This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission.
Most of the data points are educated guesses and not considered to be accurate.

If you are interested in this topic join the discussion on Hackernews or the discussion on Reddit.

Create awareness for web privacy by tweeting about this page, or share it on Facebook, or Share via Whatsapp.

Sorry! Our Google Geolocation API Quota exceeded. Maybe refresh the page to try again.

Explanation:
Webkay uses the Google Geolocation API to locate you. This is an educated guess and never as accurate as a GPS Location. The accuracy depends on your location and also on your connection type. If you are on a mobile network expect an error of up to 50km.
This example just tries to demonstrate how accurate a website can guess your location without asking you for permission to access your GPS.


Prevention:
To prevent your browser from leaking your ip and location, use a Webproxy.
This example uses the Google GeoLocation API to get a more accurate result then "normal" IP Location Lookups. To prevent this, you need to deactivate Javascript in your browser with a browser plugin like NoScript.

Read ryuuchin's post on privacy plugins!

Operating System
Browser
Browser Plugins

Prevention:
To prevent your browser from leaking information about your software use NoScript.

Prevention:
To prevent your browser from leaking device information use NoScript.

Prevention:
To prevent your browser from leaking information about your connection use NoScript, a Webproxy, or Tor.
To prevent the local ip leak Disable WebRTC or install a Leak Prevent Plugin

Explanation:
See this post by eatsfoobars


Prevention:
To prevent your browser from leaking information about your social networks, logout, use Private Browsing, or NoScript.

Although those Vulnerabilities are well known for several years, none of the vulnerable companies wants to fix them.

Misuses your Google/Facebook Account to reveal your identity.

• Google Plus fixed the bug.
• Facebook Clickjacking seems to work again.

Prevention:
To prevent getting clickjacked, do not visit dubious sites, use Private Browsing, or NoScript.

Those Vulnerabilities are well known for years. . Twitter's social widgets are not vulnerable to this, because you need to confirm your actions in a seperate window.

Misuses your browser's Auto-fill feature to steal your identity.

Autofill Phishing demo

Prevention:
To prevent this attack you should disable the autofill feature, or at least never use it on dubious websites!

Orientation: false
Your device has no compass
beta: null
gamma: null
Your Device is probably laying on a Table

Prevention:
To prevent your browser from accessing your Device Orientation use NoScript.

Any webpage can scan your local network for devices.
Scan my Network (A malicious website could do that without consent.)

Devices in your local network:

Prevention:
To prevent your browser from scanning your Network use NoScript.

Select an Image to see what it's meta data reveals.

Prevention:
To prevent your browser and other servers from accessing the meta data in your images, Remove the EXIF Data before you upload them.

If you like this page maybe you like my other works, too:

• Snapdrop: Instantly share files with devices nearby. No Setup, No Signup.
• My projects on Github
• Web Security Quiz: Test your knowledge with OWASP exam questions
• Facebook: Like my page to get updates about the stuff I create
• Twitter: Follow me on Twitter to get updates about the stuff I create
• Share via Whatsapp