Waterloo – The majority of people consider browser history to be private, but that is no longer the case. Any website you visit can determine your browser history by exploiting the very features designed to enhance your Internet experience, a fact many people are not aware of.
Web2.0collage.com is a new site designed to illustrate how easily browser history can be sniffed by compiling a list of popular (and safe for work) websites illustrating which ones the user has visited. Once this list has been compiled it is used to produce a visual collage representative of the user’s browser history, providing an artful reminder to all who visit that their private history really isn’t all that private.
The first version of Web2.0collage.com was created in a weekend by Holden Karau (a.k.a. pantsd), a University of Waterloo student. What started as a quick hack to learn new programming techniques quickly gained momentum as interest in the privacy implications of the project spread by way of Slashdot. The University of Waterloo Computer Science Club (CSC) graciously provides the computing resources necessary to keep Web2.0collage.com online. As traffic to the site increased Anthony Brennan (a.k.a. hatguy), a fellow student and CSC sysadmin, quickly offered to help resolve critical scalability issues resulting from the crushing load of curious users. For the technically inclined the source code is made available for review under the terms of the AGPL.
“This new site continues the long-standing tradition of using art to raise public awareness regarding contemporary social issues,” said Holden Karau, developer of Web2.0collage.com and a University of Waterloo computer science student. “Since browser history sniffing, which can be used to determine the websites a person has visited, is easily accomplished without the users knowledge or consent, the potential implications surrounding this loss of privacy are frightening.”
There are a number of scary applications of this technology, such as:
- Internet fraudsters can tailor their “phishing” (where they attempt to steal account and often financial information) based on which bank site you use
- Increasingly oppressive regimes can covertly observe the browser history of their citizens and us it to crack down on journalists, or citizens viewing independent media
- Job application sites could silently disqualify candidates based on their surfing habits
- Employers could use it to see which employees have been visiting job sites
- Insurers could raise premiums based on sites you visit
- Unscrupulous online merchants could dynamically shift prices on goods using demographic profiles constructed from browsing histories.