Jump to content


Photo

Hide site from browser history

security history secure browsing

  • Please log in to reply
15 replies to this topic

#1 jerseydudek

jerseydudek

    Dedicated Member

  • Members
  • PipPip
  • 125 posts

WDF Reputation

3
Neutral
  • Experience:Intermediate
  • Area of Expertise:Designer

Posted 03 October 2012 - 11:00 AM

Hi,

a client wants me to put a button on their website which enables the site visitor to leave the site immediately and at the same time remove the site's url from the browser history. Is that possible? I've researched it but can't find a good method.

It's got nothing to do with porn!!! Honest.

It is to protect the site visitor. The site is for an organisation which supports victims of domestic violence. If a victim went to the site looking for help and the person who was abusing her searched the browser history and discovered what was happening it may create more problems.

So it's serious stuff.

Thanks.

Blackfoot Hosting

#2 zed

zed

    not a mod

  • Privileged
  • PipPipPipPipPipPip
  • 5,738 posts

WDF Reputation

789
Excellent
  • Gender:Male
  • Experience:Intermediate
  • Area of Expertise:Designer/Coder

Posted 03 October 2012 - 11:36 AM

I could be wrong but I sincerely doubt that any operating system would allow someone to click on a button on a site that can then do things to the person's PC.

IE9 has inPrivate browsing http://browsers.abou...wsing-IE9_2.htm

and Shelter just tell people how to clear their history http://england.shelt...rowsing_history


It's a difficult one, how do you take into account if they are not using a PC platform? What if it's a Mac, a mobile phone, a tablet...

#3 jerseydudek

jerseydudek

    Dedicated Member

  • Members
  • PipPip
  • 125 posts

WDF Reputation

3
Neutral
  • Experience:Intermediate
  • Area of Expertise:Designer

Posted 03 October 2012 - 11:49 AM

I see your point.

Maybe the best answer is a link to a page that explains to the site visitor how to remove the page from their history in each browser.

The problem with that is that some visitors may not be confident or knowledgeable enough to follow those instructions.

Has anyone else got any suggestions?


Thanks anyway Zed.

#4 Fran Haselden

Fran Haselden

    Advanced Member

  • Members
  • PipPipPip
  • 263 posts

WDF Reputation

31
Excellent
  • Gender:Female
  • Location:Canterbury, UK
  • Experience:Beginner
  • Area of Expertise:I'm Learning

Posted 03 October 2012 - 03:31 PM

I see your point.

Maybe the best answer is a link to a page that explains to the site visitor how to remove the page from their history in each browser.

The problem with that is that some visitors may not be confident or knowledgeable enough to follow those instructions.

Has anyone else got any suggestions?


Thanks anyway Zed.


Not really a suggestion (the only way to delete your browser history is to delete your browser history) but a betting site I used once had a button that you could click which launched up a page with lots of boring looking diagrams on it. The idea was that when your boss walked past you could click it and it'd look like you were working at a quick glance.

Perhaps you could suggest implementing something like that? Such as a screenshot of a boring webpage or something that isn't likely to arouse suspicion. Also put the instructions on how to clear browser history on every page in the form of a footer or header, with suggestions to browse incognito (and instructions on how to do that as well for different browsers).

#5 heydanreeves

heydanreeves

    Dedicated Member

  • Members
  • PipPip
  • 160 posts

WDF Reputation

46
Excellent
  • Gender:Male
  • Experience:Beginner
  • Area of Expertise:Designer/Coder

Posted 03 October 2012 - 04:45 PM

CSS-Tricks did a little article on this a little while ago. http://css-tricks.com/website-escape/

These are some interesting points, besides the actual coding of it:

  • Real life site using an escape method.
  • That site hides the entire body when you initiate the escape (e.g.$("body").hide();). This way the hiding happens instantiously instead of waiting for next page to load.
  • Educating users about browsing privately is smart (e.g. Chrome's "Incognito" Mode)
  • Changing the text on the page (e.g. to random stuff pulled from Wikipedia) might be a less noticeable alteration. In case, say, the website being redirected too is too different from the original and may even give off more/less light from the screen.
  • Loading the page in an iframe would prevent additions to browser history, at the expense of usability.
  • If you can detect inactivity, redirect the page automatically after a reasonable amount of time. In case the victim accidently leaves the page open on the computer.
  • Because you can't erase browser history, maybe you should dump a bunch of benign stuff into browser history to bury older stuff.



#6 jerseydudek

jerseydudek

    Dedicated Member

  • Members
  • PipPip
  • 125 posts

WDF Reputation

3
Neutral
  • Experience:Intermediate
  • Area of Expertise:Designer

Posted 09 October 2012 - 01:56 PM

Thank you all for replying.

