TL;DR
A website can detect some information about a computer, but it can’t remotely operate it directly. Websites primarily use the User-Agent string and browser fingerprinting to gather details. They cannot take control of your machine without you installing something (like Remote Desktop software) or falling for a scam.
How Websites Detect Computer Information
- User-Agent String: This is the most common method. Your browser sends this string to websites, identifying the browser type, version, operating system, and sometimes device information.
- You can view your User-Agent string using a tool like WhatIsMyUserAgent.
- Example:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 - Browser Fingerprinting: This is more advanced. Websites collect various pieces of information about your browser and computer configuration to create a unique ‘fingerprint’. This includes:
- Installed fonts
- Supported MIME types
- Timezone
- Screen resolution
- Plugins installed (Flash, Java – increasingly rare)
- Do Not Track settings
- Language preferences
Browser fingerprinting is harder to block completely as it relies on many different data points. Tools like EFF’s Panopticlick can show you how unique your browser fingerprint is.
- JavaScript: Websites use JavaScript code to gather information about the browser and operating system. This is often used in conjunction with fingerprinting.
- Example (detecting OS):
if (navigator.platform.indexOf('Win') != -1) { document.write("You are using Windows"); } else if (navigator.platform.indexOf('Mac') != -1) { document.write("You are using macOS"); }
- Example (detecting OS):
What Websites *Cannot* Do
- Direct Remote Control: A website cannot directly take control of your computer without your explicit permission. This requires software installed on your machine (like TeamViewer, AnyDesk, or Remote Desktop) or a malicious program you’ve downloaded.
- Access Files Without Permission: Websites running in a browser sandbox have limited access to your file system. They can’t browse your files without you specifically choosing to upload them.
- Install Software Automatically: Websites cannot install software on your computer without your interaction (e.g., clicking a download button and granting permissions).
Protecting Your Privacy
- Keep Your Browser Updated: Updates often include security patches that protect against fingerprinting techniques.
- Use Privacy-Focused Browsers: Browsers like Brave, Firefox Focus, and Tor are designed to minimize tracking.
- Install Privacy Extensions: Extensions like uBlock Origin (blocks trackers), Privacy Badger (learns to block trackers automatically) and NoScript (blocks JavaScript) can help.
- Disable Unnecessary Plugins: Remove or disable plugins you don’t use, as they can be exploited for fingerprinting.
- Be Careful What You Download: Only download software from trusted sources.