Posted Monday at 04:00 PM4 days comment_10512 There are numerous ways that your internet activity is tracked as you navigate from website to website, many of which you can mitigate with your choice of browser (and browser settings), as well as the use of tools like VPNs. Google Chrome remains the absolute worst browser for privacy for many reasons, but that doesn't mean the browser is free of privacy progress. In fact, the upcoming version of Chrome will finally patch a 20-year-old bug that allowed users to be tracked and profiled through their previously visited links. A privacy fix is coming to Chrome 136The issue, which Google is addressing with Chrome 136, has to do with how a user's previously clicked links are displayed from site to site. As BleepingComputer explains, Chrome stores visited links globally and allows them to be styled across sites as a different color from the default blue—even if you've clicked them from an entirely different website. For example, you might see a link as purple on one website, indicating you've visited it before, but you had first clicked that link on a different site entirely. This way of storing visited links creates significant privacy and security concerns, as it leaves users' browser history open to leaks and increases the risk of phishing and various cyber attacks. BleepingComputer reports that researchers have found multiple attacks in the past that originated from this vulnerability. Seeing as this was the way Chrome handled the situation for twenty years, that's not too surprising. That's changing with the upcoming 136 update. This version implements "triple-key partitioning," which marks links as visited only on the same site and frame origin where the link was clicked. There's also an exception for "self-links," meaning a site can display links to its own subpages as visited even if you clicked those links elsewhere on the internet—since sites already know if you've landed on these pages.What Chrome users need to doThe fix is expected to be turned on by default once Chrome 136 rolls out, but users on the current version (Chrome 135) and any previous versions back to 132 can enable it manually. Go to chrome://flags/#partition-visited-link-database-with-self-links and select Enabled from the drop-down. Note that the feature is still experimental and may not function as expected. Of course, you may simply consider switching to a browser that offers better privacy protection. (Firefox and Safari also have visited link styles concerns, though not as glaring as Chrome's.) View the full article