Fran: I think your method is easily achieved and actually has lots of potential to be funny. So thanks.

But I think the champagne goes to Heydan on this one. Some excellent suggestions there.

Thanks again!

#7 ocorreiododiogo

ocorreiododiogo

    Dedicated Member

  • Members
  • PipPip
  • 117 posts

WDF Reputation

4
Neutral
  • Gender:Male
  • Experience:Nothing
  • Area of Expertise:Nothing

Posted 09 October 2012 - 02:24 PM

There is something http://forums.asp.net/t/1132444.aspx/1
I didn't test this solutions, but it clears the page from the history, and redirects the users to another url. you could put it on all the links of the page for instance.

#8 FizixRichard

FizixRichard

    Advanced Member

  • Members
  • PipPipPip
  • 437 posts

WDF Reputation

57
Excellent
  • Gender:Male
  • Location:Market Deeping, England
  • Experience:Advanced
  • Area of Expertise:Web Developer

Posted 09 October 2012 - 03:24 PM

Personally I would be very surprised if you can wipe an entry out of a users history and if there was a way, whether you can rely on it to stay available to you and whether it would be foolproof across platforms and firewalls.

The solution ocorreiododiogo posted apparently doesn't work on Firefox and like I say above; you can't guarantee that it will always work on any browsers where it does work. It is ultimately taking advantage of a security hole.


I would elect to use discreet URL parameters for individual content and domin names and advise the user to use private browsing. The latter is the only sure fired way of remaining discreet.


ETA:
I'd also add that IMO; given what the OP is trying to do; it would be a bit misguided to clear the users history as that could cause more harm than good.

i.e.
Woman goes to website about domestic abuse as she has a partner who beats her; said site clears history. Man returns from work, sees that the history has been wiped and turns on the woman as he knows she has done something.

Men who beat women (and women who beat men) tend to do it for power and/or paranoia; so in my scenario above the man would more than likely jump to a conclusion of "she's up to no good with other guys" which could provoke a far more severe reaction from the aggressor.

Edited by FizixRichard, 09 October 2012 - 03:35 PM.


#9 MikeChipshop

MikeChipshop

    Small but imperfectly formed

  • Privileged
  • PipPipPipPipPipPip
  • 8,804 posts

WDF Reputation

681
Excellent
  • Gender:Male
  • Experience:Nothing
  • Area of Expertise:Designer

Posted 09 October 2012 - 03:40 PM

The only thing i can think of is an emergency escape method coupled with innocent looking URL's and education about how to clear the single site from the history.

#10 ocorreiododiogo

ocorreiododiogo

    Dedicated Member

  • Members
  • PipPip
  • 117 posts

WDF Reputation

4
Neutral
  • Gender:Male
  • Experience:Nothing
  • Area of Expertise:Nothing

Posted 09 October 2012 - 03:43 PM

@FizixRichard The solution that I posted (i really don't know if it works, as i didn't test) is supposed to only wipe the page itself from the history, not the whole history. But I agree that an explanation on how to do it would be more educative and clear.

#11 FizixRichard

FizixRichard

    Advanced Member

  • Members
  • PipPipPip
  • 437 posts

WDF Reputation

57
Excellent
  • Gender:Male
  • Location:Market Deeping, England
  • Experience:Advanced
  • Area of Expertise:Web Developer

Posted 09 October 2012 - 03:50 PM

Double posting with a possible automated solution. It would probably need a bit of ironing out; if it would even work at all. I still think a manual instruction solution is better.

You can set and read cookies with HTACCESS; therefore what you could do is something like this:


Use HTACCESS to check whether a cookie ("has_used_private_browsing") exists when they type your domain name; if the cookie is present, browse as normal; if the cookie does not exist; assume this is a first visit and direct them to a discreet page via a URL shortner. Before you do this, set a short life cookie ("show_private_browsing").

The page that the URL shortner loads will read that short life "show_private_browsing" cookie; if its valid; show a "private browsing" instruction (discreet, no branding) with a continue when you have done this link; which sets a cookie ("has_used_private_browsing") before forwarding them to the website. If the short life cookie has expired, forward them to somewhere benign so the short URL looks like it was for somewhere else and don't show the private browsing message.

Also, add exceptions to the HTACCESS to search engines don't get caught up.


The question would be; whether within that process, the initial domain name the user typed would enter into the history if you were to redirect straight to the URL shortner; I am not sure off hand.




@FizixRichard The solution that I posted (i really don't know if it works, as i didn't test) is supposed to only wipe the page itself from the history, not the whole history. But I agree that an explanation on how to do it would be more educative and clear.


I read it as deleting all the browsing history, but my point remains that I would not rely on it as it could offer a false sense of security; heck I would not rely on my solution above if it worked as you could interfere with some browsers or firewalls; even lock visitors out.

