How can your browser know so much information about you?
Is your browser leaking your online secrets?
We blindly trust our internet browsers. It is always a good idea to review all types of personal and private information in full knowledge that some aspects of identification are being stored. But perhaps we should ask ourselves about the purpose of the stored information, the security when making this information available, trying to understand the real privacy that the browser offers, for what purpose it can use your personal information if it really does.
What you Browser Knows about you
First of all we should understand what webkay is and what can do?
This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission.
Most of the data points are educated guesses and not considered to be accurate.
While using the browser, it collects personally identifiable information, information that can very easily be accessed by other sites. Most of the time you use your browser, you are being tracked across the web so the free services we already spend countless hours on can provide much more personalized advertising. Your browser will usually give you the following information without much effort:
Location: Indicating your location seems relatively obvious. Most browsers have a built-in geolocation API that websites and other services will use to determine which version of a website will serve you. In other cases it will determine that the service you are trying to use is not available in that location, such as BBC iPlayer or Netflix. Most services just want to assess which country you are accessing the Internet from.
Webkay uses the Google Geolocation API to locate you. This is an educated guess and never as accurate as a GPS Location. The accuracy depends on your location and also on your connection type. If you are on a mobile network expect an error of up to 50km.
This example just tries to demonstrate how accurate a website can guess your location without asking you for permission to access your GPS.
Hardware and Software
Your browser will provide information about your system hardware and the software you have installed. This is to ensure the website served actually suits your device. As well as this, it will reveal your installed extensions and add-ons so the site or service provider can decide how to interact. As you can see, the browser collects information about CPU, GPU, battery.
Connection
Some websites and services will request your connection information. Again, this is to determine which website content to serve you. Streaming services will use this data to dynamically alter the stream you’re viewing.
Social Media
As I’ve already mentioned, your social media accounts will track you around the internet. As the vast majority of social media sites are free, funded by advertising, it is in their owners’ interest to continue this practice. You may have noticed that on Facebook, for example, you have been receiving suggestions for friendships, pages or even clothes that interest you, as well as favorite stores. All this information is acquired by tracking you while you navigate through the internet. The intentions were always good, now depending on the intentions of each user this may not be so good. The good thing is that these services make it easier to find what you need, but they also leave your life exposed and anyone with a domain can use your personal data, for not very good purposes, in the case of malicious websites.
You may not mind being tracked throughout the web, but it can cause issues. For example, if you leave Facebook logged in and go directly to a site selling illegal goods or adult content, the social networking networks will keep track of this. Now, due to their own advertising policies, your screen will not be splashed with naked ladies or littered with advertisements for your local cannibalism groups — but that log will remain.
Gyroscope
This only really applies to mobile devices, but your browser still sends this information out even when using a laptop or desktop computer. The only difference is with laptops and desktops certain results will be returned false or null.
Almost all modern smartphones are equipped with Gyroscope. With the help of it, the browser can identify the position of your smartphone whether it is vertically or horizontally. Also some technical details.
The browser can predict where your smartphone is, for example on a table, in your hands, in your bag or in your pocket.
Click Jacking
The browser also collect information about the use of the mouse exactly when making a click. Once again, you may not worry so much about this, as this information can be used to improve the user experience of a website, identifying errors as well as performance when clicking, dragging images and much more. In the image below, it does not show practically any information because the mouse was not in use. It should be noted that this is something notorious when using a computer, as smartphones do not support mouse.
Bearing in mind that several attacks are carried out by clicking on a malicious page, tracking this information could be useful to improve the security system. I believe it has happened to you to click on an image or video and be redirected to an unwanted website. These click-Jacking attacks can be carried out in several ways, using transparent buttons, or they can make you believe that you are filling in a password form and when you click to start filling it, you will be redirected to a new page.
Auto-Fill Phishing
Auto-fill as another way to steal personal information. Now you must be asking what is this Auto-fill. In a few words, the browser stores personal registration information and then uses it as suggestion for future filling.
It was designed with a view to making life easier for users when it comes to filling out forms, but we must always be guided by security. You my have certainly filled in personal data on forms on websites, providing personal registration data and receiving the Auto-filling suggestion, that is, the browser stored personal information without your consent. Now think about any account that on travel sites, for example, we provide passport data and details of bank accounts, home addresses and much more, information that any other website can have access. This turns out to be a serious security issue, making this future tool unreliable.
Always be suspicious whenever you use this option, the browser may be filling in spaces that are invisible to you, and this can create serious problems for you. Remember that malicious sites can very well use this tool to collect information and use it later for blackmail or even for any purpose that may harm you.
Network Scan
Scanning your network the browser can obtain critical information about your device as well as performance to ensure that the network and the devices on it are working properly. When scanning your network, the browser will understand which devices are on your network, see their performance and understand the traffic moving between them.
In the same way that this information is used for improvements, in wrong hands can serve as gateways for attacks by malicious websites. Thus making the browser’s action not very safe for the user, since it runs the risk of the same information used to improve performance being the same used for an attack.
Images
EXIF is short for Exchangeable Image File, a format that is a standard for storing interchange information in digital photography image files using JPEG compression. Pictures taken by digital cameras can contain a lot of information, like data, time and camera used. But last generation cameras and phones can add the GPS coordinates of the place where it was taken, making it a privacy hazard. You can be showing your home’s location to the world.
The pictures that you are taking nowadays, even with a smartphone, you share with the greatest innocence without knowing the amount of information that you may be leaving in the hands of others, which could have future consequences. When uploading pictures the browser will collect the meta data information from your pictures, and malicious websites can have access to it, being able to use it to carry out attacks. However, this same information can help if you are in trouble, a simple example is if you are lost and just took a picture, posted it on a social media or even sent it to someone close. It is very possible to arrive at its location from through the picture, as it contains information about location in its metadata.
