{"id":734,"date":"2019-03-03T19:41:14","date_gmt":"2019-03-03T18:41:14","guid":{"rendered":"http:\/\/cwiok.pl\/?p=734"},"modified":"2019-03-04T08:26:21","modified_gmt":"2019-03-04T07:26:21","slug":"everything-you-reveal-to-a-website","status":"publish","type":"post","link":"https:\/\/cwiok.pl\/index.php\/en\/2019\/03\/03\/everything-you-reveal-to-a-website\/","title":{"rendered":"What you reveal to a website"},"content":{"rendered":"\n<p style=\"text-align:justify;\">It has been a while since my last post, but I come back with more privacy stuff! As some of you might know, many websites use something called Javascript to display to you their contents. Javascript is a programming language and in today&#8217;s scenario it will be run on a Client-side, which means that what you see below is JS code being run on your device. This opens up many possibilities and gives me access to a lot of information. <a href=\"http:\/\/webkay.robinlinus.com\/\">This website<\/a> has inspired me to work throught the code myself. Take a look at my results!<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/cwiok.pl\/wp-content\/uploads\/2019\/03\/privacy1.png\" alt=\"\" class=\"wp-image-1113\"\/><\/figure>\n\n\n\n<script type=\"text\/javascript\" src=\"http:\/\/code.jquery.com\/jquery-latest.min.js\"><\/script>\n  <script type=\"text\/javascript\" src=\"js\/jquery.ajax-cross-origin.min.js\"><\/script>\n<script src=\"https:\/\/code.jquery.com\/jquery-3.3.1.min.js\"><\/script>\n<p style=\"text-align:justify;\">The first, most basic, information that I want to know is your IP number. I can get that very easily, as you have to reveal your IP to me, when you make the connection.<\/p>\n\n<h1 id=\"yourip\">Your IP is: <\/h1>\n\n<p style=\"text-align:justify;\">This information lets me have a rough guess on where you are and what your ISP is. Location will not be very precise, but I guarantee that Microsoft, Google or Facebook will be better at this. If you use Google, you can see at the very bottom of the screen your ZIP code &#8211; this is how well Google tracks you. Read more about it <a href=\"https:\/\/searchengineland.com\/googles-location-tracking-better-now-ever-269922\">here<\/a><\/p>\n\n<h1 id=\"location\">I do not have access to your location data.<\/h1>\n\n<p style=\"text-align:justify;\">Now that I &#8220;know&#8221; where you are. I might take a look at what device you are currently using. This information will be given by your browser &#8211; fortunately, it can be easily modified.<\/p>\n\n<h1 id=\"devwurf\"><\/h1>\n<h1 id=\"device_complete\"><\/h1>\n\n<p style=\"text-align:justify;\">This information might seem innocent and not useful at all, but keep in mind that companies target customers also by their devices. You can expect higher prices when using an Apple product. Read about it <a href=\"https:\/\/www.ibtimes.co.uk\/look-out-you-might-be-charged-more-if-you-shop-online-using-mac-android-device-1474431\">here.<\/a><\/p>\n<p style=\"text-align:justify;\">Some browsers let the website access information regarding the battery status. If you see you battery level below, it means you are vulnerable to that.\n<h1 id=\"battery\">Your device does not give me access to your battery level.<\/h1>\n<p style=\"text-align:justify;\">This has been analyzed by Uber, which learnt that people are more willing to pay surge price when their battery level is low. Officially, Uber stated that they never used low battery level against a customer. Read more about it <a href=\"https:\/\/www.forbes.com\/sites\/amitchowdhry\/2016\/05\/25\/uber-low-battery\/\">here.<\/a><\/p>\n\n<p style=\"text-align:justify;\">When you use Torrent network your public IP is in the wide open and there are companies and government agencies that track this info. One such organization is <a href=\"https:\/\/iknowwhatyoudownload.com\/en\/peer\/\">iknowwhatyoudownload<\/a>, which gives you a list of torrents downloaded from your IP. This does not mean you have done it, because internet providers dynamically give and take back IP numbers. But it gives you a general idea of what people do with the Internet.