What you reveal to a website

It has been a while since my last post, but I come back with more privacy stuff! As some of you might know, many websites use something called Javascript to display to you their contents. Javascript is a programming language and in today’s scenario it will be run on a Client-side, which means that what you see below is JS code being run on your device. This opens up many possibilities and gives me access to a lot of information. This website has inspired me to work throught the code myself. Take a look at my results!

The first, most basic, information that I want to know is your IP number. I can get that very easily, as you have to reveal your IP to me, when you make the connection.

Your IP is:

This information lets me have a rough guess on where you are and what your ISP is. Location will not be very precise, but I guarantee that Microsoft, Google or Facebook will be better at this. If you use Google, you can see at the very bottom of the screen your ZIP code – this is how well Google tracks you. Read more about it here

I do not have access to your location data.

Now that I “know” where you are. I might take a look at what device you are currently using. This information will be given by your browser – fortunately, it can be easily modified.

This information might seem innocent and not useful at all, but keep in mind that companies target customers also by their devices. You can expect higher prices when using an Apple product. Read about it here.

Some browsers let the website access information regarding the battery status. If you see you battery level below, it means you are vulnerable to that.

Your device does not give me access to your battery level.

This has been analyzed by Uber, which learnt that people are more willing to pay surge price when their battery level is low. Officially, Uber stated that they never used low battery level against a customer. Read more about it here.

When you use Torrent network your public IP is in the wide open and there are companies and government agencies that track this info. One such organization is iknowwhatyoudownload, which gives you a list of torrents downloaded from your IP. This does not mean you have done it, because internet providers dynamically give and take back IP numbers. But it gives you a general idea of what people do with the Internet.

The last thing I want to show you is gyroscope and accelerometer. Most of the modern phones and even laptops are equipped with those two to function properly. Using JavaScript I can get this information from the browser and apply some logic to it. I have created a simple if statement and I can very well see you are still or not, if you have your phone in your hands etc. This has been also analyzed by Google, which identifies an activity of the device owner. Example activities:

IN_VEHICLE The device is in a vehicle, such as a car.
ON_BICYCLE The device is on a bicycle.
ON_FOOT The device is on a user who is walking or running.
RUNNING The device is on a user who is running.
STILL The device is still (not moving).
TILTING The device angle relative to gravity changed significantly.
UNKNOWN Unable to detect the current activity.
WALKING The device is on a user who is walking.

Full specs are here.

If you see empty values, it means that either your device has no gyroscope or your browser won’t give it to me. To test it, I would suggest an Android phone.

Gyroscope readings

Accelerometer Readings

  • acceleration x:
  • acceleration y:
  • acceleration z:
  • rotation alpha:
  • rotation beta:
  • rotation gamma:

Even though I have not asked for any permission, I might have a good idea on what my users are doing, where they are etc. Please keep in mind that app developers have access to much more information that what is presented here. Please therefore review app permissions, not to give your data away unnecessarily. Stay private!

Leave a Reply

Your email address will not be published. Required fields are marked *