Skip to main content
  1. Home
  2. Computing
  3. News

New browser exploit tracks even the most paranoid web users

By

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
guteksk7/Shutterstock
When it comes to tracking your web browsing, webmaster have all sorts of options – many of which web users actively block. But what if a malicious website owner could turn security features against you?

A researcher proved it’s possible to do just that over the weekend.

Recommended Videos

Most web users are aware that sites use can use cookies or browser fingerprinting to track you – it’s why so many users make a habit of deleting cookies, scrambling their user agents, and taking advantage of Incognito Mode.

Related

But in a presentation over the weekend security researcher Yan Zhu showed the world a new tracking method that gets around even the most paranoid user, by exploiting the certificates your browser uses to connect to secure sites.

Don’t believe me? Try Zhu’s site Sniffly out for yourself in Chrome or Firefox, and you’ll probably end up with an accurate list of sites you have and haven’t visited.

icymi, sniffing browser history using HSTS/CSP code + demo is up at https://t.co/iAxVPyOGzv. it's called that b/c i had a cold last week.

— Yan⚠ (@bcrypt) October 26, 2015

To (dramatically) simplify what’s going on here, the exploit attempts to load various images from encrypted domains, then detects whether or not your browser can establish a secure connection with those sites. If it can connect, it’s because you have an  HSTS pin for the site – so there’s a good chance you’ve visited the site before.

It’s a simple way to get a quick list of which secure sites you have and haven’t visited. The information collected this way is less reliable, only relates to sites encrypted using HTTPS, and is less specific that other methods – the sites you’ve visited are revealed, not the individual pages. But it’s still noteworthy, because nothing like it’s been done before.

You can watch Zhu’s entire presentation, read the slides or check out Sniffly on GitHub, if you want a more complete breakdown of how the exploit works.

Editors' Recommendations

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Who is Microsoft’s new Edge browser for? Probably not you or me
Person surfing the Internet with Microsoft Edge browser.

I tried using Microsoft’s Edge browser. I gave it a fair shot, setting it as my default browser for several months and using it for both work and play. After a while, though, the writing was on the wall: although it offered some nice features, like ink notes and ebook reading, it would never replace Chrome or Firefox as my go-to browser.

Now that Microsoft is switching to the Chromium open-source engine to power Edge, and essentially abandoning the Universal Windows Platform (UWP) version, I’m left with more questions than answers. What exactly -- and who -- is the new Edge browser for? And will any of us ever have a reason to switch?
A focus on enterprise
Let’s face it: Microsoft has been shifting its focus from consumers to business customers for years now. That writing has been on the wall, as well. Microsoft simply isn’t all that concerned lately about making Windows 10 a platform that appeals directly to average people. It works fine, of course, but Microsoft is far more focused on making you more productive within the context of your business.

Read more
Scores of people are downgrading back to Windows 10
The screen of the Galaxy Book4 Ultra.

Microsoft continues to struggle with the adoption of Windows 11 among its users. Recent data from Statcounter reveals a notable decline in the operating system’s market share, specifically compared with Windows 10.

After reaching an all-time high of 28.16% in February 2024, Windows 11 has experienced a drop, falling below the 26% mark.

Read more
The ASUS ROG Ally handheld gaming PC has a nice discount today
Starfield running on the Asus ROG Ally.

If you love the power of gaming PCs and the portability of the Nintendo Switch, you should think about getting a handheld gaming PC like the Asus ROG Ally. If you're interested, it's currently on sale from Walmart with an $87 discount that pulls its price down to $400 from $487. It's a pretty popular device so we expect this offer to attract a lot of attention, which means it's probably not going to last long. If you want to get this handheld gaming PC for this cheap, you should proceed with the transaction immediately.

Why you should buy the Asus ROG Ally handheld gaming PC
It's the version of the Asus ROG Ally with the AMD Ryzen Z1 Extreme that's listed in our roundup of the best handheld gaming PCs, but the Asus ROG Ally Z1 is still a worthwhile purchase because it gives you a gaming PC that you can bring with you wherever you go. Unlike a gaming laptop that's still pretty bulky with its large screen and keyboard, the Asus ROG Ally takes on the form of a portable gaming console like the Nintendo Switch, but with Windows 11 pre-installed as a familiar operating system to navigate and launch the best PC games.

Read more