Your web surfing history accessible via JavaScript: researchers

Dec 03, 2010
“JavaScript is a great thing, it allows things like Gmail and Google Maps and a whole bunch of Web 2.0 applications; but it also opens up a lot of security vulnerabilities. We want to let the broad public know that history sniffing is possible, it actually happens out there, and that there are a lot of people vulnerable to this attack,” said UC San Diego computer science professor Sorin Lerner.

(PhysOrg.com) -- The Web surfing history saved in your Web browser can be accessed without your permission. JavaScript code deployed by real websites and online advertising providers use browser vulnerabilities to determine which sites you have and have not visited, according to new research from computer scientists at the University of California, San Diego.

The researchers documented code secretly collecting browsing histories of through “history sniffing” and sending that information across the network. While history sniffing and its potential implications for privacy violation have been discussed and demonstrated, the new work provides the first empirical analysis of history sniffing on the real Web.

“Nobody knew if anyone on the Internet was using history sniffing to get at users’ private browsing history. What we were able to show is that the answer is yes,” said UC San Diego science professor Hovav Shacham.
The from the UC San Diego Jacobs School of Engineering presented this work in October at the 2010 ACM Conference on Computer and Communications Security (CCS 2010) in a paper entitled, “An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications”.

History Sniffing

History sniffing takes place without your knowledge or permission and relies on the fact that browsers display links to sites you’ve visited differently than ones you haven’t: by default, visited links are purple, unvisited links blue. History sniffing JavaScript code running on a Web page checks to see if your browser displays links to specific URLs as blue or purple.

History sniffing can be used by website owners to learn which competitor sites visitors have or have not been to. History sniffing can also be deployed by advertising companies looking to build user profiles, or by online criminals collecting information for future phishing attacks. Learning what banking site you visit, for example, suggests which fake banking page to serve up during a phishing attack aimed at collecting your bank account login information.

“JavaScript is a great thing, it allows things like Gmail and Google Maps and a whole bunch of Web 2.0 applications; but it also opens up a lot of security vulnerabilities. We want to let the broad public know that history sniffing is possible, it actually happens out there, and that there are a lot of people vulnerable to this attack,” said UC San Diego computer science professor Sorin Lerner.

The latest versions of Firefox, Chrome, and Safari now block the history sniffing attacks the computer scientists monitored. Internet Explorer, however, does not currently defend against history sniffing. In addition, anyone using anything but the latest versions of the patched browsers is also vulnerable.

Sniffing out History Sniffing

“We built a dynamic data flow engine for JavaScript to track history sniffing in the wild. I don’t know of any other practical tool that can be used to do this kind of extensive study,” said Dongseok Jang, the UC San Diego computer science Ph.D. student who developed the JavaScript monitoring technology. The researchers plan to broaden their work and study what information is being leaked by applications on social media and other Web 2.0 sites.

The computer scientists looked for history sniffing on the front pages of the top 50,000 websites, according to Alexa global website rankings. They found that 485 of the top 50,000 sites inspect style properties that can be used to infer the browser's history. Out of 485 sites, 63 transferred the browser's history to the network. “We confirmed that 46 of them are actually doing history sniffing, one of these sites being in the Alexa global top 100,” the UC San Diego computer scientists write in the CCS 2010 paper.

Table 1 in the paper outlines the websites the computer scientists found that performed history sniffing during the data collection period. In some cases, the websites created their own history sniffing systems. In other cases, advertisements served by outside companies contained JavaScript code performing the history sniffing.

History Sniffing in Perspective

The computer scientists say that history sniffing does not pose as great a risk to your privacy or identity as malicious software programs (malware) that can steal your banking information or your entire Facebook profile. But, according to Shacham, “history sniffing is unusual in effectively allowing any site you visit to learn about your browsing habits on any other site, regardless if the two sites have any business relationship.”

To see history sniffing in action, visit: www.whattheinternetknowsaboutyou.com .