<\/p>\n\n<h1 id=\"torrent\"><\/h1>\n\n<p style=\"text-align:justify;\">The last thing I want to show you is gyroscope and accelerometer. Most of the modern phones and even laptops are equipped with those two to function properly. Using JavaScript I can get this information from the browser and apply some logic to it. I have created a simple if statement and I can very well see you are still or not, if you have your phone in your hands etc. This has been also analyzed by Google, which identifies an activity of the device owner. Example activities:<\/p>\n\n<table><tr>\n             <td>\n                IN_VEHICLE\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">The device is in a vehicle, such as a car.<\/td>\n            <\/tr>\n            <tr>\n             <td>\n                ON_BICYCLE\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">The device is on a bicycle.<\/td>\n            <\/tr>\n            <tr>\n<td>\n             ON_FOOT\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">The device is on a user who is walking or\n              running.<\/td>\n            <\/tr>\n            <tr>\n<td>\n             RUNNING\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">The device is on a user who is running.<\/td>\n            <\/tr>\n            <tr>\n<td>\n              STILL\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">The device is still (not moving).<\/td>\n            <\/tr>\n            <tr>\n<td>\n            TILTING\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">The device angle relative to gravity changed\n              significantly.<\/td>\n            <\/tr>\n            <tr>\n<td>\n             UNKNOWN\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">Unable to detect the current activity.<\/td>\n            <\/tr>\n<td>\n          WALKING\n              <\/td>\n              <td class=\"jd-descrcol\" width=\"100%\">The device is on a user who is walking.<\/td>\n            <\/tr>\n          <\/table>\n\n<p>Full specs are <a href=\"https:\/\/developers.google.com\/android\/reference\/com\/google\/android\/gms\/location\/DetectedActivity\">here.<\/a><\/p>\n<p style=\"text-align:justify;\"> If you see empty values, it means that either your device has no gyroscope or your browser won&#8217;t give it to me. To test it, I would suggest an Android phone.<\/p>\n<h1>Gyroscope readings<\/h1>\n<h1 id=\"gyroscope\"><\/h1>\n<h1 id=\"compass\"><\/h1>\n<div id =\"test\"><\/div>\n<div id=\"content\">\n\n    <h1>Accelerometer Readings<\/h1>\n    <div id=\"sphere\"><\/div>\n<ul>\n\t<li style=\"font-size:10px\">acceleration x: <span id=\"accelerationX\"><\/span><\/li>\n\t<li style=\"font-size:10px\">acceleration y: <span id=\"accelerationY\"><\/span><\/li>\n\t<li style=\"font-size:10px\">acceleration z: <span id=\"accelerationZ\"><\/span><\/li>\n\t<li style=\"font-size:10px\">rotation alpha: <span id=\"rotationAlpha\"><\/span><\/li>\n\t<li style=\"font-size:10px\">rotation beta: <span id=\"rotationBeta\"><\/span><\/li>\n\t<li style=\"font-size:10px\">rotation gamma: <span id=\"rotationGamma\"><\/span><\/li>\n\t\t\n<\/ul>\n<h1><span id=\"sum\"><\/span><\/h1>\n\n<p style=\"text-align:justify;\">Even though I have not asked for any permission, I might have a good idea on what my users are doing, where they are etc. Please keep in mind that app developers have access to much more information that what is presented here. Please therefore review app permissions, not to give your data away unnecessarily. Stay private!\n<\/p>\n<div hidden>\n\n<h1>Device: <span id=\"device\"><\/span><\/h1>\n<h1>UA: <span id=\"ua\"><\/span><\/h1>\n\n<h2>Browser <\/h2>\n<ul>\n  <li> Name :<span id=\"browserName\"><\/span> <\/li>\n  <li> Version : <span id=\"browserVersion\"><\/span> <\/li>\n<\/ul>\n\n<h2> OS <\/h2>\n<ul>\n  <li> Name :<span id=\"osName\"><\/span> <\/li>\n  <li> Version : <span id=\"osVersion\"><\/span> <\/li>\n<\/ul>\n\n<h2> CPU <\/h2>\n<ul>\n  <li> Name :<span id=\"cpuName\"><\/span> <\/li>\n\n<\/ul>\n<\/div>\n  <script type=\"text\/javascript\" src=\"js\/jquery.ajax-cross-origin.min.js\"><\/script>\n<script src=\"https:\/\/cdn.jsdelivr.net\/npm\/ua-parser-js@0.7.19\/dist\/ua-parser.min.js\"><\/script>\n<script type=\"text\/javascript\" src=\"\/\/wurfl.io\/wurfl.js\"><\/script>\n<script type=\"application\/javascript\">\n \n\n\n\n\nconsole.log(WURFL);\nvar parser = UAParser();\nvar device_html1 = document.getElementById('devwurf');\ndevice_html1.innerHTML  = \"You are currently using a \" + WURFL.form_factor +\". The browser\/device is \" + WURFL.complete_device_name +\".