Certain trackers including x264, bitme and what.cd are utilizing an internet browser exploit to identify people belong to invite giveaway sites like filesharing.The vulnerability is caused by some browsers' implementation ofCascading Style Sheets (CSS). This allows trackers to query yourcomputer and identify which sites you belong to and ban people belong to any other invite giveaway site.

Is your computer vulnerable?

CSS Hack Test (without JavaScript)
CSS Hack Test (with JavaScript)

What can you do to protect yourself?

OPTION 1 - Disable CSS Visited Links [Firefox Only]

* Type "about:config" in the address bar
* Type "layout.css.visited_links_enabled" in the filter list
* Change the default value of "True" to "False" by double clicking it
* Restart Firefox

OPTION 2 - Disable Browser History [Firefox Only]

* Tools --> Clear Recent History
* Tools --> Options --> uncheck "Remember my browsing history"

OPTION 3 - Use a Different Browser for BTRACS

* e.g. Use Firefox for BTRACS and Internet Explorer for Trackers

OPTION 4 - Temporarily Enable Private Browsing

* [Firefox 3.5] Tools --> Start Private Browsing
* [IE 8] Tools --> InPrivate Browsing
* [Chrome] Press Ctrl+Shift+N (Incognito)
* [Safari] Safari --> Private Browsing
* [Opera] Does NOT have a Private Browsing option.

NOTE: You will need re-enable Private Browsing each time you start the browser.

Note: This was not written by me but only minute changes were made.
If my Post was Helpful Please Rep+ Me!

Seems perfectly reasonable since simply belonging to an invite site( which of course doesn't even mean you participate in the invite part or for that matter even post) makes you a security risk or a bad person or something.

Also the stupidity of the whole thing is that in my experience the really bad seeds are the ones most likely to be taking precautions against getting found out by this sort of thing.

Btw seeing as that is your first and only post here I don't particularly believe you anyway. That's my own personal security system.

i know dnt blame you for this .. i knw u cnt trust a newbie
i thought this might help people

Seems perfectly reasonable since simply belonging to an invite site( which of course doesn't even mean you participate in the invite part or for that matter even post) makes you a security risk or a bad person or something.

They aren't only using this against "invite" boards.

This is a copy & paste from T-I and you didn't even add the actual links to the vulnerability tests, but it's the intention that matters :P

Btw seeing as that is your first and only post here I don't particularly believe you anyway. That's my own personal security system.

But those are real. It's a copy paste from anon's site, as said before.
I'd agree with the first part of your statement, though I doubt many will catch the sarcasm there. Are you sure you aren't brit?

Anon you should do them a favor and at least post the version thats on the SBI forums....
The version this clown posted is missing the links as well as other details that were included in yours.

P.S. This isn't anything new as Anon and others are aware.
I have been using this for over 2 yrs...
Just to give you an idea.

But those are real. It's a copy paste from anon's site, as said before.

It's a copy & paste from T-I, which in turn copied it from us. :hooray:

@Melvin: I guess I could...

I use Opera, how can i avoid these trackers from identifying me? :|

http://www.filesharingtalk.com/vb3/showthread.php?t=388923

You don't get banned for visiting a site, you get banned for being a trader. There's a difference ;)

The scary What admins with their 1337 hacking abilities have yet to ban me for posting here... Don't let people scare you into believing that having an account here is a liability. It's what you do with the account here that will get you in trouble.

Any site that wants to ban me for just being a member here (or elsewhere) with no other reason can go ahead and do it. Wouldn't want to be there anyway.

Thanks for the info though...

Even if you have disabled firefox history, you can still be detected for whatever you've visited in the current session...right?

Even if you have disabled firefox history, you can still be detected for whatever you've visited in the current session...right?

Not if you use private browsing CTRL+SHIFT+P

I have nothing to hide. If I were to be banned just for visiting FST, then I wouldn't want to be a member at such a site anyway.

hmm, this could be a reason why i never had invites at bitme, when i asked staff, their answer was that i wasn't "qualified" and nothing could be done about it :)

If I were to be banned just for visiting FST, then I wouldn't want to be a member at such a site anyway.

+1 :yup:

You don't get banned for visiting a site, you get banned for being a trader. There's a difference ;)

The scary What admins with their 1337 hacking abilities have yet to ban me for posting here... Don't let people scare you into believing that having an account here is a liability. It's what you do with the account here that will get you in trouble.
do you feel it's an okay attitude for sites to exploit browsers privacy vulnerability to spy after its users?

That's a topic of ongoing debate, whether the end ever justifies the means and at what point the "protectors" become as bad as the people they are trying to ferret out.
One thing I have personally found is that no amount of debate is ever going to change certain people's views on the subject.

do you feel it's an okay attitude for sites to exploit browsers privacy vulnerability to spy after its users?

I know you're talking to ca_aok, but I'll still reply... I don't find it OK, but it's their tracker and their rules - and What.cd's do state access to their site is a privilege, not a right, and can be taken from you for any reason.

Does it state when you sign up that they are permitted to violate your right to privacy .

Didn't think so.

Does it state when you sign up that they are permitted to violate your right to privacy .

I don't remember, heh.

I've tried to apply the css stylesheet hack (http://filesharingtalk.com/vb3/p-scary-browser-hack-lets-other-see-what-sites-you-visit-post3377215/postcount13) in firefox (as I'd like to at least try and have in-session history if possible) but it doesn't seem to work :(

any ideas?

Am testing on pages like http://ha.ckers.org/weird/CSS-history.cgi and even just random other websites where the vistied links won't top changing color/style :S.

On Firefox you need to create a file with this content:

a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}

And put it inside this folder:

%appdata%\Mozilla\Firefox\Profiles\xxxxxxxx.default\chrome

With the name userContent.css. Also, JavaScript must be disabled, or else sites can use the JS-version of the hack that doesn't even need CSS - NoScript would take care of this. :)

Haha, this is tricky. And it's in fact a violation of the user privacy...
I wonder why browser developers have not fixed it yet. It's not so difficult: they could either remove this useless preference or render the colors in the way any external agent can spies them.

I wonder why browser developers have not fixed it yet.

There's nothing to fix - this hack only exploits a normal feature (link colors) in an unusual way. That isn't useless, after surfing through a lot of links it's easy to forget which ones you've visited or not.

There's nothing to fix - this hack only exploits a normal feature (link colors) in an unusual way. That isn't useless, after surfing through a lot of links it's easy to forget which ones you've visited or not.

If there's a possible "hack" (which can damage the user privacy), then something to fix there is.
An exploit is when you use a particular feature in an unusual way in order to achieve something other than it was expected.
As I stated before, IMO it's not too difficult creating a different behavior for the browser, though I'm not a browser developer.