I don't have history enabled and I bet most others here don't either. What scares me here is the "browser sniffing," if a site can sniff out history, can it sniff out login cookies? For example, if you are logged into an email account or Paypal or even something less secure like a forum in one window, and a site that sniffs in another window, could it grab the login cookie and jack your account?
I never really understood this stuff. I see that Ghostery has the ability to block tracking cookies, but I thought that disabling third party cookies inside the browser was enough?
Let's continue off-topic discussion at Do browsers allows pages loaded on one tab to access/intercept/inject data in other tabs?
I think the root issue would be that browsing habits... patterns... are useful for tracking/identifying individuals. IOW, you can fingerprint individuals based on what websites they visit, at what times, for how long, etc. That information can be read from the client side storage known as browser history. However, it can to some extent also be collected and tracked externally. By routers than see your traffic, by DNS servers, by URL checkers, by ad/analytics servers that have hooks on many websites, by CDNs that host content for many sites, etc.
To What Extent does an Attacker Have Access to the Browser History through the CSS Pseudoclass :visited Styles?
There's a demonstration at Using CSS :visited to steal your history (again, zzzz...) that tests if you've visited certain websites. It was accurate for me using Firefox in the two cases that I tried - CNN and Best Buy.
Search for articles on the subject. History logging has moved upstream. At least in the USA (probably worldwide) our ISPs are logging/monitoring and hope to monetize patterns evident in our individual histories. I believe the status quo has become VPN + encrypted DNS... or bust.
You don't need encrypted DNS. Just make sure that DNS lookup is done through the VPN, ideally by the VPN's DNS proxy, which has a private (non-routable) VPN tunnel IP.
How about: Even in the absence of your browsing history, your typing habits ( each time you use the conveniently-provided inbuilt autocomplete functionality of the browser's AWESOMEbar ) are totally unique, like DNA
No, I believe the poster was referring to DNSCrypt as encrypted DNS. I likewise don't see a point to using DNSCrypt with OpenVPN
If you're routing DNS lookups through the VPN, it might be more secure to use DNSCrypt with suitable DNS servers, rather than using the VPN provider's DNS proxy. But it does bring third-party DNS servers into the mix. Which is best depends on how your VPN provider handles DNS security. However, just using DNSCrypt without routing DNS lookups through the VPN, you're clearly bringing a third party into the mix. In that case, both the VPN provider and DNS servers know your IP address, and see what websites you visit. That's clearly less secure than routing DNS lookups through the VPN.
My earlier post contained a typo (omission). What I had intended to type was: VPN or httpsEverywhere + encrypted DNS Said differently: connect via a VPN, else employ httpsEverywhere + encrypted DNS in order to thwart history fingerprinting/profiling by ISP. In any event, I'll defer to mirmir's expertise on the subject. mirmir, about "bringing a third party into the mix" I hear ya, but some VPN providers are touting encrypted DNS as a separate, value-added, feature of their service. Example: goldenfrog.com/vyprvpn/features/vyprdns
I use Sandboxie and I delete the sandbox after every session. If I login to my yahoo account that is attached to my facebook account, I delete the sandbox and I have Eraser configured to wipe everything. So there is nothing to be read when I open the sandboxed browser again and login to another site.