What attacks are made possible by public release of my web history?











up vote
27
down vote

favorite
5












Assume that my internet history is made public (accidentally or on purpose). And this release is over 24 hours since the visits were made.



Also assume that there aren't an embarrassing sites on there: there isn't any blackmail potential.



(My most embarrassing page visited in the last week is actually the TV tropes page for my little pony, for which I have a valid reason and a witness).



What potential attacks does this allow? I'm mildly concerned about seeing massive links like:




https://kdp.amazon.com/en_US/ap-post-redirect?openid.assoc_handle=amzn_dtp&aToken=Atza%7CIwEBIO9mWoekr9KzK7rH_Db0gp93sewMCe6UcFPm_MbUhq-jp1m7kF-x0erh6NbjdLX3bm8Gfo3h7yU1nBYHOWso0LiOyUMLgLIDCEMGKGZBqv1EMyT6-EDajBYsH21sek92r5aH6Ahy9POCGEplpeKBVrAiU-vl3uIfOAHihKnB5r2yXPytFCITXM70wB5HBT-MIX3F1Y2G4WfWA-EgIfZY8bLdLangmgVq8hE61eDIFRzcSDtAf0Sz7_zxm1Ix8lV8XFBS8GSML9YSwZ1Gq6nSt9pG7hTZoGQns9nzKLk7WpAWE8RazDLKxVJD-nDsQ9VdBJe7JZJtD7c77swkYneOZ5HXgeGFkGhKsMnP7GSYndXhC_PqzY251iDt0X7e5TWvh86WZA0tG2qZ_lyIagZtB3iw&openid.claimed_id=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.identity=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.op_endpoint=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin&openid.response_nonce=2018-12-11T13%3A46%3A52Z4004222742336216632&openid.return_to=https%3A%2F%2Fkdp.amazon.com%2Fap-post-redirect&openid.signed=assoc_handle%2CaToken%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2CsiteState%2Cns.pape%2Cpape.auth_policies%2Cpape.auth_time%2Csigned&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fnone&openid.pape.auth_time=2018-12-11T13%3A46%3A52Z&openid.sig=5cx5iHjeLyWTTA9iJ%2BucszunqanOw36djKuNF6%2FOfsM%3D&serial=&siteState=clientContext%3D135-4119325-2722413%2CsourceUrl%3Dhttps%253A%252F%252Fkdp.amazon.com%252Fbookshelf%253Flanguage%253Den_US%2Csignature%3DgqJ53erzurnmO1SPLDK1gLwh9%2FUP6rGUwGF2uZUAAAABAAAAAFwPv8dyYXcAAAAAAsF6s-obfie4v1Ep9rqj




in my history and worrying that secure information might be passed in a URL somewhere.



I am aware that this makes it easier to impersonate my identity, I'm mostly interested in the leakage of information via the URL itself.










share|improve this question









New contributor




Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Is it just your browser history or it a complete account/host compromise? It matters because, while your browser history might not provide much (unless you're into obscure porn), if they had access to your computer/profile, cookies, key loggers, screen scrapers are a whole different ballgame.
    – thepip3r
    18 hours ago












  • @thepip3r browser history only - and actually in this use case: url and timestamp pairs.
    – Joe
    17 hours ago















up vote
27
down vote

favorite
5












Assume that my internet history is made public (accidentally or on purpose). And this release is over 24 hours since the visits were made.



Also assume that there aren't an embarrassing sites on there: there isn't any blackmail potential.



(My most embarrassing page visited in the last week is actually the TV tropes page for my little pony, for which I have a valid reason and a witness).



What potential attacks does this allow? I'm mildly concerned about seeing massive links like:




https://kdp.amazon.com/en_US/ap-post-redirect?openid.assoc_handle=amzn_dtp&aToken=Atza%7CIwEBIO9mWoekr9KzK7rH_Db0gp93sewMCe6UcFPm_MbUhq-jp1m7kF-x0erh6NbjdLX3bm8Gfo3h7yU1nBYHOWso0LiOyUMLgLIDCEMGKGZBqv1EMyT6-EDajBYsH21sek92r5aH6Ahy9POCGEplpeKBVrAiU-vl3uIfOAHihKnB5r2yXPytFCITXM70wB5HBT-MIX3F1Y2G4WfWA-EgIfZY8bLdLangmgVq8hE61eDIFRzcSDtAf0Sz7_zxm1Ix8lV8XFBS8GSML9YSwZ1Gq6nSt9pG7hTZoGQns9nzKLk7WpAWE8RazDLKxVJD-nDsQ9VdBJe7JZJtD7c77swkYneOZ5HXgeGFkGhKsMnP7GSYndXhC_PqzY251iDt0X7e5TWvh86WZA0tG2qZ_lyIagZtB3iw&openid.claimed_id=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.identity=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.op_endpoint=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin&openid.response_nonce=2018-12-11T13%3A46%3A52Z4004222742336216632&openid.return_to=https%3A%2F%2Fkdp.amazon.com%2Fap-post-redirect&openid.signed=assoc_handle%2CaToken%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2CsiteState%2Cns.pape%2Cpape.auth_policies%2Cpape.auth_time%2Csigned&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fnone&openid.pape.auth_time=2018-12-11T13%3A46%3A52Z&openid.sig=5cx5iHjeLyWTTA9iJ%2BucszunqanOw36djKuNF6%2FOfsM%3D&serial=&siteState=clientContext%3D135-4119325-2722413%2CsourceUrl%3Dhttps%253A%252F%252Fkdp.amazon.com%252Fbookshelf%253Flanguage%253Den_US%2Csignature%3DgqJ53erzurnmO1SPLDK1gLwh9%2FUP6rGUwGF2uZUAAAABAAAAAFwPv8dyYXcAAAAAAsF6s-obfie4v1Ep9rqj




in my history and worrying that secure information might be passed in a URL somewhere.



I am aware that this makes it easier to impersonate my identity, I'm mostly interested in the leakage of information via the URL itself.










share|improve this question









New contributor




Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Is it just your browser history or it a complete account/host compromise? It matters because, while your browser history might not provide much (unless you're into obscure porn), if they had access to your computer/profile, cookies, key loggers, screen scrapers are a whole different ballgame.
    – thepip3r
    18 hours ago












  • @thepip3r browser history only - and actually in this use case: url and timestamp pairs.
    – Joe
    17 hours ago













up vote
27
down vote

favorite
5









up vote
27
down vote

favorite
5






5





Assume that my internet history is made public (accidentally or on purpose). And this release is over 24 hours since the visits were made.



