Archive for August 1st, 2017

by Tom Nelson

Your browser is generally a tattletale, willing to divulge many secrets it knows about you or can find out, just for the asking. It’s not really the browser’s fault; that’s just how most browsers are made. We’ll show you how to find out what your browser is willing to tell about you, and how to keep it quiet.

JavaScript and HTML Headers
Most of the information a browser divulges is sent either as data embedded in the HTML headers that are transmitted between your browser and the web server hosting the site you’re visiting, or by the use of JavaScript embedded in the webpage you’re viewing.

The amount of information that can be gleaned through the use of JavaScript and headers is pretty amazing, so as we take a look at some of the common information websites ask for, we’ll also present possible ways to mitigate the security issues of a blabbermouth browser.

Screen shot © Coyote Moon, Inc.

Location Information
With a little help from some JavaScript embedded in a webpage, your browser can make a pretty good guess at your current location, and send this information off to a site’s web server.

There are various ways to ask for location information, but one of the common methods is to use a set of APIs used by Google for geolocation. The APIs were developed to allow ads to be tailored for your location; ads for a local pizza shop or a nearby auto dealer are just a couple of examples.

When I tried this out with the Google geolocation API, the result for my location was off by 17 miles. That’s a lot better than a simple IP lookup (more about that later), which can put you pretty far away from your actual location.

Keeping it quiet: The simplest solution is to disable JavaScript in your web browser’s preferences. Safari users will find the option in the Security section of Safari’s preferences.

The problem with disabling JavaScript is that it’s an all-or-nothing solution; disabling it prevents every website you visit from using JavaScript. You’re likely to find most websites will simply stop working correctly. A better choice may be to use one of the many browser extensions available, such as JS Blocker (Safari), NoScript (Firefox), or ScriptSafe (Chrome). JavaScript-blocking extensions can prevent many of the data sniffing code from working on websites you visit.

But it’s not just Google using location information. Your Mac has built-in location services as well. Thankfully, you get to control which apps are allowed to make use of the Location Services. You can find location options in the Security & Privacy preference pane, under the Privacy tab.

Read more on Rocket Yard, The MacSales.com Blog


Read Full Post »