“I think people who have updated or switched browsers should now worry about things other than history sniffing, like keeping their Flash plug-in up to date so they don’t get exploited. But that doesn’t mean that the companies that have engaged in history sniffing for the currently 60 percent of the user population that is vulnerable to it should get a free pass,” said Shacham.

Tracking History Sniffing

The UC San Diego history-sniffing detection tool analyzes the JavaScript running on the page to identify and tag all instances where the browser history is being checked. The way the system tags each of these potential history tracking events can be compared to the ink or paint packets that banks add to bags of money being stolen.

“As soon as a JavaScript tries to look at the color of a link, we immediately put ‘paint’ on that. Some sites collected that information but never sent it over the network, so there was all this ‘paint’ inside the browser. But in other cases, we observed ‘paint’ being sent over the network, indicating that history sniffing is going on,” explained Lerner. The computer scientists only considered it history sniffing when the browser history information was sent over the network to a server.
“We detected when browser history is looked at, collected on the browser and sent on the network from the browser to their servers. What servers then do with that information is speculation,” said Lerner.

The “paint” tracking approach to monitoring JavaScript could be useful for more than just history sniffing, Lerner explained. “It could be useful for understanding what information is being leaked by applications on Web 2.0 sites. Many of these apps use a lot of JavaScript.”

Explore further: 'Draw me a picture,' say scientists: Computer may respond

More information: Dongseok Jang, Ranjit Jhala, Sorlin Lerner, and Hovav Shacham. “An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications.” In A. Keromytis and V. Shmatikov, eds., Proceedings of CCS 2010, pages 270–83. ACM Press, Oct. 2010.

Related Stories

Apple Announces Safari 4 Browser

Feb 24, 2009

Apple today announced the public beta of Safari 4 web browser for Mac and Windows PCs. The Nitro engine in Safari 4 runs JavaScript 4.2 times faster than Safari 3.

Google Chrome 5 beta released

May 06, 2010

(PhysOrg.com) -- Internet search engine giant Google has released a new beta version of its Chrome browser, and it is visibly much faster than the previous version, and faster than most other browsers.

Modern society made up of all types

Nov 04, 2010

Modern society has an intense interest in classifying people into ‘types’, according to a University of Melbourne Cultural Historian, leading to potentially catastrophic life-changing outcomes for those typed – ...

Recommended for you

Cloud computing helps make sense of cloud forests

Dec 17, 2014

The forests that surround Campos do Jordao are among the foggiest places on Earth. With a canopy shrouded in mist much of time, these are the renowned cloud forests of the Brazilian state of São Paulo. It is here that researchers ...

Teaching robots to see

Dec 15, 2014

Syed Saud Naqvi, a PhD student from Pakistan, is working on an algorithm to help computer programmes and robots to view static images in a way that is closer to how humans see.

User comments : 43

Adjust slider to filter visible comments by rank

Display comments: newest first

Taps
5 / 5 (2) Dec 03, 2010
Use Firefox with a couple plug-ins:

Ghostery
Adblock Plus
Better Privacy

Most of the problem solved.
Ratfish
not rated yet Dec 03, 2010
Use Firefox with a couple plug-ins:

Ghostery
Adblock Plus
Better Privacy

Most of the problem solved.


