What does looking under the hood of your browser reveal about you?
Imagine you’re running a nonprofit site dedicated to keeping seniors safe online. You write articles about con-men bilking people out of their life savings, romance scams, identity theft and the like.
One day, somebody recommends a chat app called Tawk that enables you to respond in real time when your visitors write in with questions. The price is right, particularly for a nonprofit: it is, in fact, free.
…as does your ability to see, in real time, everything your visitors type, even when they hit backspace and delete-delete-delete whatever thoughts first popped into their heads and which never made it into the fully baked, eventually sent message. “Whoa!” you well might think, if, in fact, you haven’t previously encountered how easy it is to set up a site to harvest form data before a user hits “submit.”
That’s precisely what happened to fellow Naked Security writer Christopher Burgess, who recently set up Tawk to work with Senior Online Security.
It's important to note, every character you type in your browser is a POST operation and sent to the server. If they choose to retain it, they can no matter what your browser displays.