YouPorn, Perez Hilton Exploit Bug to Obtain Your Browsing History
The bug extracts browsing information via a color-changing mechanism that many browsers use to mark sites that you've already visited. A script on YouPorn, for example, would exploit the privacy leak to check which other links to porn sites have already been changed to purple (meaning that you've already clicked on them). "Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows," the researchers wrote [PDF].
Forbes's Kashmir Hill investigated the sites mentioned in the paper, and discovered that some, including YouPorn and PixMac, had created the code themselves. Others, meanwhile, seemed to obtain it from third-party developers. Hill's trail ultimately led to three advertising networks, including one called Interclick. "Interclick purchases anonymous audience data from several vendors for the purpose of targeting advertising campaigns," the company said in a statement provided to Forbes. "Consequently, it has a number of quality control measures in place to understand the quality and effectiveness of this data. The code observed in the paper was a quality measure being tested."
A spokesman for Morningstar, a finance site cited in the paper, insists that the company was unaware that Interclick had gathered user information via the script. In that particular case, the code automatically scanned a visitor's browsing history for any car sites he or she had previously visited. Interclick, however, says that the test was unsuccessful, and that it stopped running the script in October.
Researchers insist, though, that their findings underscore a "pressing need to devise flexible, precise and efficient defenses" against such history-hijacking practices. Fortunately, not all browsers are vulnerable to the bug. Chrome and Safari, for example, automatically guard against it, as does the latest version of Firefox. Internet Explorer, on the other hand, is still susceptible, but users can protect themselves by activating a feature called InPrivate Browsing.