Hadn't heard of ghostery or better privacy; thanks a lot. Do you block every tracker with ghostery?
frajo
1 / 5 (1) Dec 03, 2010
Use Firefox with a couple plug-ins:
Ghostery
Adblock Plus
Better Privacy
Most of the problem solved.
I recommend NoScript.
And for my online banking I have a separate (second) Firefox installation (on a separate partition) which is used for nothing else.
barakn
4.8 / 5 (5) Dec 03, 2010
I just read the paper, and it raises an interesting question. Why does answersingenesis.org check if you've visited Facebook and 62 other sites? Seems to me answersingenesis.org is a malicious website.
frajo
3.7 / 5 (3) Dec 04, 2010
I just read the paper, and it raises an interesting question. Why does answersingenesis.org check if you've visited Facebook and 62 other sites? Seems to me answersingenesis.org is a malicious website.
Business as usual.
At this moment I'm (and you probably are) being tracked by Google Analytics, Quantcast, and Comscore VoiceFive.
Of course, Facebook is an especially fertile information source.
Skeptic_Heretic
5 / 5 (2) Dec 04, 2010
I just read the paper, and it raises an interesting question. Why does answersingenesis.org check if you've visited Facebook and 62 other sites? Seems to me answersingenesis.org is a malicious website.

I would also say it is malicious, but not necessarily for checking your browsing history.
rynox
not rated yet Dec 04, 2010
frajo is exactly right.

As far as the technical 'glitch' or whatever you want to call this in the article: Correct me if I'm wrong, but isn't the javascript engine you use browser-dependent? Internet Explorer, for example, will use the WSH javascript engine while Chrome has it's own javascript engine?
Jerseyfoo
1.8 / 5 (5) Dec 04, 2010
The way this information is presented serves no other purpose to to encourage ignorance. You 'scientists' should be fired for holding back technology and progress.

There's no security vulnerability here, no mal-intent, it is a functionality of JavaScript that any competent web developer was already aware of. Your history cannot be accessed, only checked. You can only ask "has this user visited this website recently?", not "what websites did this user visit?"

Thanks for killing a few thousand add-ons, snippets, and services with this bullshit.
frajo
3 / 5 (3) Dec 05, 2010
Thanks for killing a few thousand add-ons, snippets, and services with this bullshit.
Don't understand this remark.
IMHO the (informed) user is king. If he decides to stop or disable add-ons/snippets/services then they ought to stop.
And not secretely continue without the user knowing about it.
That's one of the reasons why I'm avoiding MS OS-s.
Skeptic_Heretic
3 / 5 (2) Dec 05, 2010
You can only ask "has this user visited this website recently?", not "what websites did this user visit?"
Actually, you can ask that question. It's how ad networks function.
Jerseyfoo
1 / 5 (2) Dec 05, 2010
Thanks for killing a few thousand add-ons, snippets, and services with this bullshit.
Don't understand this remark.

When browser makers kill a functionality of a language because of mal-informed media attention, what you you think happens to the add-ons/services which relied on that functionality?

IMHO the (informed) user is king.

Informed user? This is propaganda intended to give this news site traffic and those 'scientists' some attention. "OMG security hole, privacy violation" is what encourages ignorance. This functionality has been known since 1999, it's not a mistake, and it's nothing more than a conspiracy theory to say people are using it to invade your privacy.

Correct me if I'm wrong, but isn't the javascript engine you use browser-dependent?

JavaScript engines are browser-engine dependent, ie. Gecko, Trident, etc. JavaScript is a standard which most browsers follow, Internet Explorer/Trident being the retard child.
Jerseyfoo
2 / 5 (4) Dec 05, 2010
Actually, you can ask that question. It's how ad networks function.

Think in context to the relevant issue at hand. They don't use this functionality, and thats hardly "how ad networks function". They keep track of where you've been on the server side, thats what the tracking cookie is for. It's just an ID number thats sent along with your request to their server.

I'm sure most of you think Java and JavaScript have something to do with eachother.
Skeptic_Heretic
5 / 5 (1) Dec 05, 2010
I'm sure most of you think Java and JavaScript have something to do with eachother.
They do, about as much as C and C sharp have in common.
Zed123
5 / 5 (3) Dec 06, 2010
@ Jerseyfoo

I don't think this article was over-hyping the situation. It didn't read like an inflammatory piece, merely about educating users out there.

Although this function may have been known about by developers for years, most people would not be aware that this is possible. The concern here is not so much the collection of this information, as the fact that they don;t disclose they are collecting it.

