I know where you've been

Reading the site behind the evil evil evil evercookie hack (evil, almost indestructible cookies), I stumbled upon the author's CSS History Knocker code. This is something I'd toyed with in the past but never really came up with something I could apply it to, or a business evil enough to let me try.

The basic idea, articulated by Jeremiah Grossman back in 2006 (I can't remember where I first heard about it), is that browsers expose a piece of privacy data, the history of URLs you have visited. In the old days, links were blue and underlined. Links you had visited were purple and underlined. Along came Cascading Style Sheets and this became something designers could style, so the colours could be anything. Along came widespread and mostly-usable JavaScript, and suddenly you could get hold of that information.

The possibilities of this kind of sneakiness are pretty awesome, and scary.  Let's say you're a bank, you can know which other banks the user has visited, and present your offer with direct comparisons to the offers of other banks the user has visited. If you know the logged-in URL of a competitor, you can tell who of your visitors are your competitor's customers and make offers or inducements specifically for that audience.  Cool.

Of course you plug this kind of thing into an ad network and all kinds of evilness can start to be done.

My demo page

And so I present my edition of the CSS History Knocker.  Chrome seems to have plugged the hole, so try Firefox, Exploder or the Android browser. Haven't tried Safari.
0 responses