(Of course, if chrome/IE/safari/opera haven’t applied similar solutions, the majority of web users may still be vulnerable. And then there are the people who don’t bother to update their browsers…)
I’d like to make a proof of concept that doesn’t require any user interaction. A hands-off version with a larger list of sites would make for a much more alarming (and realistic) demo of the exploit — especially since any ethically-challenged website could use this trick without their visitors’ consent (or knowledge), and some probably do.
I haven’t heard of a way to disable :visited. It should be possible, but the only ways around it that I know of are turning off/clearing all your history, or disabling CSS — neither of which are realistic solutions.
[Comment removed by author]
No longer true?
https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector
[Comment removed by author]
yes has it is a major privacy concern, all major browser does it
I sit corrected!
(Of course, if chrome/IE/safari/opera haven’t applied similar solutions, the majority of web users may still be vulnerable. And then there are the people who don’t bother to update their browsers…)
I’d like to make a proof of concept that doesn’t require any user interaction. A hands-off version with a larger list of sites would make for a much more alarming (and realistic) demo of the exploit — especially since any ethically-challenged website could use this trick without their visitors’ consent (or knowledge), and some probably do.
I haven’t heard of a way to disable :visited. It should be possible, but the only ways around it that I know of are turning off/clearing all your history, or disabling CSS — neither of which are realistic solutions.
O̶b̶v̶i̶o̶u̶s̶l̶y̶ ̶t̶h̶e̶ ̶b̶r̶o̶w̶s̶e̶r̶s̶ ̶h̶a̶v̶e̶n̶’̶t̶ ̶d̶o̶n̶e̶ ̶m̶u̶c̶h̶ ̶a̶b̶o̶u̶t̶ ̶i̶t̶,̶ ̶s̶i̶n̶c̶e̶ ̶i̶t̶ ̶s̶t̶i̶l̶l̶ ̶w̶o̶r̶k̶s̶ ̶t̶h̶r̶e̶e̶ ̶y̶e̶a̶r̶s̶ ̶l̶a̶t̶e̶r̶.̶