There’s a known weakness in browsers which we wrote about in the book. Every time we talked with someone about it, they’d ask us why we didn’t start a company that took advantage of the loophole, and the answer was, well, it’s creepy. The loophole basically lets you see where else your visitors have been on the Internet. Well, it’s now out in the open, in two forms: Beencounter, and Haveyourfriendsbeenthere.

To be perfectly clear, the site won’t show you everything your visitors surf–just whether or not they’ve been to a set of sites you define. Here’s how it works:

1. You decide what sites you’d like to find out about
2. You embed these sites in a hidden portion of the page
3. When a visitor loads the page, the sites that are visited are marked a:visited in the page’s CSS
4. The Javascript in the page can then grab this property of each link and send it back to you

Knowing where a visitor has been can be used for all kinds of things. For one thing, using just a few sites you can guess the visitor’s gender with a good degree of confidence–resulting in more targeted advertising. This isn’t a new idea (it’s been discussed in terms of browser history before). You might also offer a discount to visitors who’ve already checked out your competition.

Haveyourfriendsbeenthere takes advantage of the obfuscation from a short URL to hide what it is, meaning many people will click on it inadvertently. There’s no easy way to fix this without breaking a lot of the history functions that we use when browsing (one user on Reddit pointed out that this flaw has been around since 2002 and there are sites that show your surfing history already).

We figured it was worth talking about it more openly since these two services are likely to make it a pretty mainstream practice, particularly among sites that benefit from demographic targeting.

BTW, clearing your browser history or surfing in anonymous mode will hide your behavior from such tools.