Also assume that there aren't an embarrassing sites on there: there isn't any blackmail potential.



(My most embarrassing page visited in the last week is actually the TV tropes page for my little pony, for which I have a valid reason and a witness).



What potential attacks does this allow? I'm mildly concerned about seeing massive links like:




https://kdp.amazon.com/en_US/ap-post-redirect?openid.assoc_handle=amzn_dtp&aToken=Atza%7CIwEBIO9mWoekr9KzK7rH_Db0gp93sewMCe6UcFPm_MbUhq-jp1m7kF-x0erh6NbjdLX3bm8Gfo3h7yU1nBYHOWso0LiOyUMLgLIDCEMGKGZBqv1EMyT6-EDajBYsH21sek92r5aH6Ahy9POCGEplpeKBVrAiU-vl3uIfOAHihKnB5r2yXPytFCITXM70wB5HBT-MIX3F1Y2G4WfWA-EgIfZY8bLdLangmgVq8hE61eDIFRzcSDtAf0Sz7_zxm1Ix8lV8XFBS8GSML9YSwZ1Gq6nSt9pG7hTZoGQns9nzKLk7WpAWE8RazDLKxVJD-nDsQ9VdBJe7JZJtD7c77swkYneOZ5HXgeGFkGhKsMnP7GSYndXhC_PqzY251iDt0X7e5TWvh86WZA0tG2qZ_lyIagZtB3iw&openid.claimed_id=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.identity=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.op_endpoint=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin&openid.response_nonce=2018-12-11T13%3A46%3A52Z4004222742336216632&openid.return_to=https%3A%2F%2Fkdp.amazon.com%2Fap-post-redirect&openid.signed=assoc_handle%2CaToken%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2CsiteState%2Cns.pape%2Cpape.auth_policies%2Cpape.auth_time%2Csigned&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fnone&openid.pape.auth_time=2018-12-11T13%3A46%3A52Z&openid.sig=5cx5iHjeLyWTTA9iJ%2BucszunqanOw36djKuNF6%2FOfsM%3D&serial=&siteState=clientContext%3D135-4119325-2722413%2CsourceUrl%3Dhttps%253A%252F%252Fkdp.amazon.com%252Fbookshelf%253Flanguage%253Den_US%2Csignature%3DgqJ53erzurnmO1SPLDK1gLwh9%2FUP6rGUwGF2uZUAAAABAAAAAFwPv8dyYXcAAAAAAsF6s-obfie4v1Ep9rqj




in my history and worrying that secure information might be passed in a URL somewhere.



I am aware that this makes it easier to impersonate my identity, I'm mostly interested in the leakage of information via the URL itself.










share|improve this question









New contributor




Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Assume that my internet history is made public (accidentally or on purpose). And this release is over 24 hours since the visits were made.



Also assume that there aren't an embarrassing sites on there: there isn't any blackmail potential.



(My most embarrassing page visited in the last week is actually the TV tropes page for my little pony, for which I have a valid reason and a witness).



What potential attacks does this allow? I'm mildly concerned about seeing massive links like:




https://kdp.amazon.com/en_US/ap-post-redirect?openid.assoc_handle=amzn_dtp&aToken=Atza%7CIwEBIO9mWoekr9KzK7rH_Db0gp93sewMCe6UcFPm_MbUhq-jp1m7kF-x0erh6NbjdLX3bm8Gfo3h7yU1nBYHOWso0LiOyUMLgLIDCEMGKGZBqv1EMyT6-EDajBYsH21sek92r5aH6Ahy9POCGEplpeKBVrAiU-vl3uIfOAHihKnB5r2yXPytFCITXM70wB5HBT-MIX3F1Y2G4WfWA-EgIfZY8bLdLangmgVq8hE61eDIFRzcSDtAf0Sz7_zxm1Ix8lV8XFBS8GSML9YSwZ1Gq6nSt9pG7hTZoGQns9nzKLk7WpAWE8RazDLKxVJD-nDsQ9VdBJe7JZJtD7c77swkYneOZ5HXgeGFkGhKsMnP7GSYndXhC_PqzY251iDt0X7e5TWvh86WZA0tG2qZ_lyIagZtB3iw&openid.claimed_id=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.identity=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AEK7TIVVPUJDAK3JIFQIQ77WZWDQ&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.op_endpoint=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin&openid.response_nonce=2018-12-11T13%3A46%3A52Z4004222742336216632&openid.return_to=https%3A%2F%2Fkdp.amazon.com%2Fap-post-redirect&openid.signed=assoc_handle%2CaToken%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2CsiteState%2Cns.pape%2Cpape.auth_policies%2Cpape.auth_time%2Csigned&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fnone&openid.pape.auth_time=2018-12-11T13%3A46%3A52Z&openid.sig=5cx5iHjeLyWTTA9iJ%2BucszunqanOw36djKuNF6%2FOfsM%3D&serial=&siteState=clientContext%3D135-4119325-2722413%2CsourceUrl%3Dhttps%253A%252F%252Fkdp.amazon.com%252Fbookshelf%253Flanguage%253Den_US%2Csignature%3DgqJ53erzurnmO1SPLDK1gLwh9%2FUP6rGUwGF2uZUAAAABAAAAAFwPv8dyYXcAAAAAAsF6s-obfie4v1Ep9rqj




in my history and worrying that secure information might be passed in a URL somewhere.



