READ THE WHOLE THREAD TO LEARN HOW TO PREVENT THIS, BEFORE CLICKING ANY LINKS !

Ok, I found this pretty hard to believe at first, but apprently there is a Internet Browser hack that can allow others to see
your browser history. The hack relies on comparing link color (link color changes after you visit a site usually) against a list of known websites.

If the link color is different than the default, it means you have visited that site. You can read more about it here: http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html

Anyway, apparently there is a site that lets you use this hack to find out what porn sites your friends/visitors have been looking at. So if you feel like messing with someone, check this out:

Porn Catcher (http://caughthemwatching.com/)

http://caughthemwatching.com/

or a youtube video about it http://www.youtube.com/watch?v=3t7-MKVbncw

A first post with 4 links is generally a good indication of a cunt, and one is left to wonder why that cunt thinks people would be moronic enough to click any of those links.

Are you a cunt at all.

OMG someone has posted something almost identical elsewhere. What's the chances of that.

http://www.tapecity.org/showthread.php?p=199550

Ok, I found this pretty hard to believe at first, but apprently there is a Internet Browser hack that can allow others to see
your browser history. The hack relies on comparing link color (link color changes after you visit a site usually) against a list of known websites.

If the link color is different than the default, it means you have visited that site. You can read more about it here: http://jeremiahgrossman.blogspot.com...ouve-been.html

Anyway, apparently there is a site that lets you use this hack to find out what porn sites your friends/visitors have been looking at. So if you feel like messing with someone, check this out:

Porn Catcher

http://caughthemwatching.com/

or a youtube video about it http://www.youtube.com/watch?v=3t7-MKVbncw
skistar668 is offline Reply With Quote

Ban the prick now Cabalo, do something useful ffs.

He's also jackflash333 (http://filesharingtalk.com/vb3/members/jackflash333-242437)so I'm assuming that he is either getting something for posting links or he's phishing IPs.
(http://filesharingtalk.com/vb3/members/jackflash333-242437)

Ban the prick now Cabalo, do something useful ffs.
Idol beat me to it :(
As a bonus, this indeed works and some torrent sites use it in their code, especially the gazelle ones, where it comes installed by default, you just have to add sites to the list.

To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described here (http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/).

you just have to add sites to the list.

Famous cheater boards, for example :cool: Or T-I.


To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described here (http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/).

You're forgetting something... even if you disable JavaScript and HTTP referers, you can still get caught via the CSS flavor of the attack. To prevent that, you need to use an anti-leak custom stylesheet, except on Firefox, where simply disabling history is enough to prevent the attack.

Ban the prick now Cabalo, do something useful ffs.
Idol beat me to it :(
As a bonus, this indeed works and some torrent sites use it in their code, especially the gazelle ones, where it comes installed by default, you just have to add sites to the list.

To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described here (http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/).
Why are torrent sites using this? :unsure:

There are certain forums they don't carry on well with.

Idol beat me to it :(
As a bonus, this indeed works and some torrent sites use it in their code, especially the gazelle ones, where it comes installed by default, you just have to add sites to the list.

To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described here (http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/).
Why are torrent sites using this? :unsure:
Some sites want to know if the users visited certain links, and FST is at some of those. It can be used to trace recent trades or even public giveaways. I've discussed this at TC, if you remember.


Famous cheater boards, for example :cool: Or T-I.


To avoid this, use noscript to avoid the java attempt, and also change a firefox setting, as described here (http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/).You're forgetting something... even if you disable JavaScript and HTTP referers, you can still get caught via the CSS flavor of the attack. To prevent that, you need to use an anti-leak custom stylesheet, except on Firefox, where simply disabling history is enough to prevent the attack.
Could you post the css stylesheet? I remember reading about that at your forum, but I've no idea where I can find it any more.

Could you post the css stylesheet?

Here you are:

a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}

Thank you!
How should the file be named and where should it be placed ?

For Firefox, the file must be called userContent.css and goes inside this folder:

%appdata%\Mozilla\Firefox\Profiles\xxxxxxxx.default\chrome

Opera users have to follow a slightly different procedure:

Save it [the stylesheet] somewhere (can be any folder; I chose %programfiles%\Opera\styles) as user.css. You must enclose the filename between quotes in Notepad, or else it'll save it as a TXT file.

Open Opera, and go to View -> Style -> Manage Modes.

Click on the Display tab, then "Choose..." your stylesheet. Go to the directory where you located user.css and select it. Now go to the Presentation Modes tab and make sure the "My style sheet" checkbox is ticked for both modes.

Note: if you have set custom preferences for sites in the past, this tweak may not apply for those. You should go to Tools -> Preferences -> Advanced -> Content -> Manage Site Preferences, highlight a site, click on Edit, then go to the Display tab and make sure your stylesheet is being used at the bottom. Repeat this for every site you've set custom preferences for.

Could you post the css stylesheet?

Here you are:

a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}

The theory behind this is one the the smartest, yet simplest hacks that I've ever seen. :)



Some sites want to know if the users visited certain links, and FST is at some of those. It can be used to trace recent trades or even public giveaways. I've discussed this at TC, if you remember.
Right, I thought you were talking about reading the referrer header.

The theory behind this is one the the smartest, yet simplest hacks that I've ever seen. :)

Yes, and it took us a while to find out this is what trackers were using. In the meantime, their staff took advantage of the confusion and would tell they'd have hacked my board and thus got all the IPs they needed to disabled users on IRC... :huh:

Now I look back at those times and laugh :lol: (Even though I wasn't so amused when I lost my What.cd and BCG accounts)

Here you are:

a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}


i learned about this exploit through http://didyouwatchporn.com/ :P
does the css solution still work? cause i created the usercontent.css and pasted the above code and it still says i visited youporn :naughty: (i deleted it from history first and then revisited it after creating the .css)

i learned about this exploit through http://didyouwatchporn.com/
does the css solution still work? cause i created the usercontent.css and pasted the above code and it still says i visited youporn (i deleted it from history first and then revisited it after creating the .css)

If you notice when you click links they will not change in appearance.
Before you added the css script you would have noticed that it differs before and after you clicked the link. This is what the script stops.

If you want your history to not show up on your own computer then go to
Tools > Options... > privacy (tab on the top) > firefox will: never remember history▼
If you don't want to be caught by www.didyouwatchporn.com download http://noscript.net/?ver=1.9.9.77

links still change color, i guess thats why didyouwatchporn finds me.
i m attaching my userContent.css to see if i m doing something wrong

http://www.sendspace.com/file/fsndz4

does the css solution still work? cause i created the usercontent.css and pasted the above code and it still says i visited youporn :naughty:

The stylesheet only takes care of the CSS "flavor" of the attack. Your history can be easily checked via JavaScript as well. NoScript should fix that.

links still change color, i guess thats why didyouwatchporn finds me.
i m attaching my userContent.css to see if i m doing something wrong

http://www.sendspace.com/file/fsndz4

There is no way in hell I'm downloading a file you put up.

Just open it with notepad and past what it contains here.

It's the exact same one I posted.

He probably didn't disable JavaScript for the history checker, just like it should be done for sites like What.cd.

You could do that in NoScript...

You could do that in NoScript...

Yea, when I clicked that website he linked to the whole page didn't appear with noscript on :P

Owned :pinch:

That's the only bad thing about NoScript, but having the extra protection is quite helpful...

You could also use HistoryBlock, https://addons.mozilla.org/en-US/firefox/addon/8631/

You simply add the sites you don't want people to know about, eg. torrent invite sites, competing tracker sites, whatever, and the history hacks won't work. Remember to clear your history after installing it.

Nice. Thanks for the link.