The YouTube of smut – YouPorn.com – stands accused of secretly spying on users’ browser activity, known as “history sniffing”, to detect whether they have visited rival websites.
The site uses JavaScript to detect whether visitors have recently browsed PornHub.com, tube8.com and 21 other sites, according to a study by US scientists. It found a total of 46 other offenders, including news sites charter.net and newsmax.com, finance site morningstar.com and sports site espnf1.com.
“We found that several popular sites – including an Alexa global top-100 site – make use of history sniffing to exfiltrate information about users’ browsing history, and, in some cases, do so in an obfuscated manner to avoid easy detection,” the report states. “While researchers have known about the possibility of such attacks, hitherto it was not known how prevalent they are in real, popular websites.”
The 46 sites exploit a widely known vulnerability that currently exists in all production version browsers except of Apple’s Safari, which earlier this year revamped its operating system to combat the threat. Google Chrome, which is based on the same Webkit engine, soon followed.
The study also detected code on sites maintained by Microsoft, YouTube, Yahoo and About.com that perform what the scientists called “behavioral sniffing”. They employ JavaScript that covertly tracks mouse movements on a page to detect what a user does after visiting it.