I am aware that this makes it easier to impersonate my identity, I'm mostly interested in the leakage of information via the URL itself.







web-browser url






share|improve this question









New contributor




Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 9 hours ago









The Guy with The Hat

202113




202113






New contributor




Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 19 hours ago









Joe

23837




23837




New contributor




Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Joe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Is it just your browser history or it a complete account/host compromise? It matters because, while your browser history might not provide much (unless you're into obscure porn), if they had access to your computer/profile, cookies, key loggers, screen scrapers are a whole different ballgame.
    – thepip3r
    18 hours ago












  • @thepip3r browser history only - and actually in this use case: url and timestamp pairs.
    – Joe
    17 hours ago


















  • Is it just your browser history or it a complete account/host compromise? It matters because, while your browser history might not provide much (unless you're into obscure porn), if they had access to your computer/profile, cookies, key loggers, screen scrapers are a whole different ballgame.
    – thepip3r
    18 hours ago












  • @thepip3r browser history only - and actually in this use case: url and timestamp pairs.
    – Joe
    17 hours ago
















Is it just your browser history or it a complete account/host compromise? It matters because, while your browser history might not provide much (unless you're into obscure porn), if they had access to your computer/profile, cookies, key loggers, screen scrapers are a whole different ballgame.
– thepip3r
18 hours ago






Is it just your browser history or it a complete account/host compromise? It matters because, while your browser history might not provide much (unless you're into obscure porn), if they had access to your computer/profile, cookies, key loggers, screen scrapers are a whole different ballgame.
– thepip3r
18 hours ago














@thepip3r browser history only - and actually in this use case: url and timestamp pairs.
– Joe
17 hours ago




@thepip3r browser history only - and actually in this use case: url and timestamp pairs.
– Joe
17 hours ago










5 Answers
5






active

oldest

votes

















up vote
29
down vote



accepted










Your question might be more undefined than you realise. Any kind of data can be passed using URL parameters. Usernames, passwords, authentication tokens, settings, form data, or anything the web developer chooses. It's not always good practice to use URL parameters to for this, but it is always possible.



And it's entirely up to each individual web developer on each individual page (not just site) as to what might be exposed and when. So you might not be able to predict what might be exposed.



So, to answer your question, in the worst case, you could experience a complete and utter disclosure of any amount of personal data including credentials.



By request, I did a search for the practice of "passwords in URL parameters" and restricted results to this year. Here's one of the top hits:



https://answers.splunk.com/answers/622600/how-to-pass-username-and-password-as-a-parameter-v.html



That's a forum from Feb 2018 from a major, publicly traded company talking about how to do this.



Here is OWASP's official page on this vulnerability:




The parameter values for 'user', 'authz_token', and 'expire' will be
exposed in the following locations when using HTTP or HTTPS:



Referer

Header
Web Logs
Shared Systems
Browser History
Browser Cache

Shoulder Surfing







share|improve this answer



















  • 2




    The only thing I'd add to this is that the problem is also worse because while you're correct that any data can be passed via URL, the problem is compounded by the fact that what information is passed via a URL and whether and how it is secured is up to each individual company you're visiting and furthermore, the standards of the web programmers who developed each page. So you could never say by looking at one URL that there wasn't any sensitive data passed--you couldn't even say that about different URLs from the same site...
    – thepip3r
    18 hours ago












  • @thepip3r - oh that's interesting - so you are saying that there might be information visible only to employees of that site... cute...
    – Joe
    17 hours ago






  • 1




    and even if passwords aren't passed in the query string, if the session token is, you'd better hope that the developers restricted it to a single IP address and limited time validity...
    – Ben Voigt
    11 hours ago










  • And what is a 'safe' practice today - isn't necessarily safe tomorrow.
    – Paul
    1 hour ago


















up vote
7
down vote













Quite a bit actually:




  • Extortion based off content

  • Mapping systems that are not public

  • Sensitive parameters in certain requests

  • Personal information


Extortion



That search of yours that may be embarrassing and taken out of context. A WebMD search for a medical condition you don't want made known to co-workers for example. A search that was best done in incognito mode you forgot about.



Mapping systems that are not public



How about your works intranet site or that production web portal, well those names are going to pop up in your history now and if its something like Jenkins - thats a great candidate for a DNS rebind attack.



Sensitive parameters in certain requests



If you visit a site that just does the internet wrong and the parameter contains an API key, password, credential or just an account ID well that is captured and can be used now.



Personal information



I see you've been searching for holidays in March for 2 weeks - that would be a great time to break in to your house or impersonate you. Looking for an engagement ring well that sounds like something worth stealing. You did a google map from your address to another location?






share|improve this answer




























    up vote
    4
    down vote













    One of the threats I'd like to mention that has not been named yet is de-anonymization.



    The URIs in your history could leak information about your user accounts on different sites - for instance if you constantly check your own profile on social media sites. If you use some web services anonymously and others under your real name (Facebook, Twitter) an adversary can very easily de-anonymize and dox you. That can be especially damning for you if you appear on a platform anonymously and want it to stay that way (dating platforms, file sharing platforms, free speech platforms).



    Data on the internet also has the tendency to be there for a long time, so this threat is very persistent.






    share|improve this answer




























      up vote
      -1
      down vote













      Having your browsing history exposed means the attacker has in possession the list of url's your browser has accessed. From a complex url an attacker can identify these information:




      1. Protocol

      2. Subdomain

      3. Domain

      4. Port

      5. Path

      6. Parameters of a query

      7. Fragment


      enter image description here



      Now, your privacy depends on the way the developer has built the site.



      If you logged in in a website that has an url like this:



      www.example.com/?login=**myusers**&password=**mypassword**


      then the attacker has your credentials for that site.



      Some of possible attacks would be:




      1. sql injection

      2. URL Manipulation

      3. Directory Traversal

      4. Identify theft


      In simple words, your privacy/risk depends on the security level the site has.






      share|improve this answer



















      • 5




        All of the attacks you list are attacks that could be possible against sites that he visited, none of them are attacks against him made possible by disclosure of the urls. URL Manipulation could be relevant, but I don't see how sql injection or directory traversal are.
        – AndrolGenhald
        19 hours ago












      • Bad security of a site, brings automatically a threat to the users whom have information stored on that site.
        – Vini7
        18 hours ago






      • 6




        Absolutely, but that threat exists with or without OP's browser history being exposed. The browser history may allow someone targeting him to look for vulnerabilities in those specific sites because they know he has an account there, but I certainly wouldn't say "sql injection is made possible by public release of browser history".
        – AndrolGenhald
        18 hours ago


















      up vote
      -2
      down vote













      To add to the post about information leakage in URL:



      An attacker that has this may:



      1: Extract what sites you use to try and log into to see if you are using the same creds [assumes attacker has captured a cred]



      2: This info grants much more advanced knowledge for creating phishing attacks EX: "you've been selected to screen the new MLP season [whatever]"



      3: Possible physical tracking based on sites "oh their kid goes to "little gals daycare" because I see them log into to pay that bill"



      Could be more depending on what's in there.






      share|improve this answer























      • I'm not sure how the URL parameters provide all that. Just the URLs would be enough.
        – schroeder
        16 hours ago










      • @schroeder I didn't see that the question asked for only information that would need parameters.
        – Acccumulation
        16 hours ago










      • @Acccumulation the focus is on the parameters, yes
        – schroeder
        16 hours ago










      • @schroeder parameters are mentioned but the question is: "What attacks are made possible by public release of my web history?" Please make sure to clearly check the question. Thank you.
        – bashCypher
        15 hours ago










      • @bashCypher The OP discounts the sites themselves (domains), and explicitly states is concerned about "secure information might be passed in a URL somewhere" and " leakage of information via the URL itself". And the example is clearly about the large number of parameters.
        – schroeder
        7 hours ago











      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "162"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });






      Joe is a new contributor. Be nice, and check out our Code of Conduct.