Personally (and this is just me, feel free to disagree if you wish) I don't have a big problem with advertisers using some of my info to provide me with more targeted information. I'd rather see fewer but more relevant ads than be spammed with a whole lot of stuff I dont care about.

However, I still reserve the right to only disclose the personal information I choose. If companies are collecting data without letting me know, thats when I start to get concerned.
Ethelred
3.3 / 5 (7) Dec 06, 2010
When an advertiser uses my PC to gather information on me he had bloody well better

Pay me - similar to the idea behind be Telephone advertising. I pay for the phone so if they want t o use MY phone to annoy me with adds then they had bloody well better pay me. Placing an add on a site without spying on me is quite different from using the add or the site to spy on OTHER places I have been.

Tell me - this normal in business.

Get my permission. Opt IN not opt OUT.

To do it in secret is reprehensible.

Ethelred
frajo
4 / 5 (4) Dec 06, 2010
When browser makers kill a functionality of a language because of mal-informed media attention, what you you think happens to the add-ons/services which relied on that functionality?
That would be a good day for programmers. More work, more money. But which browser maker would be influenced by mal-informed media attention?
Informed user? This is propaganda intended to give this news site traffic and those 'scientists' some attention.
Don't understand the word "this". The existence of informed users? The article? My comment?
"OMG security hole, privacy violation" is what encourages ignorance.
You suggest to keep quiet in order to lessen ignorance?
This functionality has been known since 1999, it's not a mistake, and it's nothing more than a conspiracy theory to say people are using it to invade your privacy.
If any functionality allows things which some user might object to but cannot because he doesn't know it then this functionality is suspect.
Jerseyfoo
1 / 5 (2) Dec 08, 2010
this = article, the root object.

You suggest to keep quiet in order to lessen ignorance?

No, as I've said; presentation. Note the 'OMG', and the fact it's not a security hole.

If any functionality allows things which some user might object to but cannot because he doesn't know it then this functionality is suspect.

We should burn our computers then.
Zed123
not rated yet Dec 08, 2010
We should burn our computers then.


Random words do not make for a highly convincing argument. Try thinking first, then typing! :)

frajo
5 / 5 (1) Dec 09, 2010
If any functionality allows things which some user might object to but cannot because he doesn't know it then this functionality is suspect.

We should burn our computers then.
If you somehow acquired a piece of hardware which gives you reason to mistrust then, yes, dump it.
Indeed, I use to exchange computer hardware when it doesn't work to my expectations.
Ethelred
1.7 / 5 (6) Dec 09, 2010
We should burn our computers then.
Please do. That way we will have one less advertiser using our own machines to spy on us.

I own this machine. Not you. You don't have the right to spy on me by abusing my machine. I don't care how much you want to make a few more bucks.

If you want to use my machine PAY ME. And get my permission FIRST.

Ethelred
deepsand
1.4 / 5 (9) Dec 09, 2010
If you want to use my machine PAY ME. And get my permission FIRST.

That's a bit overly simplified.

When you request an online resource, you are, without first requesting and being granted permission, using a machine that belongs to someone else.

Furthermore, you are asking that it perform certain functions, both locally on your machine, as well as remotely on the other.

So, the issue of permissions is not so black and white as you would have it be.

Furthermore, TCP is a stateless protocol; therefore, certain "tracking" mechanisms are, of necessity, required in order to maintain session statefulness.

(cont. below)
deepsand
1.9 / 5 (10) Dec 09, 2010
(cont.)

The oldest, and most commonly used, "tracking" device, the cookie, was specifically designed for such purpose. Without it, or similar, session continuity would be impossible; and, while the internet would still exist, the web would not.

Lastly, there are many legitimate needs for "tracking," such as the gathering of statistical data, customer identification & authentication, user preferences, etc.. Without these, the web would be a much more primitive and dangerous place.

