[bigiain]

I wonder if they're doing browser history sniffing? If I were an evil-finance-company-web-developer, I'd certainly consider attempting to find out which of my competitors websites you've visited recently. Or whether you'd visited any of their (or my) adwords landing pages. Or (with a fair bit more work) whether you'd done any of a selection of specific google searches.

I've been playing with it a bit lately, it works pretty reliably in most of the Firefox 3.6.* browsers, as well as iPhones running 3.1.3 and 4.1, and IE 7 and 8... (Chrome, Safari, and iPads are immune to both the css and javascript sniffing techniques I've tried, but that's not to say there aren't other tricks that work for them...)

http://bigiain.com/csshistorysniffing.html

(apologies in advance if my cheapo hosting and naive and unoptimised perl/cgi proof of concept doesn't stand up to hackernews traffic volumes...)