      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199557%2fwhat-attacks-are-made-possible-by-public-release-of-my-web-history%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      5 Answers
      5






      active

      oldest

      votes








      5 Answers
      5






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      29
      down vote



      accepted










      Your question might be more undefined than you realise. Any kind of data can be passed using URL parameters. Usernames, passwords, authentication tokens, settings, form data, or anything the web developer chooses. It's not always good practice to use URL parameters to for this, but it is always possible.



      And it's entirely up to each individual web developer on each individual page (not just site) as to what might be exposed and when. So you might not be able to predict what might be exposed.



      So, to answer your question, in the worst case, you could experience a complete and utter disclosure of any amount of personal data including credentials.



      By request, I did a search for the practice of "passwords in URL parameters" and restricted results to this year. Here's one of the top hits:



      https://answers.splunk.com/answers/622600/how-to-pass-username-and-password-as-a-parameter-v.html



      That's a forum from Feb 2018 from a major, publicly traded company talking about how to do this.



      Here is OWASP's official page on this vulnerability:




      The parameter values for 'user', 'authz_token', and 'expire' will be
      exposed in the following locations when using HTTP or HTTPS:



      Referer

      Header
      Web Logs
      Shared Systems
      Browser History
      Browser Cache

      Shoulder Surfing







      share|improve this answer



















      • 2




        The only thing I'd add to this is that the problem is also worse because while you're correct that any data can be passed via URL, the problem is compounded by the fact that what information is passed via a URL and whether and how it is secured is up to each individual company you're visiting and furthermore, the standards of the web programmers who developed each page. So you could never say by looking at one URL that there wasn't any sensitive data passed--you couldn't even say that about different URLs from the same site...
        – thepip3r
        18 hours ago












      • @thepip3r - oh that's interesting - so you are saying that there might be information visible only to employees of that site... cute...
        – Joe
        17 hours ago






      • 1




        and even if passwords aren't passed in the query string, if the session token is, you'd better hope that the developers restricted it to a single IP address and limited time validity...
        – Ben Voigt
        11 hours ago










      • And what is a 'safe' practice today - isn't necessarily safe tomorrow.
        – Paul
        1 hour ago















      up vote
      29
      down vote



      accepted










      Your question might be more undefined than you realise. Any kind of data can be passed using URL parameters. Usernames, passwords, authentication tokens, settings, form data, or anything the web developer chooses. It's not always good practice to use URL parameters to for this, but it is always possible.



      And it's entirely up to each individual web developer on each individual page (not just site) as to what might be exposed and when. So you might not be able to predict what might be exposed.



      So, to answer your question, in the worst case, you could experience a complete and utter disclosure of any amount of personal data including credentials.



      By request, I did a search for the practice of "passwords in URL parameters" and restricted results to this year. Here's one of the top hits:



      https://answers.splunk.com/answers/622600/how-to-pass-username-and-password-as-a-parameter-v.html



      That's a forum from Feb 2018 from a major, publicly traded company talking about how to do this.



      Here is OWASP's official page on this vulnerability:




      The parameter values for 'user', 'authz_token', and 'expire' will be
      exposed in the following locations when using HTTP or HTTPS:



      Referer

      Header
      Web Logs
      Shared Systems
      Browser History
      Browser Cache

      Shoulder Surfing







      share|improve this answer



















      • 2




        The only thing I'd add to this is that the problem is also worse because while you're correct that any data can be passed via URL, the problem is compounded by the fact that what information is passed via a URL and whether and how it is secured is up to each individual company you're visiting and furthermore, the standards of the web programmers who developed each page. So you could never say by looking at one URL that there wasn't any sensitive data passed--you couldn't even say that about different URLs from the same site...
        – thepip3r
        18 hours ago












      • @thepip3r - oh that's interesting - so you are saying that there might be information visible only to employees of that site... cute...
        – Joe
        17 hours ago






      • 1




        and even if passwords aren't passed in the query string, if the session token is, you'd better hope that the developers restricted it to a single IP address and limited time validity...
        – Ben Voigt
        11 hours ago










      • And what is a 'safe' practice today - isn't necessarily safe tomorrow.
        – Paul
        1 hour ago













      up vote
      29
      down vote



      accepted







      up vote
      29
      down vote



      accepted






      Your question might be more undefined than you realise. Any kind of data can be passed using URL parameters. Usernames, passwords, authentication tokens, settings, form data, or anything the web developer chooses. It's not always good practice to use URL parameters to for this, but it is always possible.



      And it's entirely up to each individual web developer on each individual page (not just site) as to what might be exposed and when. So you might not be able to predict what might be exposed.



      So, to answer your question, in the worst case, you could experience a complete and utter disclosure of any amount of personal data including credentials.



      By request, I did a search for the practice of "passwords in URL parameters" and restricted results to this year. Here's one of the top hits:



      https://answers.splunk.com/answers/622600/how-to-pass-username-and-password-as-a-parameter-v.html



      That's a forum from Feb 2018 from a major, publicly traded company talking about how to do this.



      Here is OWASP's official page on this vulnerability:




      The parameter values for 'user', 'authz_token', and 'expire' will be
      exposed in the following locations when using HTTP or HTTPS:



      Referer

      Header
      Web Logs
      Shared Systems
      Browser History
      Browser Cache

      Shoulder Surfing







      share|improve this answer














      Your question might be more undefined than you realise. Any kind of data can be passed using URL parameters. Usernames, passwords, authentication tokens, settings, form data, or anything the web developer chooses. It's not always good practice to use URL parameters to for this, but it is always possible.



