{"id":53380,"date":"2025-05-07T08:17:05","date_gmt":"2025-05-07T12:17:05","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=53380"},"modified":"2025-05-07T08:17:05","modified_gmt":"2025-05-07T12:17:05","slug":"visited-links-privacy-protection","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/visited-links-privacy-protection\/53380\/","title":{"rendered":"Turning purple: how visited links threaten your privacy"},"content":{"rendered":"

In April, the release of version 136 of Google Chrome finally addressed a privacy issue for the browser that\u2019s been widely known about since 2002 (which issue, btw, is also present in all other major browsers). This was real bad news for unscrupulous marketers, who\u2019d been exploiting it wholesale for 15 years. From this menacing description, you might be surprised to learn that the threat is a familiar and seemingly harmless convenience: links that your browser highlights a different color after you visit them.<\/p>\n

From a blue sky to purple rain<\/h2>\n

Changing the color of links to visited sites (by default from blue to purple) was first introduced 32 years ago in the NCSA Mosaic browser. After that, this user-friendly practice was adopted by almost all browsers in the 1990s. And it later became the standard for Cascading Style Sheets (CSS) \u2014 a language for adding stylization to web pages. Such recoloring occurs by default in all popular browsers today.<\/p>\n

However, as early as in 2002<\/a>, researchers noticed that this feature could be abused by placing hundreds or thousands of invisible links on a page and using JavaScript to detect which of them the browser renders as visited. In this way, a rogue site could partially uncover a user\u2019s browsing history.<\/p>\n

In 2010, researchers discovered that this technique was being used in the wild by some major sites to snoop on visitors \u2014 among which were YouPorn, TwinCities, and 480 other sites then popular<\/a>. It was also found that platforms like Tealium and Beencounter<\/a> were offering history-sniffing services, while the advertising firm Interclick was implementing this technology for analytics, and even faced legal action. Although it won the lawsuit, the major browsers have since modified their code for processing links<\/a> to make it impossible to read whether a link was visited or not.<\/p>\n

However, advances in web technologies created new workarounds for snooping on browsing history. A 2018 study<\/a> described four new ways to check the state of links \u2014 two of which affected all tested browsers except the Tor Browser. One of the vulnerabilities \u2014 CVE-2018-6137 \u2014 made it possible to check visited sites at up to 3000 links per second. Meanwhile new, increasingly sophisticated attacks to extract browsing history<\/a> continue to appear.<\/p>\n

Why history theft is dangerous<\/h2>\n

Exposing your browsing history, even partially, poses several threats to users.<\/p>\n

Not-so-private life.<\/strong> Knowing what sites you visit (especially if it relates to medical treatment, political parties, dating\/gambling\/porn sites, and similar sensitive topics), attackers can weaponize this information against you. They can then tailor a scam or bait to your individual case \u2014 be it extortion, a fake charity, the promise of new medication, or something else.<\/p>\n

Targeted checks.<\/strong> A history-sniffing site could, for example, run through all the websites of the major banks to determine which one you use. Such information can be of use to both cybercriminals (say, for creating a fake payment form to fool you) and legitimate companies (say, for seeing which competitors you\u2019ve looked at).<\/p>\n

Profiling and deanonymization.<\/strong> We\u2019ve written many times about how advertising and analytics companies use cookies and fingerprinting to track user movements and clicks<\/a> across the web. Your browsing history serves as an effective fingerprint, especially when combined with other tracking technologies. If an analytics firm\u2019s site can see what other sites you visited and when, it essentially functions as a super-cookie.<\/p>\n

Guarding against browser history theft<\/h2>\n

Basic protection appeared in 2010 almost simultaneously in the Gecko (Firefox<\/a>) and WebKit (Chrome and Safari) browser engines. This guarded against using basic code to read the state of links.<\/p>\n

Around the same time, Firefox 3.5 introduced the option to completely disable the recoloring of visited links. In the Firefox-based Tor Browser, this option is enabled by default \u2014 but the option to save browsing history is disabled. This provides a robust defense against the whole class of attacks but sorely impacts convenience.<\/p>\n

Unless you sacrifice an element of comfort, however, sophisticated attacks<\/a> will still be able to sniff your browsing history.<\/p>\n

Attempts are underway at Google to significantly change the status quo: starting with version 136, Chrome will have visited link partitioning<\/a> enabled by default. In brief, it works like this: links are only recolored if they were clicked from the current site<\/em>; and when attempting a check, a site can only \u201csee\u201d clicks originating from itself.<\/p>\n

The database of website visits (and clicked links) is maintained separately for each domain. For example, suppose bank.com<\/em> embeds a widget showing information from banksupport.com<\/em>, and this widget contains a link to centralbank.com<\/em>. If you click the centralbank.com<\/em> link, it will be marked as visited \u2014 but only within the banksupport.com<\/em> widget displayed on bank.com<\/em>. If the exact same banksupport.com<\/em> widget appears on some other site, the centralbank.com<\/em> link will appear as unvisited. Chrome\u2019s developers are so confident that partitioning is the long-awaited silver bullet that they\u2019re nurturing tentative plans to switch off the 2010 mitigations<\/a>.<\/p>\n

What about users?<\/h2>\n

If you don\u2019t use Chrome, which, incidentally has plenty of other privacy issues<\/a>, you can take a few simple precautions to ward off the purple menace.<\/p>\n