| 8:29 am on Sep 24, 2006 (gmt 0)|
That is quite interesting and clever! The "vulnerability" is somewhat limited, although the privacy issue is the more disturbing, especially depending on sites employing such techniques.
Common browser behavior (which fulfills a purpose like it should) ... and now that can be used in an exploitatious manner. Talk about being stuck between a rock and a hard place.
| 2:27 pm on Sep 24, 2006 (gmt 0)|
|... for example one could check if the visitor was at competitor site, etc. |
However, that also means I have to place a link on my site pointing to competitor site... helping competitor rank higher on SERPs!
It would be quite nice if competitors place links on their sites pointing to ours! :)
| 4:40 pm on Sep 24, 2006 (gmt 0)|
|However, that also means I have to place a link on my site pointing to competitor site... helping competitor rank higher on SERPs! |
| 6:40 pm on Sep 24, 2006 (gmt 0)|
| 7:10 pm on Sep 24, 2006 (gmt 0)|
Whatever you do, you can not show the link to visitor's browser and hide it from search engines, because search engines very often visit your site as simple visitors!
| 8:33 pm on Sep 24, 2006 (gmt 0)|
Wow, so my paranoid habit of hitting competitors from a clean tab/window was healthy after all.
| 8:44 pm on Sep 24, 2006 (gmt 0)|
That depends on your browser settings. I have all my browsers set to clear the cache and history upon exit. But, otherwise a clean browser session may not matter, if the history (and thereby also "visited links" status) hasn't expired.
| 4:07 am on Sep 25, 2006 (gmt 0)|
You can't see WHICH sites have been visited but WHETHER a particular site was visited. You could of course create a huge page with links to many sites. But still, how useful is that?
| 7:21 am on Sep 25, 2006 (gmt 0)|
Yes, it is probably important to make that distinction, to avoid confusion.
Nevertheless -- it arises concerns since that information is still available and can be abused.
| 2:15 pm on Sep 25, 2006 (gmt 0)|
|You can't see WHICH sites have been visited but WHETHER a particular site was visited |
I'd clarify this even further. Not a SITE, but a URL. For example, if a visitor visited a: http://www.example.com/green-widget.html
but you are checking against the (create the link to): http://www.example.com
Then you will not get a positive answer, because the visitor might have entered the site through a deeper page, and never visited the homepage.
| 4:05 pm on Sep 25, 2006 (gmt 0)|
| 4:17 pm on Sep 25, 2006 (gmt 0)|
Not really, since it would not tell you _which_ URLs have been visited.
| 12:42 am on Sep 26, 2006 (gmt 0)|
Granted I could of used different words to present the topic (site vs URL, etc), and probably would if I was to do it again (so point taken). However to me, potential privacy issues (as DrDoc already pointed out) that can arise from this are unsettling – basically data is easily obtainable and could be used for all kinds of purposes. Just to name the few that are already mentioned in the links from the original post:
-phishing attacks : malicious website can figure out which bank you are using ( and try to obtain your credentials using methods which are outside of the scope of this post). One only needs to figure out what is login URL, and check against that. Same/similar goes for webmail services, etc. and most other sites that require authentication.
-Profiling (very simplified case intended as an example only): health insurance company can try to figure out if you visited some sites regarding particular illness, etc.
Those are some of few basic examples – a little bit of imagination can provide more interesting (or disturbing) case scenarios.
I am not trying to make huge deal out of this but before I stumbled onto it I was unaware of it - perhaps good deal of people here were aware so this is not news to them.
| 12:28 pm on Sep 28, 2006 (gmt 0)|
If you use rel no follow on the links you should be ok with most search engines and not passing that valuable vote.