http://www.privacypies.org/blog/metadata/2017/02/28/hakuna-metadata-1.html
Alerta, amb google chrome, google té accés a l'historial de navegació
complet. També, les ISP, per més que naveguem amb HTTPS, sí que veuen
els paràmetres de cerca:
"
https://duckduckgo.com/?q=%22*hakuna*+*metadata*%22&ia=web". [1]
«
So, assuming that we trust our browsers, let us exclude it from being a
threat actor in our model.
Entity Access to history Comments
Malware in the computer
Full
Any program which has adequate privileges to start a browser process and
browse the web potentially has the capacity to leak it. Such malwares
<
https://www.google.com/url?q=http://www.spamfighter.com/News-20261-Horrid-Piece-of-Android-Malware-Monitors-Browser-History-Texts-and-Banking-Information.htm&sa=D&ust=1488540443662000&usg=AFQjCNGWv0CtciDAzFR_mLpVlDIrEBUutQ> have
a high demand in the darknet. Other than that, there are browser
hijacking malware
<
https://www.google.com/url?q=https://en.wikipedia.org/wiki/Browser_hijacking&sa=D&ust=1488540443663000&usg=AFQjCNG92Mrcn_PDlz-fua0j-hYbuUjo3A> which
pollutes your history
Wifi Hotspot
Full
Using captive Wi-Fi
<
https://www.google.com/url?q=http://ieee-security.org/TC/SPW2016/MoST/slides/s2/t1.pdf&sa=D&ust=1488540443665000&usg=AFQjCNGu6jkiMr4Y-jNXXjfbBvrUxsqPrA> is
a common practice in many places, especially when using public hotspots
<
https://www.google.com/url?q=http://qurinet.ucdavis.edu/pubs/conf/Ningning_INFOCOM13.pdf&sa=D&ust=1488540443666000&usg=AFQjCNEwQ64uDmbHhyqyizENtwV9qbu52A>.
Internet Service Providers (ISPs)
Almost full
ISPs can seek many insights, even when the traffic is encrypted
<
https://www.google.com/url?q=https://www.teamupturn.com/reports/2016/what-isps-can-see&sa=D&ust=1488540443669000&usg=AFQjCNGNZsGWm3RQdTMrff_Z4_BS7hKdJQ>.
Have a look at “How Internet sees you
<
https://www.google.com/url?q=https://events.ccc.de/congress/2010/Fahrplan/attachments/1791_27C3-JeroenMassar-HowTheInternetSeesYou.pdf&sa=D&ust=1488540443670000&usg=AFQjCNFvtSIgJEpf1mYq2AvlcY8BW2th6A>”
HTTP: The ISP knows which pages you're visiting and could see the data
you send and receive.
HTTPS: The ISP knows which domain you've visited but not the URL
parameters, and not the contents of any data you send or receive.
Domain Name Service (DNS) Providers
Partial
Only the domain name queries and not complete URL.
Cookies ( tracking, advertising and profiling companies)
Partial to almost full (depending on who’s cookie it is)
Based on cookie origin policies, cookies from Website A can collect the
history related to that.
Websites that you visit
Partial
Any websites that you visit would obviously know that you have visited
them.
»
«Even you are in a foreign country, you still visit websites related to
your home country. So, along with the ISP of the foreign country, your
geographic affiliation or affinity is now evident to the DNS providers
as well»
«So, at this point, one can know about my working hours, sleep time,
work-related travel and my holiday schedules just using my browsing
metadata. That is quite a lot of information about me retrieved just
from the metadata right?»
«I built a small/ naive tool to replicate the similar graphs shown in
this article for almost anyone who is a Linux+Firefox user, browses
Internet including social media like anyone else and most importantly
stores the browsing history for a decent period of time.»
https://github.com/sidtechnical/hakuna-metadata-1
Jo no he provat l'eina, encara, comento quan ho faci
Salut,
fdk
[1] Al ddg, això es pot canviar fent que les cerques s'enviïn al camp de
dades del POST, i per tant, xifrades amb TLS.