Information Gathering
It's crucial to distinguish between information a browser voluntarily exposes for functional reasons and Personal Identifiable Information (PII). A website cannot access your name, address, or files just by you visiting it.
Information Available to Any Website
This data is provided by the browser to allow websites to render correctly and gather analytics. However, it can be abused for fingerprinting.
- IP Address: General geographic location (city/country) and ISP.
- Browser & OS Information: From the User-Agent string.
- Device Type & Screen Resolution: Inferred from User-Agent and screen size.
- Language Preference & System Timezone.
How Personal Information (PII) is Actually Obtained
Obtaining PII requires an action from you, whether intentional or unintentional.
- You Provide It: Filling out forms, creating accounts, etc.
- Phishing & Social Engineering: Tricking you into entering data on a fake website.
- Data Breaches: An attacker steals data from a service you use.
- Malware: A system-level compromise can capture anything you type or see.
Defensive Measures: Be skeptical of links and login pages, always verify URLs. Use a password manager to generate unique passwords and detect phishing. Enable Two-Factor Authentication (2FA) on all important accounts.