Drowning in email? Try Inbox Zero to learn sane tips for dealing with high-volume email. And don’t miss the free Inbox Zero video. »
Register for free on 43 Folders to comment on articles, post to our forum, customize your visits, and much more. Current users can login now.
Clever web dev trick for checking browser history
Merlin Mann | Feb 8 2008
Sniff browser history for improved user experience Talk about sufficiently advanced technology. Although you will surely see this post linked many times this week, I have to throw in my own kudos. Fantastic trick, Niall! In a nutshell, Niall shows how you can use a combination of CSS and JavaScript to selectively display information based on previously visited URLs in your visitor’s browser history. Have you been to Digg? Then Niall’s site displays a “Digg This” badge (and, importantly for Niall’s purposes, not 100 other badges for sites you haven’t used). Try Niall’s live example to see this stunner in action. Dang. That sound you just heard? That’s a few million people scurrying to hit “ Now, regrettably, I suspect the race begins for seeing how horribly something like this can be abused. POSTED IN:
|
|
| EXPLORE 43Folders | THE GOOD STUFF |
Popular |
|
Inbox ZeroThe original 43 Folders series looking at the skills, tools, and attitude needed to empty your email inbox — and then keep it that way. Don’t miss the free video of Merlin’s Inbox Zero presentation. Get Started with ‘GTD’David Allen’s popular productivity book and the system on which it’s based help turn ‘stuff’ into actions that support valuable outcomes. |
43 Folders is powered by Drupal, which rules. Our site was designed by a bearded fella from Wire and Twine and has been lovingly skinned for Drupal by the code ninjas at RoopleTheme. Ben Durbin is the sine qua non and our personal consigliere. 43f’s web hosting is sponsored by A2.
43 Folders® is a registered trademark of Merlin Mann. All posts and comments © their original owners. Everything else (including the design) is © Merlin Mann, 2004-2008. Merlin’s posts can be reused or republished solely in accordance with the BY-NC-ND Creative Commons License. Please don’t be a douche with my stuff. Here’s our Legal and Ground Rules. 43 Folders loves you. Namasté.
Fortunately, it's easy to break
Fortunately, for those of us who think this crosses the line on privacy, breaking every test case on the site only takes one line in a user.css file:
a:visited {color:blue !important}And yes, that line has already been loaded into Safari on my system, and it's going to stay there. Although I admire the cleverness of the programming Niall used, I don't appreciate exposing my browsing history to random websites through unexpected methods. Niall's approach breaks the principle of least surprise, and it plays fast and loose with what most users would consider private data - I can't see how implementing this technique in the real world could be seen as a good idea. Just because you can doesn't mean that you should.
firefox protections are available too
personally i do think history sniffing is crossing the privacy line… i used to let it slide but facebook and zappos pretty much changed my mind when they wanted to tell all my contacts i bought some new shoes… kinda freaked me into really changing my browsing habits. at least facebook made the “beacon” sniffing visible… i revisited the paranoia of how much secret sniffing must go on.
but i know history sniff can be used for good and not just evil. for this, the firefox plugin SafeHistory is a fitting compromise, which implements same origin policy on history. see also SafeCache for cache sniffing (which i think is actually worse than history sniffing… mostly just evil and no good).
note for both of these, you need to make sure the same origin policy is enabled (network.cookie.cookieBehavior=1)… normally the policy just applies to cookies but these plugins conveniently refer to this centralized toggle.
one final tangent, i believe same origin used to be the default in firefox, but since 2.0 it is not nor is it even accessible in the standard conf screens… now you can only set it with the about:config . i find this somewhat disturbing… same origin really seems like it should be standard practice.
-snr
Re: Clever web dev trick for checking browser history
NoScript protection, when you just don’t like any sites but the ones you want to know you.
if you allow the site, it can look up history, if you don’t allow the site. it has no javascript to play with which is nice :)