At the UC San Diego Deptartment of Computer Science and Engineering, a group of computer science researchers recently conducted a study that found popular Websites exploiting a "browser bug" to obtain histories of visitors' online activities.
The study shows that sites hosting porn, news, finance, games, movies and sports content all use the bug mostly for advertising purposes, though some sites also check "to see if users are patronising rivals," the BBC reports.
The study (PDF) examined 50,000 of the world's most popular websites. Of those, "485 sites [were found to be] using this [bug] to get at browser histories, 63 were copying the data it reveals and 46 were found to be 'hijacking' a user's history," the BBC writes.
Switched.com lists YouPorn, Perez Hilton, PixMac, Morningstar and Wired among the offenders exposed by the study.
Here's how the browser bug works, according to Switched:
The bug extracts browsing information via a color-changing mechanism that many browsers use to mark sites that you've already visited. A script on YouPorn, for example, would exploit the privacy leak to check which other links to porn sites have already been changed to purple (meaning that you've already clicked on them). "Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows," the researchers wrote.
After UC San Diego released the report, Forbes discovered that YouPorn, PixMac and others had deliberately exploited the browser flaw. On the other hand, some sites claimed they were not intentionally tracking their users, despite the UC San Diego report. Forbes's Kashmir Hill, noticing that several sites were running the same or similar codes, traced the mysterious scripts back to three advertising networks.
The BBC notes that the bug does not affect users who surf the Web via Chrome and Safari browsers. Firefox was previously susceptible, but the most recent update has reportedly fixed the bug. Internet Explorer is still vulnerable, though users can protect themselves by enabling InPrivate Browsing, writes Forbes.