http://milov.nl/2520 Weblog/photolog of Milo Vermeulen Thu, 27 May 2004 10:32:25 GMT http://milov.nl/2520#comment4770 http://milov.nl/2520#comment4770 Thu, 27 May 2004 10:32:25 GMT Indeed known about for some time. I mentioned this issue in a post to Bugtraq a few years ago: http://www.doxdesk.com/personal/posts/bugtraq/20020214-css.html There is no obvious good solution. http://milov.nl/2520#comment4768 http://milov.nl/2520#comment4768 Wed, 26 May 2004 14:36:46 GMT Jan!: You're right, with a dynamic site this whole expression() trick isn't really needed. And I wouldn't say I'm 'upset' or worried, just disappointed I didn't discover this cool (and indeed rather obvious) trick earlier ;) http://milov.nl/2520#comment4767 http://milov.nl/2520#comment4767 Wed, 26 May 2004 14:20:57 GMT If a particular URL is in my browsers history or not does not mean anything. (What's important here: You can't read the history. Instead, you have to know the URL first!) Turn off your internet connection if you are afraid of being tracked. http://milov.nl/2520#comment4765 http://milov.nl/2520#comment4765 Wed, 26 May 2004 14:12:13 GMT Also, if you're serving dynamic pages anyway, you can just as well add an id attribute to every link, and style it in CSS with: #link857456 { background: url(tracker.php?id=link857456) } Apart from that, I don't get why everyone's upset all of a sudden when this has been known (and applied) for years. http://milov.nl/2520#comment4764 http://milov.nl/2520#comment4764 Wed, 26 May 2004 14:07:31 GMT Thiemo, the big difference is is that with this technique, the visitor doesn't *click* on a link at all. Simply loading a page of links is enough to alert the site owner of which of those links the current visitor has visited before. http://milov.nl/2520#comment4763 http://milov.nl/2520#comment4763 Wed, 26 May 2004 14:02:57 GMT It's possible too extract all the URLs of the HTML markup to create the corresponding CSS rules for the standard compliant browsers, and finally throw the HTML + the extra CSS rules to the client. Indeed, if the tracker.php script goes recursively through the pages visited by the user it can reveal some really valuable infos ( imagine the extra incomes an ad system could ask if it implements that sort of sniffer ) and eventually set a breach for the sites using an authentication via the parameters sent in GET ( which is whatever, a security no-no ). The violation of privacy could reach an higher scale if the spamming companies used that exploit ( if don't already do ) in their mails. http://milov.nl/2520#comment4762 http://milov.nl/2520#comment4762 Wed, 26 May 2004 14:02:01 GMT What's so dangerous about this? You can do the same since HTML 1.0: <a href="tracker.php?url=slashdot.org">