      And it's entirely up to each individual web developer on each individual page (not just site) as to what might be exposed and when. So you might not be able to predict what might be exposed.



      So, to answer your question, in the worst case, you could experience a complete and utter disclosure of any amount of personal data including credentials.



      By request, I did a search for the practice of "passwords in URL parameters" and restricted results to this year. Here's one of the top hits:



      https://answers.splunk.com/answers/622600/how-to-pass-username-and-password-as-a-parameter-v.html



      That's a forum from Feb 2018 from a major, publicly traded company talking about how to do this.



      Here is OWASP's official page on this vulnerability:




      The parameter values for 'user', 'authz_token', and 'expire' will be
      exposed in the following locations when using HTTP or HTTPS:



      Referer

      Header
      Web Logs
      Shared Systems
      Browser History
      Browser Cache

      Shoulder Surfing








      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 16 hours ago

























      answered 19 hours ago









      schroeder

      72.5k29159194




      72.5k29159194








      • 2




        The only thing I'd add to this is that the problem is also worse because while you're correct that any data can be passed via URL, the problem is compounded by the fact that what information is passed via a URL and whether and how it is secured is up to each individual company you're visiting and furthermore, the standards of the web programmers who developed each page. So you could never say by looking at one URL that there wasn't any sensitive data passed--you couldn't even say that about different URLs from the same site...
        – thepip3r
        18 hours ago












      • @thepip3r - oh that's interesting - so you are saying that there might be information visible only to employees of that site... cute...
        – Joe
        17 hours ago






      • 1




        and even if passwords aren't passed in the query string, if the session token is, you'd better hope that the developers restricted it to a single IP address and limited time validity...
        – Ben Voigt
        11 hours ago










      • And what is a 'safe' practice today - isn't necessarily safe tomorrow.
        – Paul
        1 hour ago














      • 2




        The only thing I'd add to this is that the problem is also worse because while you're correct that any data can be passed via URL, the problem is compounded by the fact that what information is passed via a URL and whether and how it is secured is up to each individual company you're visiting and furthermore, the standards of the web programmers who developed each page. So you could never say by looking at one URL that there wasn't any sensitive data passed--you couldn't even say that about different URLs from the same site...
        – thepip3r
        18 hours ago












      • @thepip3r - oh that's interesting - so you are saying that there might be information visible only to employees of that site... cute...
        – Joe
        17 hours ago






      • 1




        and even if passwords aren't passed in the query string, if the session token is, you'd better hope that the developers restricted it to a single IP address and limited time validity...
        – Ben Voigt
        11 hours ago










      • And what is a 'safe' practice today - isn't necessarily safe tomorrow.
        – Paul
        1 hour ago








      2




      2




      The only thing I'd add to this is that the problem is also worse because while you're correct that any data can be passed via URL, the problem is compounded by the fact that what information is passed via a URL and whether and how it is secured is up to each individual company you're visiting and furthermore, the standards of the web programmers who developed each page. So you could never say by looking at one URL that there wasn't any sensitive data passed--you couldn't even say that about different URLs from the same site...
      – thepip3r
      18 hours ago






      The only thing I'd add to this is that the problem is also worse because while you're correct that any data can be passed via URL, the problem is compounded by the fact that what information is passed via a URL and whether and how it is secured is up to each individual company you're visiting and furthermore, the standards of the web programmers who developed each page. So you could never say by looking at one URL that there wasn't any sensitive data passed--you couldn't even say that about different URLs from the same site...
      – thepip3r
      18 hours ago














      @thepip3r - oh that's interesting - so you are saying that there might be information visible only to employees of that site... cute...
      – Joe
      17 hours ago




      @thepip3r - oh that's interesting - so you are saying that there might be information visible only to employees of that site... cute...
      – Joe
      17 hours ago




      1




      1




      and even if passwords aren't passed in the query string, if the session token is, you'd better hope that the developers restricted it to a single IP address and limited time validity...
      – Ben Voigt
      11 hours ago




      and even if passwords aren't passed in the query string, if the session token is, you'd better hope that the developers restricted it to a single IP address and limited time validity...
      – Ben Voigt
      11 hours ago












      And what is a 'safe' practice today - isn't necessarily safe tomorrow.
      – Paul
      1 hour ago




      And what is a 'safe' practice today - isn't necessarily safe tomorrow.
      – Paul
      1 hour ago












      up vote
      7
      down vote













      Quite a bit actually:




      • Extortion based off content

      • Mapping systems that are not public

      • Sensitive parameters in certain requests

      • Personal information


      Extortion



      That search of yours that may be embarrassing and taken out of context. A WebMD search for a medical condition you don't want made known to co-workers for example. A search that was best done in incognito mode you forgot about.



      Mapping systems that are not public



      How about your works intranet site or that production web portal, well those names are going to pop up in your history now and if its something like Jenkins - thats a great candidate for a DNS rebind attack.



      Sensitive parameters in certain requests



      If you visit a site that just does the internet wrong and the parameter contains an API key, password, credential or just an account ID well that is captured and can be used now.



      Personal information



      I see you've been searching for holidays in March for 2 weeks - that would be a great time to break in to your house or impersonate you. Looking for an engagement ring well that sounds like something worth stealing. You did a google map from your address to another location?






      share|improve this answer

























        up vote
        7
        down vote













        Quite a bit actually:




        • Extortion based off content

        • Mapping systems that are not public

        • Sensitive parameters in certain requests

        • Personal information


        Extortion



        That search of yours that may be embarrassing and taken out of context. A WebMD search for a medical condition you don't want made known to co-workers for example. A search that was best done in incognito mode you forgot about.



        Mapping systems that are not public



        How about your works intranet site or that production web portal, well those names are going to pop up in your history now and if its something like Jenkins - thats a great candidate for a DNS rebind attack.



        Sensitive parameters in certain requests



        If you visit a site that just does the internet wrong and the parameter contains an API key, password, credential or just an account ID well that is captured and can be used now.



        Personal information



        I see you've been searching for holidays in March for 2 weeks - that would be a great time to break in to your house or impersonate you. Looking for an engagement ring well that sounds like something worth stealing. You did a google map from your address to another location?






        share|improve this answer























          up vote
          7
          down vote










          up vote
          7
          down vote









          Quite a bit actually:




          • Extortion based off content

          • Mapping systems that are not public

          • Sensitive parameters in certain requests

          • Personal information


          Extortion



          That search of yours that may be embarrassing and taken out of context. A WebMD search for a medical condition you don't want made known to co-workers for example. A search that was best done in incognito mode you forgot about.



