Tracking browser behavior without any tools (security breach in most browsers)

This issue is nine years old at this point and has been published, republished, and blogged countless times. I yearn for the day it stops wasting space on the front page of news aggregators.<p>A partial bibliography:<p>2000:<p><a href="http://bugzilla.mozilla.org/show_bug.cgi?id=57351" rel="nofollow">http://bugzilla.mozilla.org/show_bug.cgi?id=57351</a><p>2002:<p><a href="http://seclists.org/bugtraq/2002/Feb/0271.html" rel="nofollow">http://seclists.org/bugtraq/2002/Feb/0271.html</a><p><a href="http://bugzilla.mozilla.org/show_bug.cgi?id=147777" rel="nofollow">http://bugzilla.mozilla.org/show_bug.cgi?id=147777</a><p>2006:<p><a href="http://portal.acm.org/citation.cfm?id=1135777.1135884" rel="nofollow">http://portal.acm.org/citation.cfm?id=1135777.1135884</a><p><a href="http://portal.acm.org/citation.cfm?id=1135777.1135854" rel="nofollow">http://portal.acm.org/citation.cfm?id=1135777.1135854</a><p><a href="http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html" rel="nofollow">http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-yo...</a><p>2008:<p><a href="http://azarask.in/blog/post/socialhistoryjs/" rel="nofollow">http://azarask.in/blog/post/socialhistoryjs/</a><p><a href="http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-estimate-gender/" rel="nofollow">http://www.mikeonads.com/2008/07/13/using-your-browser-url-h...</a>

One of the coolest uses I've seen of this vulnerability is to look at the users history to only show them the digg/reddit/HN/technorati/etc share links to websites they use.<p><a href="http://www.azarask.in/blog/post/socialhistoryjs/" rel="nofollow">http://www.azarask.in/blog/post/socialhistoryjs/</a>

<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=147777" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=147777</a>

Wow am I ever not OK with browser security demonstrations that crash my browser.<p>From the JS, It looks like this is just this old trick:<p><a href="http://ha.ckers.org/weird/CSS-history-hack.html" rel="nofollow">http://ha.ckers.org/weird/CSS-history-hack.html</a>

I was worried for a brief moment, when I saw my personal site (domain: my username + dot com) show up in the list. I thought: that couldn't be in their list of sites to check for via the visited-link-css-pseudoclass trick, could it? It is! And 99,999 other sites:<p><a href="http://startpanic.com/db/db_en.txt" rel="nofollow">http://startpanic.com/db/db_en.txt</a><p>As mentioned, this isn't new.

Cute.<p>So suppose I want to know who my visitors are, but I do not want to resort to underhanded tactis like this. Any ideas on how to get to know my customers yet respect their privacy?

I don't get it. It didn't do <i>anything</i>. It just says this:<p>[img: Ready now?]<p>Correct? You bet [...]