[Lista Criptica] Hakuna Metadata - Què revela l'historial de…

Delete this message

Reply to this message
Autor: fadelkon
Data:  
A: list_criptica@inventati.org
Assumpte: [Lista Criptica] Hakuna Metadata - Què revela l'historial de navegació?
http://www.privacypies.org/blog/metadata/2017/02/28/hakuna-metadata-1.html

Alerta, amb google chrome, google té accés a l'historial de navegació
complet. També, les ISP, per més que naveguem amb HTTPS, sí que veuen
els paràmetres de cerca:
"https://duckduckgo.com/?q=%22*hakuna*+*metadata*%22&ia=web". [1]

«
So, assuming that we trust our browsers, let us exclude it from being a
threat actor in our model.
Entity     Access to history     Comments


Malware in the computer

    

Full

    

Any program which has adequate privileges to start a browser process and
browse the web potentially has the capacity to leak it. Such malwares
<https://www.google.com/url?q=http://www.spamfighter.com/News-20261-Horrid-Piece-of-Android-Malware-Monitors-Browser-History-Texts-and-Banking-Information.htm&sa=D&ust=1488540443662000&usg=AFQjCNGWv0CtciDAzFR_mLpVlDIrEBUutQ> have
a high demand in the darknet. Other than that, there are browser
hijacking malware
<https://www.google.com/url?q=https://en.wikipedia.org/wiki/Browser_hijacking&sa=D&ust=1488540443663000&usg=AFQjCNG92Mrcn_PDlz-fua0j-hYbuUjo3A> which
pollutes your history

Wifi Hotspot

    

Full

    

Using captive Wi-Fi
<https://www.google.com/url?q=http://ieee-security.org/TC/SPW2016/MoST/slides/s2/t1.pdf&sa=D&ust=1488540443665000&usg=AFQjCNGu6jkiMr4Y-jNXXjfbBvrUxsqPrA> is
a common practice in many places, especially when using public hotspots
<https://www.google.com/url?q=http://qurinet.ucdavis.edu/pubs/conf/Ningning_INFOCOM13.pdf&sa=D&ust=1488540443666000&usg=AFQjCNEwQ64uDmbHhyqyizENtwV9qbu52A>.

Internet Service Providers (ISPs)

    

Almost full

    

ISPs can seek many insights, even when the traffic is encrypted
<https://www.google.com/url?q=https://www.teamupturn.com/reports/2016/what-isps-can-see&sa=D&ust=1488540443669000&usg=AFQjCNGNZsGWm3RQdTMrff_Z4_BS7hKdJQ>.
Have a look at “How Internet sees you
<https://www.google.com/url?q=https://events.ccc.de/congress/2010/Fahrplan/attachments/1791_27C3-JeroenMassar-HowTheInternetSeesYou.pdf&sa=D&ust=1488540443670000&usg=AFQjCNFvtSIgJEpf1mYq2AvlcY8BW2th6A>”

HTTP: The ISP knows which pages you're visiting and could see the data
you send and receive.

HTTPS: The ISP knows which domain you've visited but not the URL
parameters, and not the contents of any data you send or receive.

Domain Name Service (DNS) Providers

    

Partial

    

Only the domain name queries and not complete URL.

Cookies ( tracking, advertising and profiling companies)

    

Partial to almost full (depending on who’s cookie it is)

    

Based on cookie origin policies, cookies from Website A can collect the
history related to that.

Websites that you visit

    

Partial

    

Any websites that you visit would obviously know that you have visited
them.


»

«Even you are in a foreign country, you still visit websites related to
your home country. So, along with the ISP of the foreign country, your
geographic affiliation or affinity is now evident to the DNS providers
as well»

«So, at this point, one can know about my working hours, sleep time,
work-related travel and my holiday schedules just using my browsing
metadata. That is quite a lot of information about me retrieved just
from the metadata right?»

«I built a small/ naive tool to replicate the similar graphs shown in
this article for almost anyone who is a Linux+Firefox user, browses
Internet including social media like anyone else and most importantly
stores the browsing history for a decent period of time.»

https://github.com/sidtechnical/hakuna-metadata-1


Jo no he provat l'eina, encara, comento quan ho faci

Salut,
fdk

[1] Al ddg, això es pot canviar fent que les cerques s'enviïn al camp de
dades del POST, i per tant, xifrades amb TLS.