Absent a well crafted definition of "tracking," and the distinction between the good and the bad, the "no track" notion is akin to throwing the baby out with the bath water.
Ethelred
1.8 / 5 (5) Dec 10, 2010
1/3
That's a bit overly simplified.
No, It IS my position, not an explanation.
When you request an online resource, you are, without first requesting and being granted permission, using a machine that belongs to someone else.
No. I am requesting DATA that has been offered.
Furthermore, you are asking that it perform certain functions, both locally on your machine, as well as remotely on the other.
Actually no. I am asking it to SEND data that my machine will parse into something that is comprehensible. At no time did I ask that I be allowed to run anything on their machine.
So, the issue of permissions is not so black and white as you would have it be.
Wrong. My machine is parsing data. Sometimes that data is executed but only with my permision, as I use NoScript.
Furthermore, TCP is a stateless protocol; therefore, certain "tracking" mechanisms are, of necessity
Which is irrelevant to someone trying to spy on where I have been when not on their site.

More
Ethelred
1.8 / 5 (5) Dec 10, 2010
2/3
The oldest, and most commonly used, "tracking" device, the cookie, was specifically designed for such purpose.
COOKIES are not inherently tracking tools. They have been suborned for that purpose but is NOT what they were created for.
Without it, or similar, session continuity would be impossible; and, while the internet would still exist, the web would not.
Which has nothing to do with tracking. The term tracking cookie is used for cookies from ADVERTISERS not normally the hosting website.
astly, there are many legitimate needs for "tracking," such as the gathering of statistical data, customer identification & authentication, user preferences, etc
Again those are not TRACKING.
Absent a well crafted definition of "tracking,"
Do you mean a definition that is bogus? The STANDARD use of the term is for ADVERTISERS. Again cookies are not actually what is being discussed here in any case.

More
Ethelred
1 / 5 (3) Dec 10, 2010
3/3
You write like you are explaining basics to an idiot.

I am not an idiot.
I know what cookies are.
I have been on the net for over a decade.
I know the difference between data and an executable. And yes I have written self modifying code.
YOU are pretending that cookies are a priori tracking tools. They are not.
YOU are pretending that this article was about tracking cookies. It was not.
You are trying to pass off bullshit as facts on cookies.

http://en.wikiped...P_cookie

I am curious as to what got you to post after so long gone. And Excalibur's reappearance as well. You clearly are not writing from ignorance yet you tried to snow people about cookies and ignored what the discussion is really about. Are you making money off tracking people or did you just fail to understand what is being discussed. I have hard time believing the latter since your statements on Tracking were so clearly at odds with more technical side of the post.

Ethelred
frajo
5 / 5 (1) Dec 10, 2010
Absent a well crafted definition of "tracking," and the distinction between the good and the bad, the "no track" notion is akin to throwing the baby out with the bath water.
Doesn't matter. It must be an option for the owner/user of the client computer. The service provider still can deny his services in that case.
Which of course is an disadvantage against the competition. If there is any competition.
Skeptic_Heretic
5 / 5 (1) Dec 10, 2010
When browser makers kill a functionality of a language because of mal-informed media attention, what you you think happens to the add-ons/services which relied on that functionality?
That would be a good day for programmers. More work, more money. But which browser maker would be influenced by mal-informed media attention?
It would only be a good day for good programmers. Very many programmers take the easy way out and exploit simple and less secure coding practices. This is part of what makes creating a good universal OS so challenging and that's why I really can't give Microsoft too hard a time.
Ethelred
1 / 5 (2) Dec 10, 2010
Excalibur

If you can't show where I am wrong then you have no reason, except pique, to be giving me ones.

So I will now give you ones. UNLESS you give cause for your actions. You have one days grace to respond on this thread before I retaliate.

Yes I engage in petty revenge against wankers.

Its fun.