\";\nconsole.log(WURFL.complete_device_name);\nconsole.log(parser);\n\nvar browserName = document.getElementById('device_complete');\nbrowserName.innerHTML = \"And the browser you are using is \"+ parser.browser.name +\", verison: \" + parser.browser.version + \". Your operating system is \" + parser.os.name + \" \" + parser.os.version+ \".\";\nnavigator.getBattery().then(function(battery) {\n\n    var level = battery.level;\n    var batteryIsCharging = battery.charging;\n    console.log(level);\n battery.addEventListener('chargingchange', function() {\n    batteryIsCharging = battery.charging;\n  });\nif(batteryIsCharging){\nvar browserVersion = document.getElementById('battery');\nbrowserVersion.innerHTML = \"Your batter level is \" + level*100 + \"% and is charging.\"\n}else{\nvar browserVersion = document.getElementById('battery');\nbrowserVersion.innerHTML = \"Your batter level is \" + level*100 + \"% and is not charging.\"\n}\n});\n\n function getIP(json) {\nconsole.log(\"https:\/\/json.geoiplookup.io\/\"+json.ip)\n\n $.getJSON(\"https:\/\/json.geoiplookup.io\/\"+json.ip,\n      function(json1) {\n\nvar browserName = document.getElementById('location');\nbrowserName.innerHTML = \"I believe you are in: \"+ json1.city + \", \"+ json1.country_name +\". \" + json1.latitude + \", \"+json1.longitude+\".\";\nconsole.log(json1.city);\n      }\n    );\nvar browserName = document.getElementById('yourip');\nbrowserName.innerHTML = \"Your public IP address is: \"+ json.ip;\n    console.log(\"My public IP address is: \", json.ip);\n  }\nvar browserVersion = document.getElementById('browserVersion');\nbrowserVersion.innerHTML = parser.browser.version;\n\nvar osName = document.getElementById('osName');\n\n\nvar osVersion = document.getElementById('osVersion');\nosVersion.innerHTML = parser.os.version;\n\nvar cpu = document.getElementById(\"cpuName\");\ncpu.innerHTML = parser.cpu.architecture;\n\n\nvar device_html = document.getElementById(\"device\");\ndevice_html.innerHTML  = WURFL.complete_device_name;\nconsole.log(navigator.getBattery())\n\nvar element = document.getElementById('gyroscope');\nvar compass = document.getElementById('compass');\nvar test = document.getElementById('test');\ncompass.hidden = true;\nvar array = [];\n\nfunction handleOrientation(event) {\n    var absolute = event.absolute;\n    var alpha = event.alpha;\n    var beta = event.beta;\n    var gamma = event.gamma;\n\n\n    element.innerHTML = 'Orientation: ' + absolute\n\n\n    if (!alpha) {\n        compass.hidden = true;\n        element.innerHTML += '<br>Your device has no compass ';\n    } else {\n        compass.hidden = false;\n        element.innerHTML += '<br>alpha: ' + alpha\n    }\n\n    element.innerHTML += '<br>beta: ' + beta\n    element.innerHTML += '<br>gamma: ' + gamma + '<br>'\n        \/\/ Do stuff with the new orientation data\n    if (Math.abs(beta) + Math.abs(gamma) < 1.8) {\n        element.innerHTML += 'Your Device is probably laying on a Table';\n    } else {\n        element.innerHTML += 'Your Device is probably in your Hands';\n    }\n\n\n\n\n}\nfunction handleMotion(event) {\n\nvar alpha    = event.acceleration.x;\nvar beta     = event.acceleration.y;\nvar gamma    = event.acceleration.z;\nif (!alpha) {\n        compass.hidden = true;\n        element.innerHTML += '<br>Your device has no compass ';\n    } else {\n        compass.hidden = false;\n        element.innerHTML += '<br>alphaacc: ' + alpha\n    }\nif (array.length < 1000){\n\/\/array.push(alpha + '|' + beta+ '|' +gamma)\n}\n    element.innerHTML += '<br>betaacc: ' + beta\n    element.innerHTML += '<br>gammaacc: ' + gamma + '<br>'\n\nif (Math.abs(alpha) +Math.abs(beta) + Math.abs(gamma) < 1.9) {\n        document.getElementById('gyroscope').innerHTML += 'You are still';\n    } else if (Math.abs(alpha) +Math.abs(beta) + Math.abs(gamma) < 5){\n        document.getElementById('gyroscope').innerHTML += 'You are moving. ';\n    }else{document.getElementById('gyroscope').innerHTML += 'You are running?. ';}\n\/\/ Do stuff with the new orientation data\ntest.innerHTML = array.toString()\n}\nfunction motion(event){\nelement.innerHTML += '<br>betaacc: ' + event.accelerationIncludingGravity.x;\nelement.innerHTML += '<br>gammaacc: ' + event.accelerationIncludingGravity.y + '<br>';\n\n}\nwindow.addEventListener('deviceorientation', handleOrientation);\nif (window.DeviceMotionEvent != undefined) {\nwindow.ondevicemotion = function(e) {\nax = event.accelerationIncludingGravity.x * 5;\nay = event.accelerationIncludingGravity.y * 5;\ndocument.getElementById(\"accelerationX\").innerHTML = e.acceleration.x;\ndocument.getElementById(\"accelerationY\").innerHTML = e.acceleration.y;\ndocument.getElementById(\"accelerationZ\").innerHTML = e.acceleration.z;\n    \/\/document.getElementById(\"sum\").innerHTML = Math.abs(e.acceleration.x);\n\nif ( e.rotationRate ) {\n  document.getElementById(\"rotationAlpha\").innerHTML = e.rotationRate.alpha;\n  document.getElementById(\"rotationBeta\").innerHTML = e.rotationRate.beta;\n  document.getElementById(\"rotationGamma\").innerHTML = e.rotationRate.gamma;\n}\nif (Math.abs(e.acceleration.x) +Math.abs(e.acceleration.y) + Math.abs(e.acceleration.z) < 1.9) {\n        document.getElementById(\"sum\").innerHTML  = 'You are still';\n    } else if (Math.abs(e.acceleration.x) +Math.abs(e.acceleration.y) + Math.abs(e.acceleration.z) < 5){\n       document.getElementById(\"sum\").innerHTML = 'You are moving. ';\n    }else{document.getElementById(\"sum\").innerHTML = 'You are running?. ';}\n}\n\n\n}\n\n\n\n\n<\/script>\n<script type=\"application\/javascript\" src=\"https:\/\/api.ipify.org?format=jsonp&amp;callback=getIP\"><\/script>\n<script src=\"https:\/\/code.jquery.com\/jquery-3.3.1.min.js\"><\/script>\n\n<script type=\"text\/javascript\" src=\"\/\/wurfl.io\/wurfl.js\"><\/script>\n\n\n\n\n\n\n","protected":false},"excerpt":{"rendered":"<p style=\"text-align:justify;\">It has been a while since my last post, but I come back with more privacy stuff! As some of you might know, many websites use something called Javascript to display to you their contents. Javascript is a programming language and in today&#8217;s scenario it will be run on a Client-side, which means that what you see below is JS code being run on your device. This opens up many possibilities and gives me access to a lot of information. <a href=\"http:\/\/webkay.robinlinus.com\/\">This website<\/a> has inspired me to work throught the code myself. Take a look at my results!<\/p>\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"http:\/\/cwiok.pl\/wp-content\/uploads\/2019\/03\/privacy1-1024x536.jpg\" alt=\"\" class=\"wp-image-1113\" srcset=\"https:\/\/cwiok.pl\/wp-content\/uploads\/2019\/03\/privacy1-1024x536.jpg 1024w, https:\/\/cwiok.pl\/wp-content\/uploads\/2019\/03\/privacy1-300x157.jpg 300w, https:\/\/cwiok.pl\/wp-content\/uploads\/2019\/03\/privacy1-768x402.jpg 768w, https:\/\/cwiok.pl\/wp-content\/uploads\/2019\/03\/privacy1.jpg 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<div class=\"tech_read_more\"><a href=\"https:\/\/cwiok.pl\/index.php\/en\/2019\/03\/03\/everything-you-reveal-to-a-website\/\">Read More<\/a><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-734","post","type-post","status-publish","format-standard","hentry","category-privacy"],"_links":{"self":[{"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/posts\/734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/comments?post=734"}],"version-history":[{"count":0,"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/posts\/734\/revisions"}],"wp:attachment":[{"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/media?parent=734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/categories?post=734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cwiok.pl\/index.php\/wp-json\/wp\/v2\/tags?post=734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}