JavaScript, actually ECMAScript), you provide additional options to websites wanting to detect your browsing history.

The method described above does not actually read your history file, but rather asks e.g. "Is www.blogger.com out there? What about www.google.com and www.facebook.com?" and so on. Still, it can be quite effective. The best solution is probably to disable and delete the history file.