Oh yeah, that would work
I came across Social History (code) today. In a nutshell, its a javascript plugin that allows you to see what social bookmarking sites each of your users visit. It removes the need of having to display a link to every social site on each of your pages. If a user doesn’t visit digg, don’t waste his screen space with a digg icon. Its a simple idea, it makes sense, and its genius.
More interesting, is how it works. It builds a list of links and puts them on the page somewhere, hidden, so the user cannot see them. Links that you have not visited are in blue, and links you have visited are in purple. The javascript then loops through all the links, and if a social bookmark site has a purple link, it knows you have visited it in the past.
Its nice to see this code being used in a productive way, but there is a pretty large privacy flaw that this code can easily start to abuse. Instead of tracking social bookmarking sites, it could be used to track sites you wouldn’t want anyone tracking, for example online banking sites, facebook pages, porn sites, and whatever else you want to keep private.
The good news is that it can only find the pages you have visited by asking your browser if you have visited a specific page. So in order for it to grab your entire history, it would have to ask your browser about each web page on the Internet, one by one. The bad news is that someone could pretty easily compile an extensive list of private web pages.
Personally, I say we patch this flaw. Lets stop displaying visited links in purple, unvisited links in blue. In other words, kill off a:visited. This is a pretty bold statement to make, but the security benefit outweighs the usability benefit in this scenario for me personally. It probably does for you too, when was the last time you went to a website and 1) saw the blue/purple links, and 2) thought ‘Oh good, I know which links of this site I’ve clicked and which ones I haven’t'? For me, that would be somewhere around 1999.
So yes, remove the a:visited property.
You still play tha internet polkas? Do you have some sort of graph or possibly a picture of you with a bottle of Cristal that we can see?
“So yes, remove the a:visited property.”
I think an even nicer solution is providing a checkbox in the browser preferences for “Allow JavaScript to read the a:visited property” in a similar way to “Allow JavaScript to change the statusbar text, move the window, open new windows etc.”. I’d love to see more of these sort of options, at the moment they really just cover the basics that 100% of people will be annoyed by.