Is Your Browser Leaking Your Online Secrets?

Gavin Phillips 18-08-2016

Is your browser leaking your online secrets? Could it be letting your Rule 34 5 Internet Commandments To Live By Or Incur The Wrath Of The Web (And A Note On Porn) The Internet is a somewhat lawless place. Sure, there are various legalities concerning the posting and viewing of certain content -- including pornography and copyrighted material -- but generally speaking the rules that govern the... Read More train obsession out of the bag, without even an inkling of remorse? And if it is, how on earth would you know?


We place an incredible amount of trust in our internet browsers. We look at all manner of personal and private information in the full knowledge that some identifying aspects are being stored. Most agree to the storage to keep their internet browsing easy and to keep their services free Thousands Gave Away Personal Data for Free on Facebook - Did You? If you're like thousands of other people, you just gave away a ton of personal information, for a graphic that shows your most-used words on Facebook. Not really a great trade, was it? Read More .

But are browsers keeping their end of the deal? Which browsers maintain your inner sanctum, and which are more akin to a desperate, leaky tap? Let’s take a look.

What Your Browser Knows about You

Your browser maintains a steady stream of personally identifying information What Does Facebook Know About You? Why You Should Delete Facebook What does Facebook really know about you? One thing's for sure: if you want online privacy, Facebook is best avoided. Read More that can be easily accessed by other websites. The vast majority of the time, you’re being tracked around the web so that those free services we already spend countless hours on can provide vastly more personalized advertising. Your browser will usually provide the following information, without much prodding:

  • Location: The provision of your location seems relatively obvious. Most browsers have a built in geolocation API that websites and other services will use to determine which version of a site to serve to you. In other cases, it’ll determine that the service you’re attempting to use is unavailable at that location, such as BBC iPlayer or Netflix. Most services just want to gauge which country you’re accessing the internet in, and as such you’ll see search results like this:
    Currently Logged In GeoLocation via Chrome GeoAPI
    I am nowhere near London. I am, in fact, 311 miles (500km) west of that location, but using a cloud internet service in a bar (yes I am aware I’m in a bar at 9am. Bottomless coffee, anyone?). Geolocation APIs may be able to ask for a location, but they won’t always be accurate, and certainly will not be as accurate as information provided by your smartphone, which has GPS tracking.
  • Hardware and Software: Your browser will provide information about your system hardware and the software you have installed. This is to ensure the website served actually suits your device. As well as this, it will reveal your installed extensions and add-ons so the site or service provider can decide how to interact.
  • Connection: Some websites and services will request your connection information. Again, this is to determine which website content to serve you. Streaming services will use this data to dynamically alter the stream you’re viewing.
  • Social Media: As I’ve already mentioned, your social media accounts will track you around the internet. As the vast majority of social media sites are free, funded by advertising, it is in their owners’ interest to continue this practice.
    Social Media Accounts Still Logged In
    You might not mind being tracked around the web, but it can cause problems. For instance, if you leave Facebook logged in, and head directly to a site offering nefarious wares or adult content, the social media sites will make a log of this. Now, due to their own advertising rules, your screen won’t be emblazoned by naked ladies, or festooned by adverts for your local cannibalism groups — but that log will not disappear.
  • Gyroscope: This only really applies to mobile devices, but your browser still sends this information out even when using a laptop or desktop computer. The only difference is with laptops and desktops certain results will be returned false or null.
    Browser Data GyroscopeInterestingly, your browser can (disturbingly?!) assess if your device is currently in hand, or on a table.

This information was easily located using What Every Browser Knows About You, a site designed to illustrate the ease that this information can be found. This website is built with this in mind, and does come with a number of useful suggestions as to how you might cover your online tracks just a little more. It isn’t the only webpage you can use to assess what basic information you might be leaking. Try Panopticlick to see if your browser is safe against tracking:

Pantopticlick Open Browser Data


As the caption states, the site cannot measure each and every method and variant of tracker. Some are complex, subtle, and in all honestly, don’t want you to know you are being tracked. What makes this site interesting is its browser fingerprint logging. My browser “appears to be unique among the 129,859 tested so far.” Now, 129,859 is a drop in the ocean. Google alone estimate their Chome browser has over 1 billion users. That is 0.0001% of just Chrome users. But it illustrates the ease of identifying individual users via their browsers.

Are All Browsers Made the Same?

In a word, no. But not necessarily for the reasons you think Chrome vs. Firefox in 2016: Which Browser Is Right For You? I want to explore why people might prefer one over the other, and hopefully those reasons will shed some light on features and aspects that you may not have considered before. Read More .

Way back, when the internet was just a series of tubes Is Internet Culture Different In Other Countries? A lot of what is being studied are interactions between the world wide web and people living in North America, which seems to be diluting the definition of what Internet Culture really means. Read More , Internet Explorer ruled the browser roost, bossing around anyone with ideas about internet access. After schoolyard fights, and bruised egos, Microsoft eventually had to admit that they had somewhat monopolized the market. Somewhat. The answer was to introduce a delightful new screen to the mix, advising users that there were, in-fact, other browsers available, and that Internet Explorer wasn’t god’s (Bill Gates) gift to the world.

The Internet Is A Series Of Tubes


This, of course, changed things.

You see, during the time of Internet Explorer dominance, any nefarious individual who wanted to extrapolate private and personal information from a user would, in many cases, simply find an exploit in Internet Explorer, and do their worst (or best, depending on how you look at it). Being the number one browser throughout the world made Internet Explorer the main target.

Roll on a few years and Google Chrome, Mozilla Firefox, Opera, Safari, Comodo Dragon, Maxthon, and a host of other browsers (including the new Microsoft Edge) have firm followings throughout the online community. In fact, in April 2016, Google Chrome actually finally overtook Internet Explorer as the most used browser in the entire world, potentially marking the beginning of what I expect to be a very long denouement for an unfortunate stalwart in the history of internet browsers.

NetMarketShare Browser Usage Statistics


Depending on where you get your figures from, this may have actually taken place in April 2011, some five years before the information I have linked above. W3Schools, who measure browser statistics and trends each and every month believe this to be the case.

W3Schools Browser Usage Statistics

Anyway, I digress.

Add-ons, Extensions, Plugins, and More

The new wave of browsers brought forth a torrent of shiny new add-ons, extensions, plugins, applets, and more, with the aim of streamlining and expanding our internet browsing options. Where Internet Explorer had an extremely limited number of additional browsing options, the new browsers encourage users to download and use these extensions, most of which can be added with a couple of button presses.


Their arrival and widespread use created another potential vulnerability. As many extensions require access to the common data we’ve listed above, as well as more personally identifying information, if their security practices aren’t up to scratch regular users can easily see their personal data leaked. Of course, this is exactly what happened.

Researchers for anti-scraping and IT security specialists, ScrapeSentry, discovered a free app which was leaking personal information back to single IP address, located in the USA. The Google Chrome extension, Webpage Screenshot, was downloaded by over 1.2 million people and was located after the company “identified an unusual pattern of traffic to one of our client’s sites which alerted our investigators that something was very wrong.”

But Browsers Have Other Leaks

Aside from the “regular” data provisions requested by the myriad websites we visit, browsers are known to leak all manner of personal data.

For instance, in early 2016 security researchers at Canada’s Citizen Lab found the web browser provided by Chinese web-giant Baidu was leaking monumental amounts of information. They concluded that:

“[it] collects and transmits a lot of personal user data back to Baidu servers that we believe goes far beyond what should be collected, and it does so either without encryption, or with easily decryptable encryption”

The version of the browser developed for Windows systems was found to leak search terms, hard drive serial numbers, network MAC addresses, webpage titles, and even GPU model numbers. As well as this, browser updates arrived without code signatures, meaning they could be hijacked, injected with malicious code, and forced to execute. Furthermore, the browser development kit is used in thousands of applications used around the world, so the issue wasn’t limited to just Chinese users.

Singling out Baidu isn’t fair.

Google’s Chrome browser ran into issues when its Incognito Mode — designed to use a separate browsing session 4 Things to Keep in Mind When You Go Incognito Online Incognito Mode (or private browsing in general) may not be as safe as you think it is. Here are some important things to keep in mind before the next time you do. Read More to isolate and then delete session information on termination — accidentally exposed pornographic material by storing images in a physical memory cache. The incident in question saw adult images displayed at the Diablo 3 loading screen, and the user in question found that information not erased from physical memory could be accessed by other applications, specifically Nvidia GPU’s. 6 Ways You Can Be Tracked in Incognito or Private Browsing Mode Private browsing is private in 99% of cases, but can private browsing be hacked? Can you tell what someone has viewed incognito? Read More

Everyone’s favorite browser-come-punching-bag, Internet Explorer, is no stranger to data leaks. On numerous occasions over the years the Microsoft-developed browser has been exposed, to varying degrees. In 2014, Internet Explorer users, especially those using XP, were exposed via a memory leak. In 2012 Internet Explorer was subject to a mouse tracking issue which allowed attackers to document mouse movements on vulnerable systems (though Microsoft continually refuted this). Even the newly minted Microsoft Edge browser has experienced personal data leak issues via a poorly coded integrated PDF Reader.

Worse than a Leaky Tap

It seems our data is consistently up-for-grabs. Tim Libert, a privacy researcher at the University of Pennsylvania, published peer-reviewed research that sought to quantify the numerous privacy comprising features we encounter across the one million most popular websites in the world.

“Findings indicate that nearly 9 in 10 websites leak user data to parties of which the user is likely unaware.”

To put it plainly, there is a 90% chance the website you just visited will forward your user data to another site. While this isn’t the same as leaking personally identifying information, mass tracking is still a massive problem as it indicates the vast majority of websites are ignoring their user’s “Do Not Track” requests What Is "Do Not Track" and Does It Protect Your Privacy? Does enabling "Do Not Track" in your browser really protect your privacy, or does it simply provide a false sense of security? Read More .

As it stands, most internet users do not realize their actions are being tracked How Much of Your Personal Data Could Smart Devices Track? Smart home privacy and security concerns are still as real as ever. And even though we love the idea of smart technology, this is just one of many things to be aware of before diving... Read More , and that the information is being stored.

If you want to stop the leaking, the tracking, the cookies, and more, you do have a few options. Browser extensions such as Control Your Web Content: Essential Extensions to Block Tracking and Scripts The truth is, there is always someone or something monitoring your Internet activity and content. Ultimately, the less information we let these groups have the safer we'll be. Read More Ghostery, NoScript, Disconnect, and uMatrix can provide users some vital relief from data tracking. However, at the end of the day, if there is a massive vulnerability or critical browser issue, your data will be leaked, almost regardless of your actions.

What steps do you take to secure your browser? Do you use anti-tracks apps? Or do you go the whole-hog, and use Tor? Let us know your data protection protocols below!

Related topics: Online Privacy, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    August 19, 2016 at 11:55 am

    Could we become more secure if using a VPN service ?

  2. Anonymous
    August 19, 2016 at 4:30 am

    OK, you've just told me many terrible things. Can you now recommend browsers that leak minimally - or not at all?

    I recently came across Iridium browser - based on Chromium. Wonder how good that one is?