<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d26072374\x26blogName\x3dPr!v4cy+6109\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dSILVER\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://g2rma.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://g2rma.blogspot.com/\x26vt\x3d4286504594958660652', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe", messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER, messageHandlers: { 'blogger-ping': function() {} } }); } }); </script>

Pr!v4cy 6109

Girma Nigusse

Same Origin Policy - Protecting Browser State from Web Privacy Attacks

Wednesday, October 01, 2008

Same Origin Policy - Protecting Browser State from Web Privacy Attacks: "Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. This tracking is possible because persistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a 'same-origin' policy and by designing and implementing two browser extensions that apply a same-origin policy to the browser cache and visited links."

Source: crypto.stanford.edu

This entry was posted on Wednesday, October 01, 2008 at 03:42. You can skip to the end and leave a response.

| Security | Photo | About |

« Home | Next »

"As every man goes through life he fills in a number of forms for the record, each containing a number of questions . .. There are thus hundreds of little threads radiating from every man, millions of threads in all. If these threads were suddenly to become visible, the whole sky would look like a spider's web, and if they materialized as rubber bands, buses; trams and even people would all lose the ability to move, and the wind would be unable to carry torn-up newspapers or autumn leaves along the streets of the city. They are not visible, they are not material, but every man is constantly aware of their existence... Each man, permanently aware of his own invisible threads, naturally develops a respect for the people who manipulate the threads.

—Alexander Solzhenitsyn

Girma Nigusse's
Privacy Blog, Since 2007

Pr!v4cy 6109

Same Origin Policy - Protecting Browser State from Web Privacy Attacks