Links to attempt snooping

Explanation

This page tries to detect whether a browser is vulnerable to a privacy attack: checking whether a page has been visited by detecting the different rendering of visited and unvisited links.

There are four checks, of increasing obscurity:

1. Check the color of the "a" element itself. On this page, unvisited links are blue (#0000ff) and visited links are slightly less blue (#0000fe). Probably inpossible to see with the naked eye, but obvious to a computer.
2. Check the color of an embedded "span" element. The color property is inherited, so the embedded "span" element has the same color as the surrounding "a" element. This also shows that merely making the color of a link element unreadable is not a solution.
3. Check the padding of the embedded "span" element. An unvisited link has padding-right:1px and margin-right:0px. A visited link swaps these. There is no visible difference, but the computer has no eyes, it just compares 0 to 1.
4. Check the background color of the following "span" element. Like the color of the link, it differs only by one point of blue between spans following a visited and an unvisited link. This doesn't work in IE because of its lacking CSS2 support.

Last modified: Sat Jun 11 16:50:04 Romance Daylight Time 2005