All this data can be accessed by any website without asking you for any permission.

• Locations – This is an educated guess and never as accurate as a GPS Location. The accuracy depends on your location and also on your connection type. If you are on a mobile network expect an error of up to 50km.
• Software – Operating System, Browser, Browser Plugins
• Hardware – CPU and Number of Cores, GPU, Battery Charging Level
• Connections – Upload and Download Speed of your Connections
• Social Media – Which Social Media Website you are logging in.
• Click Jacking – Misuses you Google/Facebook Account to reveal your identity. Those Vulnerabilities are well known for years. . Twitter’s social widgets are not vulnerable to this, because you need to confirm your actions in a separate window.
• Auto-Fill Phishing – Misuses your browser’s Auto-fill feature to steal your identity.
• Gyroscope – Your device Orientation. Your Device is probably laying on a Table.
• Network Scan – Any webpage can scan your local network for devices. A malicious website could do that without consent.
• Images – Images contains meta data like GeoTags, Camera speed, Focal Length etc
• Shamelessly advertising other Apps – What other applications you have installed in your device.

Prevention: To prevent your browser from scanning your Network use NoScript. To prevent your browser and other servers from accessing the meta data in your images, Remove the EXIF Data before you upload them. To prevent this attack you should disable the auto fill feature, or at least never use it on dubious websites! To prevent getting clickjacked, do not visit dubious sites, use Private Browsing, or NoScript. Although those Vulnerabilities are well known for several years, none of the vulnerable companies wants to fix them. To prevent your browser from leaking information about your connection use NoScript, a Webproxy, or Tor. To prevent the local ip leak Disable WebRTC or install a Leak Prevent Plugin

Key Terms:

• Privacy
,
• protection
,
• security