Ferociously Anticipated Queries

Q: What can I do to prevent my browser history from being inspected by websites?

A: Please see our solutions page.

Q: I am a human rights campaigner in China, should I be concerned?

A: With the described technique, it is relatively easy to check if you've visited "inappropriate" political content or had access to sensitive documents (see our Wikileaks test). We do not believe any filtering software is implementing the techniques we're employing. It may very well do so tomorrow.

Q: I use Tor/anonymizing proxies/OpenBSD, so I am secure!

A: This is not a question. Also, no. By themselves, Tor and proxies only hide your endpoint address from the website you visit, but otherwise allow you to interact with the website as usual (they wouldn't be too useful otherwise). All the tests on our site should work normally; try them.
Update: We've learned that at least one Firefox Tor extension (Torbutton) disables rendering of :visited styles, and thus folis this history sniffing technique, when Tor is enabled (kudos to the developers for thinking about this). To learn more, read the Torbutton design documentation.

Q: I am a very popular conservative politician. Also, I do like visiting adult websites. Should I be concerned?

A: With this technique it is theoretically possible to discover your carefully hidden second face. This, of course, provided that we can tie your browsing habits with your real identity (which is possible, in principle -- especially in an attack specifically targeted against you).

Q: Do Google/Yahoo/Microsoft use this technique?

A: No, why would they? What if? Are you concerned?

Q: You guys know that people have done things like this before, right?

A: Yes, we're well aware of the almost ten-year-old history of this issue (see our list of references). However, rather than just show a cute proof-of-concept of this technique (yawn), we decided to write a full webapp to demonstrate the actual severity of the issue in order to prod browser vendors to reevaluate its importance (check out our about page.

Q: Pfeh, you didn't detect my Google search queries. This site is useless.

A: That's true; our search query detection algorithm only looks at a small number of popular lowercase search terms (try searching for michael jackson on Bing, for example). We hope to detect one or maybe two search engine queries from your history to show that it's possible, and not keep you on our site for 10 minutes. But unfortunately is quite simple to extend the test and scan hundereds of thousands of search terms to learn more about your search habits.

Q: I use Lynx/Links/w3m/telnet as my primary browser, beat this!

A: You are certainly secure and cool. We'll make a note that our approach breaks down for 40-year-old bearded guys living in their parents' basement.