> The window.getComputedStyle method, and similar functions such as element.querySelector, will always return values indicating that a user has never visited any of the links on a page.
> For many years the CSS :visited selector has been a vector for querying a user’s history. It’s not particularly dangerous by itself, but when it’s combined with getComputedStyle() in JavaScript it means that someone can walk through your history and figure out where you’ve been. And quickly – some tests show the ability to test 210,000 URLs per minute. At that rate, it’s possible to brute force a lot of your history or at least establish your identity through fingerprinting. Given that browsers often keep history for a long time it can reveal quite a bit about where you’ve been on the web.
> At Mozilla we’re serious about protecting people’s privacy, so we’re going to fix this problem for our users.
Regardless of it being fixed (thanks for the update) it's still possible to do this via timing attacks. I wouldn't be surprised if the sieve that is a browser still allowed it in some other way.
Links in images are always rendered as unvisited. See https://output.jsbin.com/wowalokusa, the first is an HTML link, the second is a link in an SVG, the third is a link in an SVG in an image.
> The window.getComputedStyle method, and similar functions such as element.querySelector, will always return values indicating that a user has never visited any of the links on a page.