"Webkay" will show you how much browsers your information can be collected

There are many people who are taking safety measures with anti-virus software when connecting to the Internet, but it seems better to know that certain information may be acquired by casually using browsers is. Entrepreneur and JavaScript fanRobin LinusTools developed by "Webkay", You can check what kind of information can be acquired simply by accessing from the browser you normally use.

What every Browser knows about you

When you open the page, "This is a demonstration of all the data your browser knows about you, all the data here is something you can get without asking for permission. Most of these are justified guesses and they are considered to be correct "is written. That is, from the moment of accessing this page, it is made to acquire the data obtained from the accessing browser as much as possible.

What is displayed at the top are the coordinates of the current position based on wireless LAN, WiFi, mobile phone base station, GPS, IP address, etc., and the actual location and location of the map. When I tried to actually display it, in some cases, an error of several hundreds of meters was sometimes generated, but it seems that the approximate correct position will be displayed. According to the explanation, this Webkay is using Google Geolocation API to acquire your location information.

It seems that it is not as accurate as the actual GPS data. For example, if it is a smartphone connected to an LTE network or the like, the position of the Tokyo Metropolitan Government was pointed out in this way should be pointing to Osaka in this way. If you want to disable this function, you can either pass through a proxy server,NoScriptIt is said that JavaScript should be invalidated with a plug-in such as.

A part of the current software environment is also acquired by the browser. The OS was Windows 7, and the browser at this time pointed to Firefox 45.0. It was exactly Firefox 45.0.1, but it is almost correct. In addition, the plug-in of the browser is also acquired as follows. This can also be avoided by using NoScript.

When trying to access from the iPhone, it is like this. IOS version and browser (Chrome) version is displayed. No plug-in has been detected.

Following the software, hardware information is also being extracted. In addition to CPU, GPU resolution etc is not surprising even if it is acquired for responsive web page, but it is a little surprising that the state of charge of the battery, remaining capacity, remaining time etc are acquired.

It may be said that the conditions such as IP address, provider, and line quality are acquired as expected.

I understand the login situation to social media. Even around here, if you use NoScript or access it in the browser's private browsing mode, you can avoid it.

And, by disguising as Google + or Facebook link and clicking, information leakage and takeovers that the user does not intend may happenClick JackingAlso the risk. This is a dangerous content to be acquired at a malicious site rather than a browser's behavior, but this can also be avoided with NoScript or private browsing mode.

Although "Gyroscpe (gyroscope)" item was not displayed when accessed from the PC, nothing ......

When accessed from the browser of the smartphone, a compass using three axis angle information indicating the angle of the terminal and geomagnetism was displayed on the screen. Three numerical values ​​of "alpha" "beta" "gamma" are swiftly moving, so you can see that the angle of the terminal is reading very fast. Also, it says "Your device is probably in your your Hands (probably your terminal is in your hand)" at the bottom of the screen, but surely at this time you can put the terminal on your left A state of having.

And actually putting the terminal on the table, it says "Your Device is probably laying on a Table (probably your terminal is placed on the table)". This is probably what is inferred from the amount of movement of the angle, but if you are surprisingly synchronized with your own actions, they are surprised and feel a little uncomfortable.

There was a button called "Scan my Network" on the screen of "Network Scan". Even if you actually click on it, you should have hundreds of equipment hanging in the company's Wi-Fi network, but nothing is displayed.

In the bottom "Images", there is a button "reference". Uploading by choosing an image from Explorer displayed by clicking this ... ....

Information obtained from the EXIF ​​data recorded in the JPEG image is displayed and the shooting position and date and time are displayed. This operation can be avoided by deleting the EXIF ​​data from the image, but if you inadvertently upload an image from a smartphone etc. via the browser, apart from whether it is actually done or not, like this It is also possible to acquire information easily.

in Software,   Web Service, Posted by darkhorse_log