12

I am about to begin work on an information and support services website for victims of domestic and sexual abuse. Naturally, the user's visit to this website is sensitive and the repercussions of their abuser finding out that they have could be devastating. Therefore, I am seeking a way to keep the user's visit as discreet as possible.

I cannot assume the technical knowledge of each user and there are likely to be users of a wide variety of languages. Also, there is the possibility they will need to exit the site quickly (I have the solution for this) and perhaps may not be able to return to the computer before being discovered. So, while the most obvious solution is to have a page educating users on how to clear their browsing history - this may not be the most foolproof method in practice. Because of all the variables in play, a blanket solution would be the best solution.

So far, I can think of two solutions to this but am hitting a wall with both:

Firstly, simply not have the website recorded in the browsers' search history. From what I have read this is going to be problematic between browsers if not impossible to implement.

The second would be to have a landing page at an innocuous domain name that wouldn't draw suspicion and then have a button that automatically loaded the website through a Private or Incognito browser (I could simply write instructions, 'Right Click on the Button and Select 'Open in an Incognito Browser' - but I am searching for a more foolproof solution if possible).

While some incarnation of the second solution seems more plausible - I need to consider that abusers searching through browser history is a possibility and therefore, the first solution is the most desirable.

Any ideas on either of these two methods or anything more ideas you have would be most welcomed.

Joe Roach
  • 129
  • 2
  • 1
    You can `iframe` your actual website within an innocuous domain but be prepared to ask them to visit `https://who-let-the-dogs-out.com` for domestic-abuse support. – nicholaswmin Mar 07 '18 at 11:04
  • 3
    While you clearly have good intentions, if the feature to remove history from JavaScript existed, there would be plenty of people who didn't have such good intentions and would likely use this functionality for phishing attacks in some way. – Aaron Christiansen Mar 07 '18 at 11:05
  • 3
    I don't think your second option is viable. If the abuser is suspicious enough to be checking the browser history there will always be a chance of them clicking through to your site and discovering the true nature. – Turnip Mar 07 '18 at 11:09
  • @Turnip I think the objective here is to be as innocuous as possible, not make it impossible to find out what's going on. – nicholaswmin Mar 07 '18 at 11:10
  • I understand that, but this tactic would be too risky. – Turnip Mar 07 '18 at 11:11
  • Joe, to be honest -- most people view websites via their mobile phones (70% of all website visits are now from mobiles) so it could be better to carry on regardless- simply giving the pages you lead innocuous titles; and header details (for instance the first paragraph and main picture about lipsticks) rather than trying to fool the technology. – Martin Mar 07 '18 at 11:15
  • 1
    You want to explain to your page users, how browsing in a private window/tab works. That is the minimum of “technical knowledge” that your users will need to grasp. Everything else is just nonsense in this situation. – CBroe Mar 07 '18 at 11:23
  • i'm thunking here is one solution see location.replace function https://www.w3schools.com/jsref/met_loc_replace.asp – albert stève nyobe Mar 13 '18 at 11:48

1 Answers1

2

You cannot modify the browser history using JavaScript. You can alter the stack of recently visited pages, but it only affect the previous/next page buttons. Best thing I can think of : advise people visiting the website to use private browsing mode and clean the history themselves.

Kulvar
  • 1,139
  • 9
  • 22
  • It is also possible to modify the browser history using the [history API](https://developer.chrome.com/docs/extensions/reference/history/) in Google Chrome extensions. – Anderson Green Mar 05 '22 at 19:28