Feeds

Site guesses your sex via age-old web flaw

Pardon me, your browser history is showing

Internet Security Threat Report 2014

One of the problems that's plagued netizens since the inception of the world wide web that their browsers have a habit of leaking every site they've visited in the recent past. A quick stop at Blowupdolls.com, Mysecretbusinessproject.net or any other site is available to any webmaster with rudimentary coding skills.

Now the Mike on Ads blog has harnessed this privacy shortcoming into a tool that tries to predict whether the visitor is male or female. It uses a small piece of Javascript, that siphons a browser's URL history and then analyzes the sites visited to guess whether the user is a guy or gal.

Firefox, Internet Explorer and virtually every other browser on the planet are only too eager to cough up a user's site history, a point we lamented last month, when we discussed the crisis of security confidence felt by web surfers the world over. Mozilla, Microsoft and the rest of the gang have long refused to do anything about it because fixing the problem would make it hard for users to tell sites they've visited from those they haven't.

It's unclear how accurate the tool is at guessing a visitor's sex, although it did pronounce there was a 74 percent chance your reporter was male. More importantly, the tool is a reminder of just how easy it is for webmasters to track the browsing history of their visitors. Even when you turn off Javascript, they have other tricks up their sleeves that are much harder to foil, says Jeremiah Grossman, the CTO of WhiteHat Security, who brought the tool to our attention.

Of course, browsing history isn't the only way webmasters can track personal information about their visitors. We're waiting for a tool that combines history with other metrics, such as a user's IP address, geographic location, the operating system and browser model being used and the oodles of information that can be gleaned using deep-packet inspection a la Phorm and NebuAd. Then again, we wouldn't be surprised if sites are already just doing that and no one has figured it out yet. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.