Tech Made Simple

Hot Topics: Holiday Gift Ideas | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

4 Ways Your Browser Leaks Personal Information

by Natasha Stokes on July 01, 2022

There’s a lot you can do to browse the web anonymously and avoid being tracked by every website you visit. But no matter what you may have set, the browser can easily become be a leaky faucet when it comes to identifying personal details that could then be exploited by attackers for financial gain. Here’s how your browser might be compromising your privacy and what you can do about it.

1. Minimize the use of browser extensions

Screenshot of the Chrome browser Extensions page showing eight extensions. Each extension has a description, buttons for Details and Remove, and a toggle you can click on to turn the extension on or off.

The web is rife with downloadable software designed to give your browser additional powers. These include extensions that show you whether reviews are fake, correct your grammar and much more. Unfortunately, these extensions can be riddled with vulnerabilities that hackers may exploit for a land grab at your personal info. And when developers fail to update their extensions, people who use them can become targets.

Head into your browser settings to see what extensions you have downloaded and disable those you infrequently or never use.

There are good extensions that enhance your online experience. To make those extensions easy to find, in April, Google started placing badges on extension listings in the Chrome store to indicate the extension is from a trusted publisher. The checkmark badge next to the name of the developer indicates that the developer is an Established Publisher with a good record and has had no history of violations. The Featured badge means that the extension follows Google's technical best practices for the user experience and design.

Screenshot of the Grammarly listing in the Google Chrome store. You can see a badge that is a check mark with a circle around it next to the developer name, grammarly.com. You also see a ribbon badge next to the word Featured.

What to do

2. Dodge browser fingerprinting

Screenshot EFF Cover Your Tracks report showing that the browser does not block ads or invisible trackers and has a unique fingerprint.

Websites often query your browser for data such as location, hardware, screen size, installed fonts and browser version, so they’re able to load the web pages correctly. However, this list combines to make a “fingerprint” that’s overwhelmingly unique to your browser, making it highly trackable even if you’ve disabled trackers.

See how unique your browser is at Cover Your Tracks, a browser tester set up by the Electronic Frontier Foundation. The site will tell you how unique your fingerprint is and whether your browser is blocking ads and invisible trackers.

What to do

There’s not a lot you can do about browser fingerprinting. In theory, protection from fingerprinting involves a device with the same settings and programs as the most other people. For example, an iPhone would offer better protection than an Android because it has less ability to be customized and made unique; a Chrome user would be less unique than, say, a Linux user.

Chrome, Edge, and Firefox users could try extensions that randomize what data is reported by the browser, because presenting a different fingerprint every time makes tracking impossible. Chameleon (Firefox) and Random User Agent (Chrome and Edge) have decent reviews at their respective app stores.

3. Prevent phishing attacks on browser autofill

Autofill in web browser

Your browser’s autofill function exists to make it easier and faster to fill in forms that ask for the same tedious information – your name, address, and date of birth. The convenience of saving such information often outweighs any concerns you may have over the security chops of a browser.

However, in the past, browsers have been tricked into revealing saved personal information without the user realizing it. This phishing attack would occur via hidden text boxes coded into a malicious site, alongside a couple of visible requests for innocuous information like your name and email address – say, a pretense at getting a discount offer. When you type in the info, the autofill feature ends up adding other information saved to the browser autofill, which could include enough details to enable credit card fraud.

What to do

Avoid typing in any personal information on websites you’re not sure about. Delete credit card information from your browser, or turn off the autofill feature entirely. Here’s how.

Chrome: Settings > Autofill > Payment methods to remove credit card information and Settings > Addresses and more to remove your address.

Edge: Settings > Profiles > Personal info to remove your address and other information you have stored for autofill.

Safari: Preferences > AutoFill. Manage what information is autofilled and delete or edit what’s saved.

Firefox: Settings > Privacy & Security > Forms and Autofill. Click in the box to remove the check mark for information you don't want autofilled.

4. Avoid sites that don’t use the HTTPS protocol

Heading to a website that doesn’t have the “https” prefix means anything you do there is unencrypted. This includes what you click as well as what you type – it’s all visible to any eavesdropper. While that shouldn't be a concern for public content sites where you are simply reading information, it should be a big concern on any site where you are entering personal information such as login credentials, social security numbers, or any other information you would not want snoopers to see.

Some websites may include the https prefix on their home page, then default to the unencrypted “http” on other pages. Things get especially dicey when you’re at a site where you need to log in with a password or input payment details.

Chrome, Edge, Safari and Firefox all flag sites as Secure with a padlock if they are fully encrypted or Not Secure (or a padlock with a red line through it) if they’re unencrypted. The alert appears on the left of the URL box.

Screenshot of LG Recycling Program webpage with the Not Secure warning open.

What to do

Check for the padlock before entering any log-in or payment information.

Download the HTTPS Everywhere extension for Firefox, Chrome, and Edge which automatically encrypts your browser’s communications with major websites if it finds faulty HTTPS links. Note that the extension can't force all connections to be https.

Screenshot of HTTPS Everywhere warning: HTTPS Everywhere noticed you were navigating to a non-HTTPS page, and tried to send you to the HTTPS version instead. The HTTPS version is unavailable. Most likely this site does not support HTTPS, but it is also possible that an attacker is blocking the HTTPS version. If you wish to view the unencrypted version of this page, you can still do so by disabling the 'Encrypt All Sites Eligible' (EASE) option in your HTTPS Everywhere extension. Be aware that disabling this option could make your browser vulnerable to network-based downgrade attacks on websites you visit. There are buttons: Copy URL, Proceed anyway (unsafe), and Disable on this site.

Updated on 7/1/2022

[Image credit: Screenshots via Techlicious, desktop computer via Smartmockups]

Natasha Stokes has been a technology writer for more than 10 years covering consumer tech issues, digital privacy and cybersecurity. As the features editor at TOP10VPN, she covered online censorship and surveillance that impact the lives of people around the world. Her work has also appeared on NBC News, BBC Worldwide, CNN, Time and Travel+Leisure.


Topics

Privacy, Computers and Software, Internet & Networking, Computer Safety & Support, Tips & How-Tos


Discussion loading

gravatar

From T on July 07, 2019 :: 3:40 pm


Thanks for the article. Also there’s a lot more information that could be used for fingerprinting other than what Panopticlick shows, like on Device Info https://www.deviceinfo.me for proof of concept.

Reply

gravatar

From Ernesto Colina on July 08, 2019 :: 9:29 am


http://ipleak.net/
An excellent site to test your browser leaks, also to test your VPN, if your real IP address is shown, then you have a problem with your VPN.

Reply

gravatar

From Scott Orten on July 15, 2019 :: 3:55 pm


Windows 10
I need a step by step procedure to stop windows updates from automatically down loading
Many thanks

Reply

gravatar

From Josh Kirschner on July 16, 2019 :: 9:28 am


Automatic Windows updates are really annoying when your machine restarts and you lose work. You can turn them off, but the steps aren’t for novices and you have to make sure you keep your machine up to date manually or you run the risk of serious security issues. Here is one source for the steps to do it: https://www.windowscentral.com/how-stop-updates-installing-automatically-windows-10

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.