Grant said:
Actually, I'm not that paranoid, but for those that are, there appears
to be a way to mitigate the privacy issues without having to switch
browsers.
Yeah, I don't think it's that big of a deal. The potential exploits would be
complicated and really not that big of a deal anyway. It's more of a
curiosity than a real concern, for me.
Possible 'exploits' might include:
- Checking popular banking sites to see which bank the user might use
- Checking weather.com URLs for every zip code and possibly finding out the
zip code of the user
- Checking competitor URLs to see if the user has been there recently, and
displaying targetted advertising based on that fact.
- When displaying ads, checking to see if the user has already clicked on
the ad. If they have, display a different one instead.
etc.
I was wondering if there was a way to form URL's that would point to objects
on the filesystem in IE. For example, a URL that points to Excel. By
checking that, you could tell if the user has Excel installed in that
location. But, I don't think people run stuff from within IE. I didn't know
what else along the same lines might be possible.
To me, the "fix" would seem to be that browsers never report the styles
applied by :visited styles. Instead, fall back to the default style for the
<a> tag. That might be complicated, though, and I don't think it would be
high on anyone's priority list.