Like all Web 2.0 sites, Facebook uses Ajax technology to provide increased functionality and a better user experience....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
One method that Facebook uses to improve page load times involves concatenating, or joining character strings and link information, to the end of a URL. However, this means the URL for the profile you've just visited is still present in the new Facebook URL. If you copy and send this URL to someone else, they will be able to discern the previous step in your Facebook browsing history. As I said, this isn't a major security issue, but it does create an unnecessary, and potentially embarrassing, leak of personal information. For example, it could contain a link to a support or action group that you'd prefer to keep private.
You can avoid this particular problem simply by manually refreshing a Facebook page before you copy the URL from your address bar, as this removes any references to previous pages. I'm not sure how you could make the refresh an enforceable step in your acceptable usage policy, but I would certainly make your users aware of the issue.
The problem may well be something that you take into account when deciding to block social networks from your corporate network, but I think greater social network concerns are time wasting, data leakage, malware attacks and bullying.
You should, of course, be aware of the many other ways that Web browsing history is stored and accessible. First, there's the browser's address box, which presents previously typed addresses in a drop-down box. Ctrl+H brings up the browser's history panel that logs the date, time and Web address of every page visited. These features can be either handy or embarrassing, depending on who's watching over your shoulder. Thankfully, this data can be easily purged. With Internet Explorer, click on Tools, then Internet Options, then click the Delete Browsing History button. For Firefox users, click Tools then Options, select the Privacy tab and click the Clear Now button. Both browsers give you the option to clear your browsing history when closing them and delete all data that they may collect while you're browsing, such as cookies and saved form data. In IE 7 and 8, these actions now also delete the corresponding entries in the index.dat files, another store of browsing activities.
Note: If you're wondering how useful browser history data can be to an attacker, there's a website that can pretty accurately determine your gender just by analyzing your browser history. This site's just for fun, but the same data can just as easily be misused by an attacker.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Michael Cobb
C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to ...continue reading
Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and ...continue reading
A Linux vulnerability that affects 80% of Android devices allows for attacks on TCP communications and remote code execution. Expert Michael Cobb ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.