0

My wife has told me that she is able to go onto a website and tell every IP I've been to and for how long, thereby the site I went to, while on my PDA and that she can supposedly do this for a PC as well. Does anyone know how this can be accomplished remotely at a website of some kind without software on the subject cell phone or computer? I have a Palm Pre Plus running WebOS.

Thanks.

WheresAlice
  • 5,290
  • 2
  • 23
  • 20

4 Answers4

2

Is your wife a law enforcement officer, by any chance? :)

If the subject cell or computer is using a browser configured to use a proxy, then that proxy may allow her to see visited sites. If the internet service provider offers this service (under the guise of parental control reporting) and you're using the same ISP for both, then she may see it there.

If the browser has been modified or hijacked then it may be silently accessing the net via a proxy or may be reporting use to a third party site. This may be difficult to detect but on the computer you could install a packet sniffer to verify this. If your wife has access to the computer or cell after you've used it then she can probably get details from the browser history.

The IP address alone cannot universally determine the web site you went to, due to the number of sites on virtual servers that share an IP. It will work for many though. If the DNS resolver configured for your phone and PC is pointing to DNS servers that log and publish name resolution requests, then that is one more accurate way of finding the sites associated with the IPs you are accessing - so check your DNS settings.

William
  • 1,158
  • 8
  • 9
0

Not that I know of unless your cell provider is tracking it as part of some parental control thing. Even then your mobile provider won't do that for your home system without a monitoring agent or going through a proxy.

I think your wife is trying to scare you into behaving online. Third party websites can't do this without some form of agent or proxy.

Bart Silverstrim
  • 31,092
  • 9
  • 65
  • 87
  • She claims that a hacker showed her how to do it. not possible even if she has my IP from the phone? –  Jun 21 '10 at 12:17
  • She also knew details of activity. which makes me wonder. is there a way to check if my phone has a monitoring software on it and then disable it? –  Jun 21 '10 at 12:19
  • Your phone's browsing would have to be monitored from the phone company or through a proxy. Your connection alone would change within the phone company network because your cell connection changes as you travel. – Bart Silverstrim Jun 21 '10 at 12:35
  • If it's your mobile browser, I'd really suspect that it's done with parental controls. You would have to talk to your phone company's people to verify because otherwise if it were that simple to kill, your teenager would flick a switch to keep you from monitoring their activity. With our phone company (Verizon) most of that was controlled through the verizonwireless website (tracking your teen's phone, monitoring parental controls, etc.) – Bart Silverstrim Jun 21 '10 at 12:37
  • 1
    Second thing I suspect is she went through your browser history. But if she's getting it from a website I'd suspect she means the phone provider's parental controls on the phone, probably your company has a way to view history there or something like that. Go to your company's support site or sales reps and inquire about monitoring your kid's activities online and see what they can tell you. – Bart Silverstrim Jun 21 '10 at 12:39
0

I assume this is referring to the issue regarding visited links and browser history. This is a widespread, common, and ancient issue in web browsers. Only recently have some of them began fixing this issue.

First off, some background. A site defines different colors/images for links. One color/image for a regular default, another for when you mouseover the link, and another for when you've already visited that link in the past. This problem lies with the latter of those options.

Now, the server doesn't actually get a list of links you've visited, that would be crazy. Instead, the browser checks its cache, and modifies what it sees based on how the server has defined visited links. However, that doesn't mean the server can't exploit that information. If the server were to set a specific picture for a link, it wouldn't get downloaded by the client unless they had already been to that URL. Therefore, if the webserver logs a hit for a visited link image, it knows you've been to that URL. If the server were to give you a massive list of popular websites, each with a unique visited link, then it would effectively harvest your cache, and know where you've been.

This sounds like it'd only be marginally useful, but you would be amazed. As an example, check out This site. It can generate a pretty exhaustive list of places you've been. And this place uses that information to determine your gender. (It totally pegged me, with 97% certainty) I'm willing to bet that is what your wife had seen. I wouldn't be surprised that many mobile browsers are capable enough to fall victim too.

Here are some more sites that exploit this issue:
http://whattheinternetknowsaboutyou.com/all -- This page seems hokey at the moment, I was sure it worked before, though.
http://caughtyouwatching.com/ -- Determines if you've been to porn sites. (My work machine passed, phew!)
http://www.haveyourfriendsbeenthere.com/ -- This one has a link you can send to your friends, to see what they've been using. That's creepy as hell. I waffled on including this, as it seems so blackhat-ish. But it's probably worth noting, just as a defensive measure.

Here are some articles discussing the issue: Slashdot
The Register Firefox's bugzilla entry from....2002. I told you this was ancient!
Firefox's blog about fixing this issue, all of three months ago.

--Christopher Karel

Christopher Karel
  • 6,442
  • 1
  • 26
  • 34
0

Something similar can be accomplished by using domain name based tracking.

Simple enough to do if she can change the network settings on your Palm. All she would need to do is to point your Palm to some third-party DNS server, which logs all the DNS requests.

OpenDNS provides a parental control service that blocks out certain sites. I wouldn't be surprised if there are people out there who provide a logging service too. There may be some false-positives due to pre-fetching but it will largely be accurate.

sybreon
  • 7,357
  • 1
  • 19
  • 19