This issue is nine years old at this point and has been published, republished, and blogged countless times. I yearn for the day it stops wasting space on the front page of news aggregators.

A partial bibliography:

2000:

http://bugzilla.mozilla.org/show_bug.cgi?id=57351

2002:

http://seclists.org/bugtraq/2002/Feb/0271.html

http://bugzilla.mozilla.org/show_bug.cgi?id=147777

2006:

http://portal.acm.org/citation.cfm?id=1135777.1135884

http://portal.acm.org/citation.cfm?id=1135777.1135854

http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-yo...

2008:

http://azarask.in/blog/post/socialhistoryjs/

http://www.mikeonads.com/2008/07/13/using-your-browser-url-h...

One of the coolest uses I've seen of this vulnerability is to look at the users history to only show them the digg/reddit/HN/technorati/etc share links to websites they use.

http://www.azarask.in/blog/post/socialhistoryjs/

https://bugzilla.mozilla.org/show_bug.cgi?id=147777

Wow am I ever not OK with browser security demonstrations that crash my browser.

From the JS, It looks like this is just this old trick:

http://ha.ckers.org/weird/CSS-history-hack.html

I was worried for a brief moment, when I saw my personal site (domain: my username + dot com) show up in the list. I thought: that couldn't be in their list of sites to check for via the visited-link-css-pseudoclass trick, could it? It is! And 99,999 other sites:

http://startpanic.com/db/db_en.txt

As mentioned, this isn't new.

Cute.

So suppose I want to know who my visitors are, but I do not want to resort to underhanded tactis like this. Any ideas on how to get to know my customers yet respect their privacy?

I don't get it. It didn't do anything. It just says this:

[img: Ready now?]

Correct? You bet [...]