          Mapping systems that are not public



          How about your works intranet site or that production web portal, well those names are going to pop up in your history now and if its something like Jenkins - thats a great candidate for a DNS rebind attack.



          Sensitive parameters in certain requests



          If you visit a site that just does the internet wrong and the parameter contains an API key, password, credential or just an account ID well that is captured and can be used now.



          Personal information



          I see you've been searching for holidays in March for 2 weeks - that would be a great time to break in to your house or impersonate you. Looking for an engagement ring well that sounds like something worth stealing. You did a google map from your address to another location?






          share|improve this answer












          Quite a bit actually:




          • Extortion based off content

          • Mapping systems that are not public

          • Sensitive parameters in certain requests

          • Personal information


          Extortion



          That search of yours that may be embarrassing and taken out of context. A WebMD search for a medical condition you don't want made known to co-workers for example. A search that was best done in incognito mode you forgot about.



          Mapping systems that are not public



          How about your works intranet site or that production web portal, well those names are going to pop up in your history now and if its something like Jenkins - thats a great candidate for a DNS rebind attack.



          Sensitive parameters in certain requests



          If you visit a site that just does the internet wrong and the parameter contains an API key, password, credential or just an account ID well that is captured and can be used now.



          Personal information



          I see you've been searching for holidays in March for 2 weeks - that would be a great time to break in to your house or impersonate you. Looking for an engagement ring well that sounds like something worth stealing. You did a google map from your address to another location?







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 18 hours ago









          McMatty

          2,5701213




          2,5701213






















              up vote
              4
              down vote













              One of the threats I'd like to mention that has not been named yet is de-anonymization.



              The URIs in your history could leak information about your user accounts on different sites - for instance if you constantly check your own profile on social media sites. If you use some web services anonymously and others under your real name (Facebook, Twitter) an adversary can very easily de-anonymize and dox you. That can be especially damning for you if you appear on a platform anonymously and want it to stay that way (dating platforms, file sharing platforms, free speech platforms).



              Data on the internet also has the tendency to be there for a long time, so this threat is very persistent.






              share|improve this answer

























                up vote
                4
                down vote













                One of the threats I'd like to mention that has not been named yet is de-anonymization.



                The URIs in your history could leak information about your user accounts on different sites - for instance if you constantly check your own profile on social media sites. If you use some web services anonymously and others under your real name (Facebook, Twitter) an adversary can very easily de-anonymize and dox you. That can be especially damning for you if you appear on a platform anonymously and want it to stay that way (dating platforms, file sharing platforms, free speech platforms).



                Data on the internet also has the tendency to be there for a long time, so this threat is very persistent.






                share|improve this answer























                  up vote
                  4
                  down vote










                  up vote
                  4
                  down vote









                  One of the threats I'd like to mention that has not been named yet is de-anonymization.



                  The URIs in your history could leak information about your user accounts on different sites - for instance if you constantly check your own profile on social media sites. If you use some web services anonymously and others under your real name (Facebook, Twitter) an adversary can very easily de-anonymize and dox you. That can be especially damning for you if you appear on a platform anonymously and want it to stay that way (dating platforms, file sharing platforms, free speech platforms).



                  Data on the internet also has the tendency to be there for a long time, so this threat is very persistent.






                  share|improve this answer












                  One of the threats I'd like to mention that has not been named yet is de-anonymization.



                  The URIs in your history could leak information about your user accounts on different sites - for instance if you constantly check your own profile on social media sites. If you use some web services anonymously and others under your real name (Facebook, Twitter) an adversary can very easily de-anonymize and dox you. That can be especially damning for you if you appear on a platform anonymously and want it to stay that way (dating platforms, file sharing platforms, free speech platforms).



                  Data on the internet also has the tendency to be there for a long time, so this threat is very persistent.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 16 hours ago









                  Tom K.

                  5,25032047




                  5,25032047






















                      up vote
                      -1
                      down vote













                      Having your browsing history exposed means the attacker has in possession the list of url's your browser has accessed. From a complex url an attacker can identify these information:




                      1. Protocol

                      2. Subdomain

                      3. Domain

                      4. Port

                      5. Path

                      6. Parameters of a query

                      7. Fragment


                      enter image description here



                      Now, your privacy depends on the way the developer has built the site.



                      If you logged in in a website that has an url like this:



                      www.example.com/?login=**myusers**&password=**mypassword**


                      then the attacker has your credentials for that site.



                      Some of possible attacks would be:




                      1. sql injection

                      2. URL Manipulation

                      3. Directory Traversal

                      4. Identify theft


                      In simple words, your privacy/risk depends on the security level the site has.






                      share|improve this answer



















                      • 5




                        All of the attacks you list are attacks that could be possible against sites that he visited, none of them are attacks against him made possible by disclosure of the urls. URL Manipulation could be relevant, but I don't see how sql injection or directory traversal are.
                        – AndrolGenhald
                        19 hours ago












                      • Bad security of a site, brings automatically a threat to the users whom have information stored on that site.
                        – Vini7
                        18 hours ago






                      • 6




                        Absolutely, but that threat exists with or without OP's browser history being exposed. The browser history may allow someone targeting him to look for vulnerabilities in those specific sites because they know he has an account there, but I certainly wouldn't say "sql injection is made possible by public release of browser history".
                        – AndrolGenhald
                        18 hours ago















                      up vote
                      -1
                      down vote













                      Having your browsing history exposed means the attacker has in possession the list of url's your browser has accessed. From a complex url an attacker can identify these information:




                      1. Protocol

                      2. Subdomain

                      3. Domain

                      4. Port

                      5. Path

                      6. Parameters of a query

                      7. Fragment


                      enter image description here



                      Now, your privacy depends on the way the developer has built the site.



                      If you logged in in a website that has an url like this:



                      www.example.com/?login=**myusers**&password=**mypassword**


                      then the attacker has your credentials for that site.



                      Some of possible attacks would be:




                      1. sql injection

                      2. URL Manipulation

                      3. Directory Traversal

                      4. Identify theft


                      In simple words, your privacy/risk depends on the security level the site has.






                      share|improve this answer



















                      • 5




                        All of the attacks you list are attacks that could be possible against sites that he visited, none of them are attacks against him made possible by disclosure of the urls. URL Manipulation could be relevant, but I don't see how sql injection or directory traversal are.
                        – AndrolGenhald
                        19 hours ago












                      • Bad security of a site, brings automatically a threat to the users whom have information stored on that site.
                        – Vini7
                        18 hours ago






                      • 6




                        Absolutely, but that threat exists with or without OP's browser history being exposed. The browser history may allow someone targeting him to look for vulnerabilities in those specific sites because they know he has an account there, but I certainly wouldn't say "sql injection is made possible by public release of browser history".
                        – AndrolGenhald
                        18 hours ago













                      up vote
                      -1
                      down vote










                      up vote
                      -1
                      down vote









                      Having your browsing history exposed means the attacker has in possession the list of url's your browser has accessed. From a complex url an attacker can identify these information:




                      1. Protocol

                      2. Subdomain

                      3. Domain

                      4. Port

                      5. Path

                      6. Parameters of a query

                      7. Fragment


                      enter image description here



                      Now, your privacy depends on the way the developer has built the site.



                      If you logged in in a website that has an url like this:



                      www.example.com/?login=**myusers**&password=**mypassword**


                      then the attacker has your credentials for that site.



                      Some of possible attacks would be:




                      1. sql injection

                      2. URL Manipulation

                      3. Directory Traversal

                      4. Identify theft


                      In simple words, your privacy/risk depends on the security level the site has.






                      share|improve this answer














                      Having your browsing history exposed means the attacker has in possession the list of url's your browser has accessed. From a complex url an attacker can identify these information:




                      1. Protocol

                      2. Subdomain

                      3. Domain

                      4. Port

                      5. Path

                      6. Parameters of a query

                      7. Fragment


                      enter image description here



                      Now, your privacy depends on the way the developer has built the site.



                      If you logged in in a website that has an url like this:



                      www.example.com/?login=**myusers**&password=**mypassword**


                      then the attacker has your credentials for that site.



                      Some of possible attacks would be:




                      1. sql injection

                      2. URL Manipulation

                      3. Directory Traversal

                      4. Identify theft


                      In simple words, your privacy/risk depends on the security level the site has.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited 18 hours ago









                      AndrolGenhald

                      8,98141831




                      8,98141831










                      answered 19 hours ago









                      Vini7

                      541412




                      541412








                      • 5




                        All of the attacks you list are attacks that could be possible against sites that he visited, none of them are attacks against him made possible by disclosure of the urls. URL Manipulation could be relevant, but I don't see how sql injection or directory traversal are.
                        – AndrolGenhald
                        19 hours ago












                      • Bad security of a site, brings automatically a threat to the users whom have information stored on that site.
                        – Vini7
                        18 hours ago






                      • 6




                        Absolutely, but that threat exists with or without OP's browser history being exposed. The browser history may allow someone targeting him to look for vulnerabilities in those specific sites because they know he has an account there, but I certainly wouldn't say "sql injection is made possible by public release of browser history".
                        – AndrolGenhald
                        18 hours ago














                      • 5




                        All of the attacks you list are attacks that could be possible against sites that he visited, none of them are attacks against him made possible by disclosure of the urls. URL Manipulation could be relevant, but I don't see how sql injection or directory traversal are.
                        – AndrolGenhald
                        19 hours ago












                      • Bad security of a site, brings automatically a threat to the users whom have information stored on that site.
                        – Vini7
                        18 hours ago






                      • 6




                        Absolutely, but that threat exists with or without OP's browser history being exposed. The browser history may allow someone targeting him to look for vulnerabilities in those specific sites because they know he has an account there, but I certainly wouldn't say "sql injection is made possible by public release of browser history".
                        – AndrolGenhald
                        18 hours ago








                      5




                      5




                      All of the attacks you list are attacks that could be possible against sites that he visited, none of them are attacks against him made possible by disclosure of the urls. URL Manipulation could be relevant, but I don't see how sql injection or directory traversal are.
                      – AndrolGenhald
                      19 hours ago






                      All of the attacks you list are attacks that could be possible against sites that he visited, none of them are attacks against him made possible by disclosure of the urls. URL Manipulation could be relevant, but I don't see how sql injection or directory traversal are.
                      – AndrolGenhald
                      19 hours ago














                      Bad security of a site, brings automatically a threat to the users whom have information stored on that site.
                      – Vini7
                      18 hours ago




                      Bad security of a site, brings automatically a threat to the users whom have information stored on that site.
                      – Vini7
                      18 hours ago




                      6




                      6




                      Absolutely, but that threat exists with or without OP's browser history being exposed. The browser history may allow someone targeting him to look for vulnerabilities in those specific sites because they know he has an account there, but I certainly wouldn't say "sql injection is made possible by public release of browser history".
                      – AndrolGenhald
                      18 hours ago




                      Absolutely, but that threat exists with or without OP's browser history being exposed. The browser history may allow someone targeting him to look for vulnerabilities in those specific sites because they know he has an account there, but I certainly wouldn't say "sql injection is made possible by public release of browser history".
                      – AndrolGenhald
                      18 hours ago










                      up vote
                      -2
                      down vote













                      To add to the post about information leakage in URL:



                      An attacker that has this may:



                      1: Extract what sites you use to try and log into to see if you are using the same creds [assumes attacker has captured a cred]



                      2: This info grants much more advanced knowledge for creating phishing attacks EX: "you've been selected to screen the new MLP season [whatever]"



                      3: Possible physical tracking based on sites "oh their kid goes to "little gals daycare" because I see them log into to pay that bill"



                      Could be more depending on what's in there.






                      share|improve this answer























                      • I'm not sure how the URL parameters provide all that. Just the URLs would be enough.
                        – schroeder
                        16 hours ago










                      • @schroeder I didn't see that the question asked for only information that would need parameters.
                        – Acccumulation
                        16 hours ago










                      • @Acccumulation the focus is on the parameters, yes
                        – schroeder
                        16 hours ago










                      • @schroeder parameters are mentioned but the question is: "What attacks are made possible by public release of my web history?" Please make sure to clearly check the question. Thank you.
                        – bashCypher
                        15 hours ago










