What every Browser knows about you

fingerprint  webkay

This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission.
Most of the data points are educated guesses and not considered to be accurate.

If you are interested in this topic join the discussion on Hackernews or the discussion on Reddit.

Create awareness for web privacy by tweeting about this page, or share it on Facebook, or Share via Whatsapp.

my_location  Location

Explanation:
Webkay uses the Google Geolocation API to locate you. This is an educated guess and never as accurate as a GPS Location. The accuracy depends on your location and also on your connection type. If you are on a mobile network expect an error of up to 50km.
This example just tries to demonstrate how accurate a website can guess your location without asking you for permission to access your GPS.


Prevention:
To prevent your browser from leaking your ip and location, use a Webproxy.
This example uses the Google GeoLocation API to get a more accurate result then "normal" IP Location Lookups. To prevent this, you need to deactivate Javascript in your browser with a browser plugin like NoScript.

Read ryuuchin's post on privacy plugins!

save  Software

Operating System

Browser

Browser Plugins
No plugins detected.
Prevention:
To prevent your browser from leaking information about your software use NoScript.

computer  Hardware




Prevention:
To prevent your browser from leaking device information use NoScript.

wifi_tethering  Connection



Performing speedtest, please wait...
Prevention:
To prevent your browser from leaking information about your connection use NoScript, a Webproxy, or Tor.
To prevent the local ip leak Disable WebRTC or install a Leak Prevent Plugin


group  Social Media

Explanation:
See this post by eatsfoobars


Prevention:
To prevent your browser from leaking information about your social networks, logout, use Private Browsing, or NoScript.

Although those Vulnerabilities are well known for several years, none of the vulnerable companies wants to fix them.

mouse  Click Jacking

Misuses your Google/Facebook Account to reveal your identity.
Prevention:
To prevent getting clickjacked, do not visit dubious sites, use Private Browsing, or NoScript.

Those Vulnerabilities are well known for years. . Twitter's social widgets are not vulnerable to this, because you need to confirm your actions in a seperate window.

mouse  Auto-Fill Phishing

Misuses your browser's Auto-fill feature to steal your identity.

Autofill Phishing demo
Prevention:
To prevent this attack you should disable the autofill feature, or at least never use it on dubious websites!

3d_rotation  Gyroscope

Prevention:
To prevent your browser from accessing your Device Orientation use NoScript.

leak_add  Network Scan

Any webpage can scan your local network for devices.
(A malicious website could do that without consent.)

Devices in your local network:
Prevention:
To prevent your browser from scanning your Network use NoScript.

image  Images

Select an Image to see what it's meta data reveals.

Prevention:
To prevent your browser and other servers from accessing the meta data in your images, Remove the EXIF Data before you upload them.

favorite  Shamelessly advertising my other Apps