Wednesday, March 9, 2011

Leaking browsing history via user interaction and side channel attacks

Abstract: History sniffing attacks allow web sites to learn about users’ visits to other sites. The major browsers have recently adopted a defense against the current strategies for history sniffing. In a user study with 307 participants, we demonstrate that history sniffing remains feasible via interactive techniques which are not covered by the defense. While these techniques are slower and cannot hope to learn as much about users’ browsing history, we see no practical way to defend against them.

Download: PDF

No comments: