When I link to a web site, information about me is transferred to the web site. For example, some web sites know my general location (city and state). How can I find out what information is being transferred? Is there a web site that lists information it receives when I link to it? Basically, I want to know how anonymous my web surfing really is for most purposes.|||In addition to your IP address and the request headers, a website can use javascript and Flash to find out more about you and your system.
Most web analytics packages (such as Google analytics) can tell you the screen size, number of screen colours, internet connection speed, Java version, Real Audio version, Windows Media version, Quicktime version, whether you have PDF support and the Flash version of your visitors along with lots of other things. Although I haven't seen anyone track this, Javascript could be used to determine exactly what time it is on your computer which could reveal personal habits such as browsing at 3am or during your lunch break.
The request headers include things such as what languages you prefer and what version of your browser and operating system you are using along with the referer header which contains the page that referred you to this one. If you have just done a Google search (and most other search engines do the same thing as Google) this referer header will reveal exactly what you searched for to the site that you click on from the results page. The user-agent header may also indicate plugins and toolbars that you have installed but this depends on the plugin. Not all of them do this.
Apart from the languages, possibly the search strings and maybe the time on your computer, none of this information is about YOU specifically but there are a couple of things that websites can do to get more information about you rather than just your computer.
Using Javascript and CSS a website can find out if you have visited a particular site or list of sites. See here for an example: http://www.azarask.in/blog/post/socialhi… and here for a proof of concept: http://ha.ckers.org/weird/CSS-history-ha…
Imagine how handy that would be for a phishing site to be able to know which social networks or banks the target used and then make the phishing site look like one that they actually used...
Web analytics packages and advertising companies also have the ability to find out many sites that you visit because the code that tracks you or displays the ads needs to be requested from the advertiser's website and the referrer will always contain the site you are on. This goes for every site with a Digg widget too... Digg will know that you have visited that site whether you click on the widget or not. Given how many sites have Google ads, Google analytics or Digg widgets, it is likely that Google (and Yahoo! and Microsoft... they do advertising too) know nearly every website you have visited.
Cookies don't reveal anything about you directly but they can be used by the website to identify that you are you and not someone else with the same IP address when you visit the same site for a second time. Because of this, the website can add lots of little bits of information together to get a more complete picture of you. For instance, they can see how long after an OS upgrade was released that you finally upgraded because they know that the person that visited the site on the 20th is the same person that visited on the 28th and the user-agent tells them that they upgraded their OS in between. Or they can tell that you frequently travel to another city with your laptop and stay at a particular hotel. The hotel will have a certain IP address that is owned by it and all the guests in the hotel will share the same IP address. They will only know it's you when you are in the hotel because of that cookie. If you access the site from two different computers in the same house (with the same IP address), they might be able to determine that you have two computers and combine the information collected from both of them in the database.
Cookies have a lot of potential to collect information but the only thing that needs to be stored in the cookie itself (which is on your computer) is a unique identifier which may look something like the one identifying this question on Yahoo! Answers: 20090507140520AALkRub.
Using Javascript again, a site can determine anything you typed into a form on the site, even if you deleted it or never submitted the form. Sites can also take advantage of the auto-fill feature of your browser and create a form with obvious fields such as "email" and "name" which, after they are auto-filled, can be sent back to the website via Javascript. Auto-fill can also fill in hidden fields in forms that you didn't even know were being submitted. Auto-fill is dangerous to your privacy.
This is not a completely comprehensive answer but it does include quite a bit. I'm sure there are other ways to get information about someone simply by having them visit a website. It's very hard to be anonymous on the internet.|||Websites can only find your location -- that is transferred from your IP address, not from your computer itself.|||Depends on if your system is in stealth...
Go to the GRC 'Shields up" site for all kinds of info %26amp; a test of your firewall, what's revealed, an so on; a well known and trusted site:
https://www.grc.com/x/ne.dll?bh0bkyd2
Added; XLNT job lada; perhaps others will see your post and wake up to the exposure a browser has...again, dam fine job.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment