DrDoc
msg:3094742 | 8:29 am on Sep 24, 2006 (gmt 0) |
That is quite interesting and clever! The "vulnerability" is somewhat limited, although the privacy issue is the more disturbing, especially depending on sites employing such techniques. Common browser behavior (which fulfills a purpose like it should) ... and now that can be used in an exploitatious manner. Talk about being stuck between a rock and a hard place. Great find!
|
wildbest
msg:3094869 | 2:27 pm on Sep 24, 2006 (gmt 0) |
Excellent find! | ... for example one could check if the visitor was at competitor site, etc. |
|
However, that also means I have to place a link on my site pointing to competitor site... helping competitor rank higher on SERPs! It would be quite nice if competitors place links on their sites pointing to ours! :)
|
moltar
msg:3094997 | 4:40 pm on Sep 24, 2006 (gmt 0) |
| However, that also means I have to place a link on my site pointing to competitor site... helping competitor rank higher on SERPs! |
|
You can: (a) cloak it, (b) insert it dynamically with JavaScript.
|
DrDoc
msg:3095081 | 6:40 pm on Sep 24, 2006 (gmt 0) |
The examples above utilize JavaScript to insert the links. You can even insert it dynamically that way inside a hidden div.
|
wildbest
msg:3095126 | 7:10 pm on Sep 24, 2006 (gmt 0) |
Whatever you do, you can not show the link to visitor's browser and hide it from search engines, because search engines very often visit your site as simple visitors!
|
skipfactor
msg:3095165 | 8:33 pm on Sep 24, 2006 (gmt 0) |
Wow, so my paranoid habit of hitting competitors from a clean tab/window was healthy after all.
|
DrDoc
msg:3095176 | 8:44 pm on Sep 24, 2006 (gmt 0) |
That depends on your browser settings. I have all my browsers set to clear the cache and history upon exit. But, otherwise a clean browser session may not matter, if the history (and thereby also "visited links" status) hasn't expired.
|
Hanu
msg:3095523 | 4:07 am on Sep 25, 2006 (gmt 0) |
You can't see WHICH sites have been visited but WHETHER a particular site was visited. You could of course create a huge page with links to many sites. But still, how useful is that?
|
DrDoc
msg:3095617 | 7:21 am on Sep 25, 2006 (gmt 0) |
Yes, it is probably important to make that distinction, to avoid confusion. Nevertheless -- it arises concerns since that information is still available and can be abused.
|
moltar
msg:3095939 | 2:15 pm on Sep 25, 2006 (gmt 0) |
| You can't see WHICH sites have been visited but WHETHER a particular site was visited |
|
I'd clarify this even further. Not a SITE, but a URL. For example, if a visitor visited a: http://www.example.com/green-widget.html but you are checking against the (create the link to): http://www.example.com Then you will not get a positive answer, because the visitor might have entered the site through a deeper page, and never visited the homepage.
|
a123456
msg:3096096 | 4:05 pm on Sep 25, 2006 (gmt 0) |
You don't even need Javascript, if you are willing to put the links directly in your HTML. A background image set on a:visited will do the tracking for you.
|
DrDoc
msg:3096120 | 4:17 pm on Sep 25, 2006 (gmt 0) |
Not really, since it would not tell you _which_ URLs have been visited.
|
Tastatura
msg:3096795 | 12:42 am on Sep 26, 2006 (gmt 0) |
Granted I could of used different words to present the topic (site vs URL, etc), and probably would if I was to do it again (so point taken). However to me, potential privacy issues (as DrDoc already pointed out) that can arise from this are unsettling – basically data is easily obtainable and could be used for all kinds of purposes. Just to name the few that are already mentioned in the links from the original post: -phishing attacks : malicious website can figure out which bank you are using ( and try to obtain your credentials using methods which are outside of the scope of this post). One only needs to figure out what is login URL, and check against that. Same/similar goes for webmail services, etc. and most other sites that require authentication. -Profiling (very simplified case intended as an example only): health insurance company can try to figure out if you visited some sites regarding particular illness, etc.
Those are some of few basic examples – a little bit of imagination can provide more interesting (or disturbing) case scenarios. I am not trying to make huge deal out of this but before I stumbled onto it I was unaware of it - perhaps good deal of people here were aware so this is not news to them.
|
lstrand
msg:3100351 | 12:28 pm on Sep 28, 2006 (gmt 0) |
WildBest,
If you use rel no follow on the links you should be ok with most search engines and not passing that valuable vote. Best Regards
|
|
