Answers in Genesis website hijacks web history!

[Minimalist]

What is the purpose of porn?

Gives pervert priests sometihng to do when they aren't sodomizing children.

[Anomalocaris]

What is the purpose of porn?

Your god must have delegated your creation to a castrato that made it into heaven.

[Tiberius]

What's the harm in gathering information about your audience.

It's a violation of privacy.

[Regens Küchl]

What is the purpose of porn?

Well, it's more fun than the bible, and less bloody.

What about Kiddie-porn, Sado-Maso-porn and Snuff-porn ?

[Anomalocaris]

What is the purpose of porn?

Well, it's more fun than the bible, and less bloody.

What about Kiddie-porn, Sado-Maso-porn and Snuff-porn ?

We have the bible for that.

[tackattack]

@Chuck, pretending to benefit and actually providing a benefit are 2 separate things. Does current religious belief offer no positive benefits at all?

@Adrian, This is how I see it. When I get on the web it's the same as me going down the street to a coffee shop or driving to the store. People can film me and follow me there. Just because my computer is in my home, doesn't mean I can eschew responsibility for where I go on it. I think, like many things,it boils down to intent. If people are tracking you via web or in real life with the intent to harm you or steal from you then it's invasion of your personal safety (not privacy). If people are just trying to determine whether you're legit or to market something for me.. why not, it's been done for years, why make it illeal now? I think those who hide behind anonimity or believe that where they go on the web is private are deluding themselves. (And that's coming from a Christian I should know delusion right!)

[Tiberius]

@Adrian, This is how I see it. When I get on the web it's the same as me going down the street to a coffee shop or driving to the store. People can film me and follow me there. Just because my computer is in my home, doesn't mean I can eschew responsibility for where I go on it. I think, like many things,it boils down to intent. If people are tracking you via web or in real life with the intent to harm you or steal from you then it's invasion of your personal safety (not privacy). If people are just trying to determine whether you're legit or to market something for me.. why not, it's been done for years, why make it illeal now? I think those who hide behind anonimity or believe that where they go on the web is private are deluding themselves. (And that's coming from a Christian I should know delusion right!)

I understand that, but bear in mind this is my field of study (information security / privacy), and we have very good criteria for what a violation of privacy is. In short, I would define it as "any attempt to access personal material that is not usually publicly available". The history in your browser is supposed to be private, and remain on the browser only (until deleted by the user). Any attempt to gain access to the contents of the history is a violation of privacy, and it doesn't matter if this is done via some automated script (as is the case here), or by someone directly accessing your browser when you leave your computer unlocked.

It may be true that those who think that where they go on the web is private are deluding themselves, but that doesn't mean what they believe shouldn't be the standard we aim for. Indeed, in recent years many browsers (notably Firefox and Chrome) have made steps to make the web more private. So called "private browsing" is not vulnerable to the attack that was outlined in the paper I posted.

[tackattack]

Why is it that the information in the history of your browser supposed to be private? Wouldn't that be the same as someone following you around for a few days finding out what store you shopped at. Yes it's creepy, but how is where you go in any way private? If I put a camera on every car and then designed a program that compiled all of that video and did facial recognition to get a detailed list of which faces went where and when, would that be in violation?

[Tiberius]

Why is it that the information in the history of your browser supposed to be private? Wouldn't that be the same as someone following you around for a few days finding out what store you shopped at. Yes it's creepy, but how is where you go in any way private? If I put a camera on every car and then designed a program that compiled all of that video and did facial recognition to get a detailed list of which faces went where and when, would that be in violation?

Comparing the gathering of web browser history to following someone around to see which shops they go to would be valid if web browsing was purely a recreational activity. It is not however, since many things we do online are supposed to be secure, the big example being online banking.

Consider a site that knows your email address (which is not unusual, given that most of us enter it when we register), and records which banking websites you visit by using the attack outlined in the paper. A clever attacker could now launch a phishing attack on you, by sending you an email claiming to be from your bank, and directing you to a page which looks exactly like your bank should look. A flaw in SSL handling in some popular browsers (http://thoughtcrime.org/papers/null-prefix-attacks.pdf) means that this can be done in a very convincing way. Once you log in, the attacker has your username and password, and full access to your bank account.

This kind of attack could work on any site that contains sensitive data about you, ranging from Amazon to PayPal, or even to Facebook. So really, if you want a good comparison, it would be a criminal following you around wherever you went, looking at what PIN number you use when you access your bank, and then stealing your bank cards.

Privacy on the web is very important, not just because it is a civil liberty, but because it is becoming much easier to commit crimes online than it is in the "real world".

[tackattack]

I agree completely that the ease of criminal activity is perpetuated in VR, but I'd like to point out something in your comparison. " it would be a criminal following you around wherever... " presupposes the intent of the phisher again. I think we both agree that the websites that proved SSL security should be more proactive and do a far better job of protecting people's privacy. However none of that is anywhere close to finding out what sites you went to in your browser history, which IMO, is just as public as walking down the street. Now maybe secure sites shouldn't be tracked in browsing history... that's something that we could talk about.