In this post from early 2008 I talked about a technique for detecting what sites you had visited. Almost 3 years later about 66% of users are still vulnerable to this attack according to a study (paper here) from the University of California, San Diego published in October 2010. This study further showed that this vulnerability is being widely and actively exploited. Of the top 50,000 sites (based on Alexa ranking) 485 access information that could be used to discover browser history and 46 were confirmed to be actually performing this attack. One of those 46 was in the top 100 websites on the Internet (youporn.com).

On December 2, 2010 two Californians filed suit against youporn.com alleging that they are using this technology to exploit a browser vulnerability to gather private data without disclosing that they were doing so. They are seeking class action status for this suit.

If this succeeds it would set an interesting precedent and open a new path to enforcing privacy rights in the absence of specific legislation.