If you're like every other ordinary Internet user, you browse the Web incessantly every day and/or night, visiting dozens of websites and blogs each day. When you open up a page you probably expect to get the information you're interested in and then close the browser window or tab, without leaving more than a trace of that fact in the server log. After all, you're not typing in your personal information on just about any website, so why would it know anything about you?

Little do you know, but virtually any website you point your browser to has the ability to look inside your Web browser's history and detemine which websites you visited, allowing it to not only figure out your browsing habits, but also discover your personal preferences. This potentially includes such data as your search engine queries, the location of your and your friends' Facebook or Twitter profiles, your political affiliation, some information about your medical history and other sensitive and private data. The data could also, with a bit of luck, reveal your real name and location. At the very least, it will provide some information about the news websites you frequent and the on-line stores and products you're interested in.

By now you're probably thinking that it's either some kind of a trick, or that there must be a catch making what we're talking about impossible -- otherwise, why wouldn't you have heard about it before? (if you have heard about it, skip this intro and go to our details page). We assure you that this is not the case; the goal of this website is to show you exactly what kind of information can be retrieved from your browser and educate you about the problem.

Before we go into the details, please note that this is not a problem with any particular browser -- the techniques we talk about are a consequence of established Web standards, which are by now implemented in all major browsers (Internet Explorer, Firefox, Safari, Chrome, Opera and others).

How is it possible?

Technical readers please see our details page for more low-level information

For the last ten years, every major web browser has included a standardized, seemingly innocuous capability: marking the links to pages you visited with a different color (usually purple), just like this:

Looks familiar?

By itself it's a useful feature to quickly let us determine which pages we've been to, and navigate through Web pages more quickly. However, as a somewhat separate aspect of their behavior, Web browsers provide webmasters with several mechanisms to inspect the details of their websites, as seen by each user. This means that Web developers can find out such information as the width and height of the browser window, the position of each component of the page, and... the color with which each hyperlink is displayed. Since the color of the link depends on whether you've visited the page to which the link points, any page can figure out if you've been to any website it links to.

All modern websites also provide sophisticated ways of dynamically modifying the contents of Web pages and sending data back to the Internet (enabling the existence of such wondrous Web 2.0 application as Google Maps). By using the same capabilities, it is possible to instantly add thousands of invisible links to a website, determine whether you've visited them and send that information back to the webmaster of the page. This means any website you visit can look through your browsing history and collect information about pages you visited.

What kind of information can be gathered?

In general, it's possible to check if you've visited any given website address (URL), meaning that we can find out if your browser was pointed to any website (for example http://www.bankofamerica.com), any page on a website (http://www.cdc.gov/flu/symptoms.htm), or any other dynamic resource (http://www.facebook.com/people/Your-Friend/2389283433 or http://www.google.com/search?q=your+search+phrase). By cleverly choosing links to send to your browser for checking, it is thus possible to not only determine which websites you frequent, but also various kinds of personal information about you (look us straight in the eye and say you've never googled for your real name).

There are challenges to choosing the right links to check for in your browser, but, as we hope to show you, it is quite simple to figure out much more information about your browsing habits, and about yourself, than you thought was possible.

Oh my !@#%^, how do I turn it off?

Sadly, since the problem isn't an issue with any particular Web browser, but inherently tied to the way the Web works, there are no quick and painless ways to fix this issue. In particular, disabling Javascript and Flash does nothing to prevent this vulnerability. There are, however, things you can do to mitigate the risks to your privacy; please visit our solutions page. You're also welcome to read our detailed technical information or contact us to find out more.