Skip to Content

Learn about Chevy's new hybrid from AutoblogGreen!
AOL Tech

Filed under: Design, Developer, Web services

CSS exploit allows detection of social site use

by Patrick Beeson May 29th 2008

Web developer Aza Raskin knows we visit Digg, Del.icio.us, Reddit and Facebook without even having to ask.

No, he isn't employing privacy violating hackery, but he is exploiting a "cute" information leak in CSS that traditionally displays visited links differently than those that have yet to be visited. By loading in an iframe a list of social site URLs to see which are purple (visited) and blue (not visited), an assumption can be made on what sites to prompt users for submitting a story or blog entry.

Raskin has wrapped this functionality in a script called SocialHistory.js.

By employing this script on a blog, you can avoid showing users the traditional mass of social site icons, only a few of which they probably visit. In addition to the large list of social sites checked by SocialHistory -- this includes more than 20 of the most-popular names -- you additional ones that might be specific to your needs. For instance, you can check to see if the user has visited other blogs you author.

Raskin says while his script isn't perfect, "it does get you 80% of the way there." He also says there is little chance the bug -- it's documented in Bugzilla -- will be fixed since it's a core feature of the Web browser.

This script is similar to examples put together by Web technologist Niall Kennedy to evaluate links on a page. Kennedy also mentions another method of testing a known set of links against the current visitor's browser history using JavaScript.

Data gleaned from either technique can be used for good or evil. Advertisers can determine if you've visited their site lately, and offer related information without the need for additional code on their site.

Privacy is a concern with Raskin and Kennedy's scripts for many users. Unfortunately, in the case of the CSS exploit there isn't much that can be done aside from turning off JavaScript, which will effectively disable either method. Unfortunately, this will also degrade your browsing experience however, and render many common Web apps useless.

For now, the use of such browser functionality is left up to the site administrator.

[Via Webmonkey]

Tags: browser, css, javascript, socialnetworking

Relevant Posts

Reader Comments (Page 1 of 1)

Featured Time Waster

Build the highest tower with 99 Bricks - Time Waster

Wrapping your mind around a simple game like 99 Bricks is harder than you might imagine. The object of the game is to build the highest possible tower using only 99 pieces. Sounds easy enough, but you're playing with Tetris pieces and distinctly non-Tetris physics. If you screw up, you don't just leave gaps that you could have used to score points, you cause your whole tower to wobble and collapse.

Pieces also don't lock to a grid in 99 Bricks, the way they do in Tetris. You can wind up with pieces slanted diagonally, and there's an edge of the board that your toppled bricks can fall off of. 99 Bricks is kind of like Jenga, in that it's almost as satisfying to watch your tower crumble as it is to play seriously. Once you get the hang of the way the pieces behave, it's an addictive little game.

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Cooking Mama: Mama Kills Animals
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
SXSWi 2008 Schwag Unboxing
SXSWi 2008 Day 1
Mozilla Birthday Cake
Palm stuff
Adobe Lightroom 1.1

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

Most Commented On (7 days)

Recent Comments

BloggingStocks Tech Coverage

More Tech Coverage

Weblogs, Inc. Network