The best solution is advising about private browsing and how to delete individual history entries for each of the major browsers; as abusers of all kinds tend to be devious and intelligent. So they could find out (i.e. from the cookies). Also if you auto delete the entries and the user is clued up (as they live with an abuser they are probably well aware that they need to be careful) the fact that there are no entries there could spook them and cause them distress; leaving them wondering if there is a trace or not; which would nag them.


ETA: MikeChipShop raises a good point with telling the user how to delete a single site from history. It might actually be worth just showing a popup giving instructions on how to delete individual pages from history manually.

Remember, someone coming from google is going to have the search query in their history; like "Google Search: Domestic violence support".

So when they are done, they could clear their tracks only for the specific sites they want to hide away without clearing everything and alerting their abuser to the fact they have "done something" they could get attacked for.

Edited by FizixRichard, 09 October 2012 - 04:01 PM.


#12 MikeChipshop

MikeChipshop

    Small but imperfectly formed

  • Privileged
  • PipPipPipPipPipPip
  • 8,804 posts

WDF Reputation

681
Excellent
  • Gender:Male
  • Experience:Nothing
  • Area of Expertise:Designer

Posted 09 October 2012 - 04:05 PM

That's an extremely good idea and certainly worth a poke around to see what opportunities it opens up.
I would imagine that since you've entered the URL in the first place, it's in your history.

I've been meaning to write a blog post on this for a while now (i used to work for a council in the Youth Service where i was asked this question many times but never had a proper answer). At the time we created a single site on a innocent URL with a simple code pop-up box. You had to be referred in the first place and you were given a code to enter on every visit that would then push you to the site and set a cookie so you could browse.
On either window/tab close or escape button push, the cookie would be deleted leaving no trace of the site except a few inaccessible innocent looking URL's. (we used something like 'ghuydth6567.com', i obviously wont release the real URL in case it is still in use.).

It was by no means perfect but it fitted at the time.

#13 FizixRichard

FizixRichard

    Advanced Member

  • Members
  • PipPipPip
  • 437 posts

WDF Reputation

57
Excellent
  • Gender:Male
  • Location:Market Deeping, England
  • Experience:Advanced
  • Area of Expertise:Web Developer

Posted 09 October 2012 - 04:19 PM

I think you may be right about the site still appearing and I think it could lead to accessibility issues if it did work; I was just trying to give a possible solution. But I read it and see lots of potential holes and problems.

I do wonder if its trying to solve a problem that doesn't exist as such. I do wonder whether a lot of visitors would probably already be on the discreet and I am pretty certain that if you immediately armed them with the knowledge of how to cover their tracks on the website, they would take heed and follow the instruction.

Edited by FizixRichard, 09 October 2012 - 04:19 PM.


#14 Wickham

Wickham

    Web Guru

  • Moderators
  • PipPipPipPipPip
  • 3,338 posts

WDF Reputation

326
Excellent
  • Gender:Male
  • Location:Salisbury UK
  • Experience:Intermediate
  • Area of Expertise:Web Developer

Posted 09 October 2012 - 05:20 PM

Why doesn't an abused person use a computer in the local library, or even next door?

An abused person must realise that it's dangerous to use the computer that the abuser uses.

#15 FizixRichard

FizixRichard

    Advanced Member

  • Members
  • PipPipPip
  • 437 posts

WDF Reputation

57
Excellent
  • Gender:Male
  • Location:Market Deeping, England
  • Experience:Advanced
  • Area of Expertise:Web Developer

Posted 09 October 2012 - 05:27 PM

Why doesn't an abused person use a computer in the local library, or even next door?

An abused person must realise that it's dangerous to use the computer that the abuser uses.


In an ideal world yes, however as is often the case in abusive relationships; the abuse extends beyond a beating through to all round control; where an abuser will control as much of that persons life as possible.

For example a woman may not be able to leave the house and go to the library without her partner and may fear being caught by her abuser if she were to do so.

In that sense; the home computer, if used carefully can be safer than going out; as if the abused were to delete the individual history items and cookies from the support searches and sites they have visited it would be unlikely they would be found out; short of making a mistake, being caught red handed or really extreme cases where the abuser is actively monitoring their victim.

But that's something else and isn't as common as the woman being treat as property and not being allowed out on her own.

#16 ocorreiododiogo

ocorreiododiogo

    Dedicated Member

  • Members
  • PipPip
  • 117 posts

WDF Reputation

4
Neutral
  • Gender:Male
  • Experience:Nothing
  • Area of Expertise:Nothing

Posted 01 November 2012 - 11:10 AM

I found this article on css tricks, and immediately thought of this thread http://css-tricks.com/website-escape/





Also tagged with one or more of these keywords: security, history secure browsing

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users