CARVIEW

MOTORHOMES

Select Language

HTTP/2 301 date: Sat, 11 Oct 2025 01:54:19 GMT content-type: text/html; charset=ISO-8859-1 location: https://lists.w3.org/Archives/Public/www-tag/2010May/0053.html cf-ray: 98caba924a7e165e-BLR cache-control: max-age=21600 expires: Sat, 11 Oct 2025 07:54:19 GMT x-backend: www-mirrors x-request-id: 98caba924a7e165e strict-transport-security: max-age=15552000; includeSubdomains; preload content-security-policy: frame-ancestors 'self' https://cms.w3.org/ https://cms-dev.w3.org/; upgrade-insecure-requests cf-cache-status: EXPIRED set-cookie: __cf_bm=sBuOsuQ7NT4NvOhmbzu8NuzjXbhWiDKIbWumpxHNFFY-1760147659-1.0.1.1-oHc7nTWDiXecCMYq5xK6gAb7hz0cBg9lC99a.hlk8Ue1mwCLF461PETp.cb0_2X83SYbtdhqK4m_fRyrliSrpGuggu7KGY1.zeCaoNZtdWw; path=/; expires=Sat, 11-Oct-25 02:24:19 GMT; domain=.w3.org; HttpOnly; Secure; SameSite=None vary: Accept-Encoding server: cloudflare alt-svc: h3=":443"; ma=86400 HTTP/2 200 date: Sat, 11 Oct 2025 01:54:20 GMT content-type: text/html content-encoding: gzip last-modified: Thu, 13 Jul 2023 17:54:41 GMT cache-control: max-age=2592000, public expires: Mon, 10 Nov 2025 01:54:20 GMT vary: Accept-Encoding access-control-allow-origin: * x-request-id: 98caba97cc97c1f7 strict-transport-security: max-age=15552015; preload x-frame-options: deny x-xss-protection: 1; mode=block cf-cache-status: MISS server: cloudflare cf-ray: 98caba97cc97c1f7-BLR alt-svc: h3=":443"; ma=86400 Detecting Browser History from Schneier on Security from Jonathan Rees on 2010-05-21 (www-tag@w3.org from May 2010)

Detecting Browser History from Schneier on Security

From: Jonathan Rees <jar@creativecommons.org>
Date: Fri, 21 May 2010 09:19:18 -0400
To: www-tag@w3.org
Message-ID: <AANLkTikvyaNXGpvHDX3ZhxSuT9WGfu3Rb74u-XLyNpyp@mail.gmail.com>

re ISSUE-31 (metadata in URI), sub-issue secrets-in-URIs
https://www.schneier.com/blog/archives/2010/05/detecting_brows.html
"All major browsers allow their users' history to be detected"
Note
(a) this confirms the claim made in TAG discussion that URIs that one
navigates to are sometimes not well protected
(b) it is taken for granted that this is a bug (privacy breach) that
needs to be fixed, and that can be (i.e. the FF developers think that
protecting URIs is "best practice")
If I understand correctly the attack only applies to guessable URIs.
Jonathan

Received on Friday, 21 May 2010 13:19:53 UTC

Original Source | Taken Source