Ethelred
zslewis91
not rated yet Dec 10, 2010
-- Point-free style
fib :: Integer -> Integer
fib = (fibs !!)
where fibs = 0 : scanl (+) 1 fibs

-- Explicit
fib :: Integer -> Integer
fib n = fibs !! n
where fibs = 0 : scanl (+) 1 fibs

-------ethelred, im on your side,
dare to */hack?
frajo
not rated yet Dec 11, 2010
This is part of what makes creating a good universal OS so challenging
Who really needs a universal OS? One can have it all with a fast LAN, a KVM switch, and some kind of VNC. eCS for secure networking, AMP servers, and development, fedora for media access, and - if needed - some MS product for gamers.
Ethelred
2.3 / 5 (3) Dec 11, 2010
Who really needs a universal OS?
Non-geeks.

In other words most of the people using either Windows or Mac OS. Even some complete nerds that used slide rules when younger(not quite myself as I AM willing to use multiple OSs).

Ethelred
frajo
not rated yet Dec 11, 2010
Who really needs a universal OS?
Non-geeks.

Non-geeks don't need ssh, ftp, html, mysql and other kinds of servers. Neither do they need development machines.
Thus: Non-universal OSs.
Ethelred
2 / 5 (4) Dec 11, 2010
Non-geeks don't need ssh, ftp, html, mysql and other kinds of servers.
That looks like you are claiming that non-geeks don't need the internet. Which would make the net a much less interesting place because the geeks wouldn't be able to make enough money to buy new hardware.

Neither do they need development machines.
Thus: Non-universal OSs.
Which is NOT the same thing as NO ONE needs a universal OS. When people buy a program they don't really like worrying about whether it will work with THEIR PC. They just want the program to work. Which means they need an OS that can run everything they want to buy. Kind of hard to that if they have to run five different machines with even more OS's running on them.

Ethelred
Jerseyfoo
1 / 5 (1) Dec 12, 2010
My point was, by sarcastically saying "we should burn our computers then", is that your computer is constantly doing things you do not explicitly give it permission to do. Even if you were a master programmer you would not be aware of everything your machine is doing in a typical setting.

As most of you are far from master, the kind who would give this article a good rating, you really have no idea of all the things your computer is doing and not asking you. Why draw the line before checking if you visited a particular site recently? Why is that so heinous?

Did you know JavaScript can also be used to force you to participate in a DDoS. It can be used to redirect you to malicious sites. These are not vulnerabilities, these are FUNCTIONALITIES, because there is much good that comes with the bad. And when you kill functionality over BS like this article, you kill a lot of the good too.
Jerseyfoo
not rated yet Dec 12, 2010
Cont:
Where do you draw the line? Just wait for news articles to scare you and control you like this one here?

I hope my redundant angry rant above was dumbed-down enough for you to understand. I find it rather offensive that Ethelred's comments have a better rating.
Skeptic_Heretic
not rated yet Dec 12, 2010
This is part of what makes creating a good universal OS so challenging
Who really needs a universal OS? One can have it all with a fast LAN, a KVM switch, and some kind of VNC. eCS for secure networking, AMP servers, and development, fedora for media access, and - if needed - some MS product for gamers.

Or you could buy windows server and have 99% of that covered through running applications, lowering hardware costs and gainiing a higher level of standardized support.

Think of it this way, you and I can build a house because we have a standard of measurement. What the hell would the house look like if we didn't?

Unless you have a 4 inch wide hand, 14 inch long foot and 6,7" from fingertip to fingertip we're not going to have an acceptable house as you're not me and "guesstimating" creates shoddy tolerances.

