Snooping search terms from the browser cache with JavaScript

SPI Dynamics has an interesting proof-of-concept page that can snoop your browser’s cache of visited URLs and figure out whether you’ve searched for specific terms on Google. Or rather, I assume it can on some people’s computers… for some reason it always returns “yup, you searched for that” on both Firefox and Safari on my Mac.

Regardless, it’s an interesting attack. It’s based on the fact that your browser changes the color of links you’ve already visited, and sites can determine which style the browser has applied to a link using JavaScript and CSS, thus determining whether a particular URL has been visited or not. This basic concept was described by Jeremiah Grossman’s history extractor at Black Hat his year. SPI Dynamics takes it one step further by probing for the URL corresponding to a set of query terms on the popular search sites. They can’t just get a list of all your searches, but they could in theory troll for a list of interesting search terms, be they names of competing products, porn sites, common illnesses, etc. and then modify the page being displayed based on that information. (Via Google Blogoscoped.)