Who knows where you are? According to a team of researchers from the National University of Singapore many websites could—using what they call a “geo-inference attack” to identify your location
In what the researchers describe as a “new attack” with a “big impact” to the Daily Dot, such attacks can mine your browser cache to identify your country, city or even street address. Many sites identify your location—if you allow them too—in order to improve service: so, for example, Google can work out whether to serve your google.com or google.co.uk.
The information gathered to do that can be stored in your browser’s cache—but there, it’s susceptible to third-party website running special scripts, the researchers find. Depending on the sites you use, attackers could find more or less information: Cragslist can reveal your city, for instance, while Google Maps can give away your street address.
The researchers claim that 62 percent of the Alexa top 100 websites in the US, Australia, Japan, Singapore, and the UK all leak location data—to some extent—via the cache. The problem affects Chrome, Firefox, Internet Explorer and Opera.
Using private browsing does help—because the cache is deleted after a session—but leaves you open to attack whilst you’re using sites, while the researchers suggest the latest versions of Tor can be used to avoid the problem. But for anyone not using the service, the best bet is simply delete your cache regularly. The question is: can you bring yourself to do that? [ Daily Dot]
Image by stevenharman under Creative Commons license