Skip to main content
  1. Home
  2. Computing
  3. News

New browser exploit tracks even the most paranoid web users

By

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
guteksk7/Shutterstock
When it comes to tracking your web browsing, webmaster have all sorts of options – many of which web users actively block. But what if a malicious website owner could turn security features against you?

A researcher proved it’s possible to do just that over the weekend.

Recommended Videos

Most web users are aware that sites use can use cookies or browser fingerprinting to track you – it’s why so many users make a habit of deleting cookies, scrambling their user agents, and taking advantage of Incognito Mode.

Related

But in a presentation over the weekend security researcher Yan Zhu showed the world a new tracking method that gets around even the most paranoid user, by exploiting the certificates your browser uses to connect to secure sites.

Don’t believe me? Try Zhu’s site Sniffly out for yourself in Chrome or Firefox, and you’ll probably end up with an accurate list of sites you have and haven’t visited.

icymi, sniffing browser history using HSTS/CSP code + demo is up at https://t.co/iAxVPyOGzv. it's called that b/c i had a cold last week.

— Yan⚠ (@bcrypt) October 26, 2015

To (dramatically) simplify what’s going on here, the exploit attempts to load various images from encrypted domains, then detects whether or not your browser can establish a secure connection with those sites. If it can connect, it’s because you have an  HSTS pin for the site – so there’s a good chance you’ve visited the site before.

It’s a simple way to get a quick list of which secure sites you have and haven’t visited. The information collected this way is less reliable, only relates to sites encrypted using HTTPS, and is less specific that other methods – the sites you’ve visited are revealed, not the individual pages. But it’s still noteworthy, because nothing like it’s been done before.

You can watch Zhu’s entire presentation, read the slides or check out Sniffly on GitHub, if you want a more complete breakdown of how the exploit works.

Editors' Recommendations

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
All the Copilot updates announced at Build 2024
A Team Copilot being used alongside a Teams video call.

It’s that time of year again, and Microsoft is making various announcements regarding Copilot at its annual Build developer conference. As expected, AI is a massive part of what’s being said, just like last year.

Perhaps the biggest announcement in that regard was that GPT-4o was already live in Azure AI and would soon be coming to Copilot. It was mentioned as part of the Copilot+ press event yesterday, but not much information was provided, aside from the Minecraft tutorial demo.

Read more
The real reason behind Copilot+ PCs goes far beyond just AI
The new Surface Pro on a table.

Microsoft has a lot more than AI riding on Copilot+ PCs. Although AI is the current buzzword of the tech industry, Microsoft's push into a new era of PCs has just as much to do with declining PC sales over the past several years, as well as Microsoft's decade-long drive to get Windows on ARM working.

With so much going on, it's left me wondering what Microsoft's real reason and motivation behind the transition might be. Copilot+ PCs are a new category of device that, yes, come with some AI features, but I'm convinced this transition might have more to do with addressing a stagnant Windows laptop market than simply just AI.
A simple question

Read more
Best HP Memorial Day deals: laptops, gaming PCs, monitors, more
hp omen 40l review 03

If you're looking to grab a new laptop or desktop PC, then HP is having an excellent early Memorial Day sale on a lot of devices, which is great given that HP makes some of the best gaming laptops and the best gaming PCs on the market. Of course, it also makes a lot of other excellent devices, and that includes great day-to-day laptops that are more budget-friendly, as well as monitors -- with everything from smaller business-oriented ones to high-end gaming monitors. To that end, we've collected some of our favorite deals for you below across various categories.
Best HP Laptop Memorial Day Deals

HP makes some of the best laptops on the market, and interestingly enough, it is one of the few brands that make large-screen laptops at budget prices, so if you're looking for a 17-inch laptop for less than $500, you're in luck. Not only that, but you can always grab yourself a higher-end laptop for more complex tasks like CAD or music production while still saving quite a bit of money.

Read more