Determining the state of a link

[Razzbar]

Is there any to tell via javascript the "state" of a link? I mean, I'd
like to be able to tell if a link has been followed or not.

(hehe, I can hear shrill crys of "privacy!" in the distance...)

 

[Lee]

Razzbar said:

Is there any to tell via javascript the "state" of a link? I mean, I'd
like to be able to tell if a link has been followed or not.

(hehe, I can hear shrill crys of "privacy!" in the distance...)

Fortunately, browser authors generally have more respect for those
"shrill cries" than you do, so no, you can't fill a page with links
to porn sites and build up a database of which I've visited.

 

[Matt Kruse]

Fortunately, browser authors generally have more respect for those
"shrill cries" than you do, so no, you can't fill a page with links
to porn sites and build up a database of which I've visited.

On the contrary, it most certainly can be done, for a subset of users with
browsers which support CSS and the necessary scripting capabilities.

See: http://www.mattkruse.com/temp/link_check.html

This is, as far as I'm concerned, a privacy vulnerability.

I could easily add a script to a site which checks hundreds of URLs to
"profile" my visitors without their knowledge, and submit that data back to
the server for storage and analysis.

 

[Lasse Reichstein Nielsen]

On the contrary, it most certainly can be done, for a subset of users with
browsers which support CSS and the necessary scripting capabilities.

See: http://www.mattkruse.com/temp/link_check.html
Ingenious.

This is, as far as I'm concerned, a privacy vulnerability.

At least it seems Opera 8 is not affected. It always returns the color
of a non-visited link. It works for both IE and FireFox, though, and
I agree it's a privacy vulnerability worth reporting.

/L

 

[Grant Wagner]

At least it seems Opera 8 is not affected. It always returns the color
of a non-visited link. It works for both IE and FireFox, though, and
I agree it's a privacy vulnerability worth reporting.

Maybe it's time to start using a user defined stylesheet. Create a file
called userContent.css, put it in your Gecko-based browser's
{profile}/chrome directory (Documents and Settings\<user>\Application
Data\Mozilla\Firefox\Profiles\default.xyz\chrome in Windows 2000 and
Windows XP). Make sure userContent.css contains:

a{ color: Blue ! important; }
a:visited { color: Red ! important; }

In IE:
- Tools > Internet Options > General tab > Accessibility
- Check User style sheet
- Browse for userContent.css

The above methods appears to work in IE, even if the site author
includes ! important in his CSS for links. I didn't test it in Firefox.

Actually, I'm not that paranoid, but for those that are, there appears
to be a way to mitigate the privacy issues without having to switch
browsers.

 

[Matt Kruse]

Actually, I'm not that paranoid, but for those that are, there appears
to be a way to mitigate the privacy issues without having to switch
browsers.

Yeah, I don't think it's that big of a deal. The potential exploits would be
complicated and really not that big of a deal anyway. It's more of a
curiosity than a real concern, for me.

Possible 'exploits' might include:

- Checking popular banking sites to see which bank the user might use

- Checking weather.com URLs for every zip code and possibly finding out the
zip code of the user

- Checking competitor URLs to see if the user has been there recently, and
displaying targetted advertising based on that fact.

- When displaying ads, checking to see if the user has already clicked on
the ad. If they have, display a different one instead.

etc.

I was wondering if there was a way to form URL's that would point to objects
on the filesystem in IE. For example, a URL that points to Excel. By
checking that, you could tell if the user has Excel installed in that
location. But, I don't think people run stuff from within IE. I didn't know
what else along the same lines might be possible.

To me, the "fix" would seem to be that browsers never report the styles
applied by :visited styles. Instead, fall back to the default style for the
<a> tag. That might be complicated, though, and I don't think it would be
high on anyone's priority list.

 

[Razzbar]

Razzbar said:

Fortunately, browser authors generally have more respect for those
"shrill cries" than you do, so no, you can't fill a page with links
to porn sites and build up a database of which I've visited.

Maybe that's what YOU would do, jerk.. shows what's on YOUR mind.

My purpose, not that it's any of your business, was to allow the user
to clean up a page by moving their followed links to another area of
the page.

So take your insulting insinuation and shove it.

 

[Razzbar]

See: http://www.mattkruse.com/temp/link_check.html

This is, as far as I'm concerned, a privacy vulnerability.

Wow, that was scary. Had me fooled for a second, too, because the
followed links appeared no different from the followed ones. Someone
could make the link text very tiny, and hundreds of links could go
unnoticed. The only problem would be in getting the visitor to submit
them.

I could easily add a script to a site which checks hundreds of URLs to
"profile" my visitors without their knowledge, and submit that data back to
the server for storage and analysis.

I knew there could be a privacy issue, and now I'm wondering how to
protect against it, without having to keep clearing the browser
history.

I just wanted to move links from one part of the page to another.
Really.

 

[Razzbar]

To me, the "fix" would seem to be that browsers never report the styles
applied by :visited styles. Instead, fall back to the default style for the
<a> tag. That might be complicated, though, and I don't think it would be
high on anyone's priority list.

There could be a browser security setting that would "forget" the
followed status of a link to all sites except the originating one. For
other sites, a tool tip could indicate the followed status.

It's useful to see which links you've followed. I wanted a way to to
actually move them out of the way, or off the page, if the user wanted
to.

 

[Razzbar]

Grant Wagner wrote:

Maybe it's time to start using a user defined stylesheet. Create a file
called userContent.css, put it in your Gecko-based browser's
{profile}/chrome directory (Documents and Settings\<user>\Application
Data\Mozilla\Firefox\Profiles\default.xyz\chrome in Windows 2000 and
Windows XP). Make sure userContent.css contains:

a{ color: Blue ! important; }
a:visited { color: Red ! important; }

In IE:
- Tools > Internet Options > General tab > Accessibility
- Check User style sheet
- Browse for userContent.css

The above methods appears to work in IE, even if the site author
includes ! important in his CSS for links. I didn't test it in Firefox.

But the method works works by checking the current style of a link, and
if it is different than the style of a non-followed link, it would be
"caught".

No matter what css the user chooses for links, the script could find it
by having a link to itself somewhere on that page. That link would
always be in a visited state.

So the solution would be to have visited links with exactly the same
css specs as the unvisited ones.

Actually, I'm not that paranoid, but for those that are, there appears
to be a way to mitigate the privacy issues without having to switch
browsers.

By setting the style of visited and non-visited links the same.

So really, there isn't a 'direct' way to tell...

One could also clear browser history before visiting a suspicious page,
too.

 

[Randy Webb]

Maybe that's what YOU would do, jerk.. shows what's on YOUR mind.

If Lee is a jerk for worrying about security issues, then you are a
stupid idiot for *not* worrying about them. When you post a question,
you do not always get the answer you wanted. This is not a help desk,
its a discussion group. Get over it.

My purpose, not that it's any of your business, was to allow the user
to clean up a page by moving their followed links to another area of
the page.

Beside every link, add a "move this crap out of my way" link and have
that link move the visited link.

 

[Razzbar]

Beside every link, add a "move this crap out of my way" link and have
that link move the visited link.

Oh, I can see it now... a page with dozens and dozens of links, some
followed, which the user may or may not be interested in, filling up
the screen. And beside each link, -another- link saying "move this crap
out of my way". So if the user is interested in moving all those links
down to the bottom of the page, all she has to do is go down the page,
clicking them one by one. And beside every "move this crap out of the
way" link, there could be another "move this crap to the top of the
page" link...

I had in mind more like ONE button that the user could click, which
would call a function to loop thru the document links collection.

But your method sounds a lot better. Your way, the user could decide
one by one whether to move a link or not. None of them complicated
looping functions to write. Yes. Let the user decide. We must stop
pornography.

And thanks for letting me know that this is a discussion group, and not
a help desk. I did't know that. I thought people could ask questions
here. Give me time, big daddy, I'll learn.

Thanks, and go have a nice day yourself.

hehe...

 

[Csaba Gabor]

Very nice illustration. Notice that the www.mattkruse.com is not
shown as visited. You have to match up the URL pretty nearly exactly.

Maybe it's time to start using a user defined stylesheet. Create a file
called userContent.css, put it in your Gecko-based browser's
{profile}/chrome directory (Documents and Settings\<user>\Application
Data\Mozilla\Firefox\Profiles\default.xyz\chrome in Windows 2000 and
Windows XP). Make sure userContent.css contains:

a{ color: Blue ! important; }
a:visited { color: Red ! important; } ....
The above methods appears to work in IE, even if the site author
includes ! important in his CSS for links. I didn't test it in Firefox.

Just and idea, and I didn't try it, but if I were going after something
like this, I could imagine creating A elements in script, and setting
the visited style inline. Then check the computed style. Heck, with a
little hidden Iframe / server communication you could be testing links
all day in the background.

Csaba Gabor from Vienna