The Privacy BlogPrivacy, Security, Cryptography, and Anonymity



Lawsuit filed to stop history sniffing

In this post from early 2008 I talked about a technique for detecting what sites you had visited. Almost 3 years later about 66% of users are still vulnerable to this attack according to a study (paper here) from the University of California, San Diego published in October 2010.

This study further showed that this vulnerability is being widely and actively exploited. Of the top 50,000 sites (based on Alexa ranking) 485 access information that could be used to discover browser history and 46 were confirmed to be actually performing this attack. One of those 46 was in the top 100 websites on the Internet (

On December 2, 2010 two Californians filed suit against alleging that they are using this technology to exploit a browser vulnerability to gather private data without disclosing that they were doing so. They are seeking class action status for this suit.

If this succeeds it would set an interesting precedent and open a new path to enforcing privacy rights in the absence of specific legislation.

· · · ·


  • Michael · December 20, 2010 at 4:48 am

    The companies really do not seem to care about all these public discussions about privacy. I think a “self-regulation”, like it was proposed a couple of days ago, will definitely not work if you look at these numbers.


  • N · January 9, 2011 at 5:00 am
    : “The U.S. District Court for the Eastern District of Virginia
    issued a subpoena ordering Twitter Inc. to hand over private
    messages, billing information, telephone numbers and connection
    records of accounts run by Assange and others.” Facebook and Google


    • Author comment by lance · January 9, 2011 at 6:33 am

      It is very likely. If you use the cloud, the information is easy for the authorities to get. If you are not taking care to be anonymous then it is easy to find.

      I avoid the cloud for anything sensitive. I know that I am missing out on some really useful features, but I am willing to make that trade.


  • Skylark · January 21, 2011 at 3:25 pm

    Why not use existing laws and state that your email and your VoIP conversations, etc., are protected as “Intellectual Property?” This would surely be a form of security that may be small, but effectual.


  • N · February 16, 2011 at 6:08 am

    Looks like someone is trying to stop the Government from getting those records:

    “… and the second seeks to overturn a previous court order that requires Twitter to provide information about its users to the government. Defense lawyers say the government’s demand for the records violates First Amendment speech rights and Fourth Amendment privacy rights.”


Leave a Reply