Just stumbled upon a Slashdot discussion Your Browser History Is Showing, interesting stuff, it turns out there are two known techniques to sniff your web browser history remotely:

• Javascript, by inspecting a color change of a given link

• CSS, by checking a:visited element position

How to protect your browsing history ? No easy way, because it uses HTML standards functionality tricks, and blocking any of it could impact web sites visual appearence. In Firefox 2+ one can still use NoScript add-on to block unwanted/malicious javascripts. By the way, Firefox 3.5 is out and it gets some impressive speed benchmarks. In Firefox 3.5 you can also disable layout.css.visited_links_enabled setting in about:config to protect agains CSS tricks.

Now the fun part, visit the http://web2.0collage.com site and see by yourself how easy is to analyze your browser history, the site builds a colorful collage from Web2.0 compliant sites discovered in your browser history, here is what I got: