“Apple Safari has become the first major browser to be purged of one of the web’s longest-running privacy defects: The ability for any site owner to effortlessly steal a compete copy of your recent browsing history,” Dan Goodin reports for The Register.
“The browser history disclosure leak is as old as the World Wide Web itself, and it afflicted every major browser – until now,” Goodin reports. “Starting with versions released Monday, Safari no longer coughs up the list of websites a user has visited. The change is one of almost 50 security fixes Apple engineers added to versions 4.1 and 5.0 of the browser.”
Goodin reports, “In characteristic Apple fashion, the company buried news of the change at the bottom of this page. We pointed the new Safari version at sites here and here, which exploit the weakness, and neither worked. The attacks succeeded just fine against Google Chrome and Firefox, and one of them succeeded even when Firefox was running the NoScript add-on.”
Full article here.
[Thanks to MacDailyNews Reader “Lava_Head_UK” for the heads up.]
Cool.
Now MDN will not be able to tell that I actually viewed the HTC Incredible video.
Don’t worry folks. iPhone 4 all the way.
Very cool. I did not even know this was happening.
Haha!
I just registered iphone24.com
In 20 years I’m gonna be a very rich man.
Seems like that was a “feature” added to Safari 5. I’d like to turn it off.
@ Switcheroo: Don’t lie. I know you were massively disappointed not to hear Steve Jobs utter the word “Verizon” yesterday.
Thats fine – I’m so sick of SAfaris/Flash/and ClickToFlash – that I’m about to purge Safari in favor of Firefox fulltime.
@Tommy Boy
I would like Verizon as an option but only to advance the iPhone platform. ATT service around here is great. Better than Verizon. Well, okay – I just lied. I have zero bars at my house but no carrier has service here. Okay, I just lied again – I have 5 bars of 3G at my house. As of 6 weeks ago when I bought the ATT MicroCell that is.
@switcheroo
I’ve got zero bars at home, 5 bars pretty much everywhere else.
How is the microcell working for you? Thinking about getting one but don’t want to pay a monthly fee for it. I’d like to hear your thoughts on it.
I wonder if that is what is screwing with my MobileMe bookmark sync.
@Lotus Eleven
The ATT MicroCell has been fantastic for me. I went 14 months with zero bars then immediately had 5 bars of 3G. It was easy to setup and it’s very reliable. I haven’t dropped a call in 6 weeks or had to use my landline.
There are no monthly fees – just the $150 one time cost.
Highly recommended.
@switcheroo
That’s great! I thought there was a monthly fee. Thanks for the comment. I’ll be getting one for sure now. I have a small biz I run from the home and it’s terrible not being able to use my cell
Now if MobileMe would only support personal domain emails I’d be content. Thanks!
Actually, it looks like Safari 5 is also preventing profiling via the Flash plug-in as well. Flash was being used to gather various system setting and being used to profile your browser (panopticlick.eff.org or browserspy.dk). Haven’t tested this 100% yet, but it looks promising. Kudo’s to Apple on fixing this as well.
I had NO idea that other sites could access our browsing histories…
@CitizenX;
While I’m certain you actually *do* enjoy knowing every website you visit tracks your browsing history, the vast majority of us think it’s no one’s damned business what site I last browsed.
Thank you Apple!
I just love the new reader format. Made all the better by learning that I am now even more secure when visiting these sites.
I call the 2011 iPhone model as:
iPhone 4G
(and it will support 4G networks too).
So, history will be:
iPhone
iPhone 3G
iPhone 3GS
iPhone 4
iPhone 4G
Not sure about this one, as I’m using Firefox 3.6.3, and neither site could find a single page :-??
We should be happy about this? How about outraged that it took this long to correct! Not just mad at Apple but all browser makers. It’s been around forever and just now being addressed? Insane!
I forgot what I was gonna write because I got mesmerized by that free cursor banner ad.