Feasibility and Real-World Implications of Web Browser History Detection

Browser history detection through the Cascading Style Sheets visited pseudoclass has long been known to the academic se- curity community and browser vendors, but has been largely dismissed as an issue of marginal impact. In this paper we present several crucial real-world consid- erations of CSS-based history detection to assess the feasi- bility of conducting such attacks in the wild. We analyze Web browser behavior and detectability of content returned via various protocols and HTTP response codes. We develop an algorithm for ecient examination of large link sets and evaluate its performance in modern browsers. Compared to existing methods our approach is up to 6 times faster, and is able to detect as many as 30,000 links per second in recent browsers on modern consumer-grade hardware. We present a web-based system capable of eectively de- tecting clients' browsing histories and categorizing detected information. We analyze and discuss real-world results ob- tained from 271,576 Internet users. Our results indicate that at least 76% of Internet users are vulnerable to history de- tection; for a test of most popular Internet websites we were able to detect, on average, 62 visited locations. We also demonstrate the potential for detecting private data such as zipcodes or search queries typed into online forms. Our results conrm the feasibility of conducting attacks on user privacy using CSS-based history detection and demonstrate that such attacks are realizable with minimal resources.