Who spies on your browsing history?

We've written before about the security vulnerability that allows websites to sniff your browsing history. A paper from UC San Diego computer science department researchers, "An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications," surveys which websites use this invasive technique against their users. YouPorn tops the list, but PerezHilton, Technorati, TheSun.co.uk, and Wired are also spying on their users' browsing habits by exploiting this vulnerability.

So I checked in with Interclick. Interclick explained that it deployed the script on websites around the Web over a limited period, from March to October, to test the quality of data sets it had purchased. "Interclick purchases anonymous audience data from several vendors for the purpose of targeting advertising campaigns. Consequently, it has a number of quality control measures in place to understand the quality and effectiveness of this data. The code observed in the paper was a quality measure being tested," said Interclick in a statement to me.

I asked Interclick to explain and got some interesting insight into how the data purchasing market works. Interclick buys user targeting data on websites such as BlueKai, Bizo, AlmondNet, Datalogix and Exelate. The data sets supposedly represent a group of particular users, like Sports Enthusiasts or Industrial Equipment Shoppers. But Interclick needs to know that it's getting what it paid for, so that its ads are more effective, so it has a series of quality control measures. The researchers happened upon one of those quality control tests.

Firefox's "Private Browsing" facility appears to be proof against this attack, for what it's worth.


Update: Sid Stamm from Mozilla adds, "Firefox 4 will include a protection against this for both modes public
and private (the 4.0beta versions already have this feature)."

History Sniffing: How YouPorn Checks What Other Porn Sites You've Visited and Ad Networks Test The Quality of Their Data

(via JWZ)

(Image: What the Internet Knows About You vs my browser history)