StartPanic ? - Printable Version +- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums) +-- Forum: Proxomitron Filters (/forumdisplay.php?fid=38) +--- Forum: Privacy/Security/Spam (/forumdisplay.php?fid=10) +--- Thread: StartPanic ? (/showthread.php?tid=1367) |
StartPanic ? - Toppy - May. 11, 2009 07:27 PM Hi, I dunno if this has been talked about here, but it seems to be quite easily for a website to get all your website visiting history. http://startpanic.com/ I only tested it with FF 3.0.x, where it is *working* FF 3.1beta with Private Browsing enabled should protect from :visited mishandling. I have no clue if that could be fixed with some kind of filter ? I had to bypass Proxo for the Let's Start! button to work though. Anyway, it is explained here : http://sharovatov.wordpress.com/2009/04/21/startpaniccom-and-visited-links-privacy-issue/ and seems to make use of a predefined database here (1.3 MB big) http://startpanic.com/db/db_en.txt RE: StartPanic ? - sidki3003 - May. 11, 2009 11:48 PM Interesting! (May. 11, 2009 07:27 PM)Toppy Wrote: I have no clue if that could be fixed with some kind of filter ? I don't think so, because - if i got the code correctly - the database links are loaded into a "about:blank" iframe, after inserting this tag: Code: <STYLE>a{color: #000000; display:none;}a:visited {color: #FF0000; display:inline;}</STYLE> Then their "display" style is evaluated and reported back to the main document. Now, Proxomitron scripts or CSS obviously aren't inserted into "about:blank" documents. Quote:I had to bypass Proxo for the Let's Start! button to work though. I had to select "Allow Ad JavaScript" -> "Go" from the Proxomitron menu. RE: StartPanic ? - sidki3003 - May. 12, 2009 11:07 AM ...but you could change the to-be-injected code the hard way. It's also good enough for Gemal's http://browserspy.dk/css-exploit.php . (In JavaScript, however, there is always a way to hide specific code, if someone really wants to...) Without the second line in the Matching Expression the filter is stand-alone. In that case it might match where it shouldn't, though. Code: [Patterns] RE: StartPanic ? - 43unite - Jun. 15, 2009 01:32 AM Just saw this at the Mozillazine forum: http://forums.mozillazine.org/viewtopic.php?f=38&t=1213805&st=0&sk=t&sd=a&start=15 Posted April 26th, 2009, 11:32 am On Windows, I use Proxomitron to filter web pages. Someone wrote a quick Prox filter to defeat that CSS snooping. This is the Prox filter: Code: [Patterns] On Mac OS, I use BFilter to filter web pages. The filter that I added for that is in an extra filter file and is this: Code: [Hide Visited Condition] What do you think? |