MS is a closer fit to standardization than any other company when it comes to an OS, it allows international communication that wasn't easily done.
Ethelred
2.6 / 5 (5) Dec 12, 2010
Why draw the line before checking if you visited a particular site recently? Why is that so heinous?
Checking to see a DIFFERENT site requires the use of my PC without my permission. How about I come over to YOUR house and use you kitchen to eat your food without even leaving a note? My PC your kitchen you clearly don't see any ethical with the first so I can't see any the second. At least in regards to YOUR kitchen
Did you know JavaScript can also be used to force you to participate in a DDoS
Did you know that No-Script stops that sort of stuff as do most AV programs these days
And when you kill functionality over BS like this article, you kill a lot of the good too
Ask for permission. That is the difference between hacking my PC, which IS ILLEGAL, and performing a service.
I find it rather offensive that Ethelred's comments have a better rating
That is because you are advocating hacking people's PCs and I am pointing out that it is not ethical behavior.

Ethelred
Skeptic_Heretic
not rated yet Dec 12, 2010
frajo,

The PC is something that should be easy enough for everyone to use, and as complex as we want it to be. For that to happen, we'll always have multiple OS'es of multiple kind, to suit each want.

Simple people need the internet too.
Jerseyfoo
1 / 5 (2) Dec 12, 2010
Ethelred,

You're an idiot.

your computer is constantly doing things you do not explicitly give it permission to do. Even if you were a master programmer you would not be aware of everything your machine is doing in a typical setting.


Ethelred
1 / 5 (2) Dec 12, 2010
Ethelred,

You're an idiot.
A stunning refutation, full of brilliant logic, evidence and well reasoned propositions.

That was actually a stupefyingly foolish post. It is a standard surrender to superior reason and logic.

I thank you for that clear surrender.

Now take it one step farther and scarper off into the same place spammers go after being found out.

Ethelred
Jerseyfoo
1 / 5 (2) Dec 13, 2010
Your 'points' are either ridiculous or irrelevant. You're either trolling or an idiot, regardless, there's no point in continuing with you as any sort of debate is impossible.

"Checking to see a DIFFERENT..." - ridiculous, irrelevant.
"Did you know that No-Script..." - out of context.
"Ask for permission..." - ridiculous.
"That is because you are advocating hacking people's PCs..." - lie.

You're lacking the ground work, I'll try once more, read carefully.

-- Computers do millions of things without asking you. --

What matters is where you draw the line, and no one is providing logic for drawing the line anywhere.

Additionally, you could say by requesting a website you are giving permission. By installing your browser, you are giving permission. This entire concept is a different realm of issues.

Should mailboxes be wielded shut? Trading freedom for security, thats the issue here.
Ethelred
2.3 / 5 (3) Dec 13, 2010
1/2
Your 'points' are either ridiculous or irrelevant.
Your points are based on personal greed, mine on the article and ethics.
You're either trolling or an idiot, regardless, there's no point in continuing with you as any sort of debate is impossible.
I think that was remarkably clear, even if accidental, view of yourself. Newbie.
"Checking to see a DIFFERENT..." - ridiculous, irrelevant.
Self serving, it is relevant. Indeed it is what the article is about.
"Did you know that No-Script..." - out of context.
Idiotic remark since it is in the context of you false claim that I can't control things.
"Ask for permission..." - ridiculous.
Why do you think that? Other than your greed that is.
"That is because you are advocating hacking people's PCs..." - lie.
Bull. Using my PC without my permision IS hacking.
You're lacking the ground work, I'll try once more, read carefully.
Clueless newbie you have no idea.

More
Ethelred
2.3 / 5 (3) Dec 13, 2010
2/2
-- Computers do millions of things without asking you. --
Not mine. Except when there are bugs.
What matters is where you draw the line, and no one is providing logic for drawing the line anywhere.
I did. It is MY PC. What goes on with does so with MY permision. I control the reset button. I control the power button. I control the connection.
Additionally, you could say by requesting a website you are giving permission.
You could say a lot of equally false things.
By installing your browser, you are giving permission
To the Browser, not the hacker.
This entire concept is a different realm of issues.
Get a clue on ethics.
Trading freedom for security, thats the issue here.
No. Spying is the issue. There is no need for me to trade. That is why No-script IS relevant.

Ethelred

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.