Privacy has become the buzzword in the internet world and everyone is talking about it. From the users to the tech companies and even bigger brands who previously were thought to be above the law. Users have now become very serious and concerned about their privacy and they are taking all the possible measure to avoid any breach or mishap. More users are now using blockers and script blockers to stop the JavaScript tracking that is used for tracking the browsing of the users. Although, previously JavaScript was considered as the only way to track the movement of the mouse, however, according to a recent report a newer method has been discovered where the mouse movement of the visitor can be traced by using HTML and CSS only. This means that the already present tracking protection system can be now bypassed by using this process.
Most of the online tracking of the visitor was previously done just via JavaScript, this script was loaded into the websites and the advertisement. With the help of the advertisers and sites, this script helped in tracking how the visitors of the website use a web page and other useful behaviors of the users online. Up till now, users were well aware of the situations and they were using various apps and software to block these scripts, some of the famous software included Adblocker, browser tracking protection including Firefox’s content blocking etc. however, some of the users went as far as to block the JavaScript altogether.
According to a research, JavaScript might not be the only way to track the mouse movement of the visitors, which means thousands of the users who feel secure after blocking the JavaScript might still be at the risk of a privacy breach. Security researcher Davy Wybiral made this shocking discovery and demonstrated this on Twitter. In this demo, he explained how HTML and CSS were being used in order to track the movement of the mouse of every visitor.
Davy used a grid of HTML DIVs to use CSS: hover selector to select a new background image. Although the request is being made, the browser doesn’t show any connection which simply hides everything from the user.
Read next: Google finally revealed its plan to block cross-site tracking in Chrome
Most of the online tracking of the visitor was previously done just via JavaScript, this script was loaded into the websites and the advertisement. With the help of the advertisers and sites, this script helped in tracking how the visitors of the website use a web page and other useful behaviors of the users online. Up till now, users were well aware of the situations and they were using various apps and software to block these scripts, some of the famous software included Adblocker, browser tracking protection including Firefox’s content blocking etc. however, some of the users went as far as to block the JavaScript altogether.
Here's a PoC that confirms my hunch.— davy (@davywtf) May 3, 2019
*Neither* of these windows use JavaScript but the position of the cursor in the left window is sent to the right window. This works on Tor Browser with JS disabled. pic.twitter.com/cnfOy5OkUj
According to a research, JavaScript might not be the only way to track the mouse movement of the visitors, which means thousands of the users who feel secure after blocking the JavaScript might still be at the risk of a privacy breach. Security researcher Davy Wybiral made this shocking discovery and demonstrated this on Twitter. In this demo, he explained how HTML and CSS were being used in order to track the movement of the mouse of every visitor.
Davy used a grid of HTML DIVs to use CSS: hover selector to select a new background image. Although the request is being made, the browser doesn’t show any connection which simply hides everything from the user.
Read next: Google finally revealed its plan to block cross-site tracking in Chrome