Huh? Seriously, that class of attacks is ancient! I mean, I'm just a punter, and I recall playing with that years ago.
https://www.ghacks.net/2018/11/04/browser-history-sniffing-is-still-a-thing/ In the comments we recommend: layout.css.visited_links_enabled set to false This setting also in Pale Moon is set to "true" by default.
They gonna see my porn fetish stuff Personally, I browse with JS disabled by default, and only enable it on sites where JS is absolutely needed to load the content. Same goes for cookies. I only keep cookies on sites which I need to be logged in, or sites which won't load without enabling cookies, in which case I use "clear on exit" option for the cookies A temporary bandaid for this is to simply browse non-trusted sites in incognito mode, so no history will be seen. Ctrl + Shift + N is a quick shortcut for that. Then again, I highly doubt these techniques are used much in the wild, and if they are, I imagine the scripts will be blocked soon enough by various filters, just like those coin miners and other bad scripts
The principle of this attack is indeed old. I think what's new is the rate at which sniffing is performed (the linked page talks about 6000 sites/s).
Changed the setting: "layout.css.visited_links_enabled" to "false" in New Moon; Basilisk, Firefox 52 ESR. This setting is also recommended on line 0805 of Ghacks User.js v.52: https://github.com/ghacksuserjs/ghacks-user.js/releases Comment by Moonchild: https://forum.palemoon.org/viewtopic.php?f=4&p=155514&sid=8420b82f982074de2a1f4bea60703011#p155514
I think that the Tor Browser compared favourably in that research can be attributed to its Cross-Origin Identifier Unlinkability. This is what is called First-Party Isolation in Firefox. Hence, enabling FPI in Firefox shoulld mitigate this threat.
The researchers write that the remedy mentioned: "layout.css.visited_links_enabled" set to "false" that should solve the problem in reality does not solve it. It's a bug.
Please elaborate why. (proof) EDIT: I mean, you are saying you know more than the researchers who just ended their research. Do you understand?
thanks for the paper so deleting history + specialized tools do nothing to prevent this? it should work right? even the classical ctrl+shift+delete for chrome is sufficient? the only thing is that google would still keep track of your history forever and ever, but they are building an AI so let them have it I always thought the tracking of history is extremely useful for spear fishing or fishing emails with malicious links techniques
