Using Browser History to Store "Magic" Cookies

Cookies (and "Flash Cookies") are often blocked. So is there another way to identify and spy on website visitors? Some quite unknown way is to use iframes or a series of redirects to pollute the user's "visited pages" history. Most people do not delete it because they use it on news sites. This information can be read via CSS properties: Put links with a known text into an "overflow=hidden" div, use different font sizes for visited and unvisited links, and read the offsetHeight of the divs to see whether the link has been visited or not.

For some reason, this does not work in IE (but works well in Firefox and Opera). Testing visited links works perfectly, but making links visited just does not work (it does in some cases, but I could not find any where it works without user interaction). Does anyone know why this does not work in IE and how to "fix" it?

So, disable Javascript? It helps against this demo, but not in practice, because you can use different images for visited and unvisited links and use this on the server to check which image will be loaded (this demo will not demonstrate that).

Live Demo

Disable cookies, disable everything but Javascript (and don't clear your history), and it will still be possible to use this demo.

Please wait... (You will need Javascript enabled...)


schierlm at gmx dot de