                      • @bashCypher The OP discounts the sites themselves (domains), and explicitly states is concerned about "secure information might be passed in a URL somewhere" and " leakage of information via the URL itself". And the example is clearly about the large number of parameters.
                        – schroeder
                        7 hours ago















                      up vote
                      -2
                      down vote













                      To add to the post about information leakage in URL:



                      An attacker that has this may:



                      1: Extract what sites you use to try and log into to see if you are using the same creds [assumes attacker has captured a cred]



                      2: This info grants much more advanced knowledge for creating phishing attacks EX: "you've been selected to screen the new MLP season [whatever]"



                      3: Possible physical tracking based on sites "oh their kid goes to "little gals daycare" because I see them log into to pay that bill"



                      Could be more depending on what's in there.






                      share|improve this answer























                      • I'm not sure how the URL parameters provide all that. Just the URLs would be enough.
                        – schroeder
                        16 hours ago










                      • @schroeder I didn't see that the question asked for only information that would need parameters.
                        – Acccumulation
                        16 hours ago










                      • @Acccumulation the focus is on the parameters, yes
                        – schroeder
                        16 hours ago










                      • @schroeder parameters are mentioned but the question is: "What attacks are made possible by public release of my web history?" Please make sure to clearly check the question. Thank you.
                        – bashCypher
                        15 hours ago










                      • @bashCypher The OP discounts the sites themselves (domains), and explicitly states is concerned about "secure information might be passed in a URL somewhere" and " leakage of information via the URL itself". And the example is clearly about the large number of parameters.
                        – schroeder
                        7 hours ago













                      up vote
                      -2
                      down vote










                      up vote
                      -2
                      down vote









                      To add to the post about information leakage in URL:



                      An attacker that has this may:



                      1: Extract what sites you use to try and log into to see if you are using the same creds [assumes attacker has captured a cred]



                      2: This info grants much more advanced knowledge for creating phishing attacks EX: "you've been selected to screen the new MLP season [whatever]"



                      3: Possible physical tracking based on sites "oh their kid goes to "little gals daycare" because I see them log into to pay that bill"



                      Could be more depending on what's in there.






                      share|improve this answer














                      To add to the post about information leakage in URL:



                      An attacker that has this may:



                      1: Extract what sites you use to try and log into to see if you are using the same creds [assumes attacker has captured a cred]



                      2: This info grants much more advanced knowledge for creating phishing attacks EX: "you've been selected to screen the new MLP season [whatever]"



                      3: Possible physical tracking based on sites "oh their kid goes to "little gals daycare" because I see them log into to pay that bill"



                      Could be more depending on what's in there.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited 19 hours ago

























                      answered 19 hours ago









                      bashCypher

                      660111




                      660111












                      • I'm not sure how the URL parameters provide all that. Just the URLs would be enough.
                        – schroeder
                        16 hours ago










                      • @schroeder I didn't see that the question asked for only information that would need parameters.
                        – Acccumulation
                        16 hours ago










                      • @Acccumulation the focus is on the parameters, yes
                        – schroeder
                        16 hours ago










                      • @schroeder parameters are mentioned but the question is: "What attacks are made possible by public release of my web history?" Please make sure to clearly check the question. Thank you.
                        – bashCypher
                        15 hours ago










                      • @bashCypher The OP discounts the sites themselves (domains), and explicitly states is concerned about "secure information might be passed in a URL somewhere" and " leakage of information via the URL itself". And the example is clearly about the large number of parameters.
                        – schroeder
                        7 hours ago


















                      • I'm not sure how the URL parameters provide all that. Just the URLs would be enough.
                        – schroeder
                        16 hours ago










                      • @schroeder I didn't see that the question asked for only information that would need parameters.
                        – Acccumulation
                        16 hours ago










                      • @Acccumulation the focus is on the parameters, yes
                        – schroeder
                        16 hours ago










                      • @schroeder parameters are mentioned but the question is: "What attacks are made possible by public release of my web history?" Please make sure to clearly check the question. Thank you.
                        – bashCypher
                        15 hours ago










                      • @bashCypher The OP discounts the sites themselves (domains), and explicitly states is concerned about "secure information might be passed in a URL somewhere" and " leakage of information via the URL itself". And the example is clearly about the large number of parameters.
                        – schroeder
                        7 hours ago
















                      I'm not sure how the URL parameters provide all that. Just the URLs would be enough.
                      – schroeder
                      16 hours ago




                      I'm not sure how the URL parameters provide all that. Just the URLs would be enough.
                      – schroeder
                      16 hours ago












                      @schroeder I didn't see that the question asked for only information that would need parameters.
                      – Acccumulation
                      16 hours ago




                      @schroeder I didn't see that the question asked for only information that would need parameters.
                      – Acccumulation
                      16 hours ago












                      @Acccumulation the focus is on the parameters, yes
                      – schroeder
                      16 hours ago




                      @Acccumulation the focus is on the parameters, yes
                      – schroeder
                      16 hours ago












                      @schroeder parameters are mentioned but the question is: "What attacks are made possible by public release of my web history?" Please make sure to clearly check the question. Thank you.
                      – bashCypher
                      15 hours ago




                      @schroeder parameters are mentioned but the question is: "What attacks are made possible by public release of my web history?" Please make sure to clearly check the question. Thank you.
                      – bashCypher
                      15 hours ago












                      @bashCypher The OP discounts the sites themselves (domains), and explicitly states is concerned about "secure information might be passed in a URL somewhere" and " leakage of information via the URL itself". And the example is clearly about the large number of parameters.
                      – schroeder
                      7 hours ago




                      @bashCypher The OP discounts the sites themselves (domains), and explicitly states is concerned about "secure information might be passed in a URL somewhere" and " leakage of information via the URL itself". And the example is clearly about the large number of parameters.
                      – schroeder
                      7 hours ago










                      Joe is a new contributor. Be nice, and check out our Code of Conduct.










                      draft saved

                      draft discarded


















                      Joe is a new contributor. Be nice, and check out our Code of Conduct.













                      Joe is a new contributor. Be nice, and check out our Code of Conduct.












                      Joe is a new contributor. Be nice, and check out our Code of Conduct.
















                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199557%2fwhat-attacks-are-made-possible-by-public-release-of-my-web-history%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Ellipse (mathématiques)

                      Quarter-circle Tiles

                      Mont Emei