.png)
4 months ago
2
Yesterday, I read an article about someone using an LLM model to guess personal details about themselves by looking at a list of saved articles in a reading app. The results were surprisingly accurate. It could tell their job, age, family situation, and personal beliefs, only from the topics they saved.
This made me think. If a simple list of saved articles can reveal so much, what could someone find out from a person’s browser history?
Most people don’t realise how valuable this kind of data really is.
A Personal Record You Don’t Notice
Your browsing history is more than a list of websites. It records your habits, worries, interests, and daily routines. It shows what you research, when you work, what tools you use, and what personal or professional problems you might be dealing with.
Now imagine if someone stole your browser history. No passwords, no emails, no private messages, just a list of websites, page titles, and visit times.If they gave this list to an LLM model and asked it to guess personal details about you, it could easily build a surprisingly detailed profile.
What an Attacker Could Learn From Your History
By looking at what websites you visit, what you search for, and when you visit them, an attacker using an LLM model could figure out:
- What job you have, and what projects you’re working on
- How much money you might earn
- Whether you’re stressed or thinking about leaving your job
- If you’re married, have children, or planning a major life change
- Your political opinions and personal values
- Any health concerns you might have
- Future plans, like switching jobs or travelling soon
Even without breaking into your accounts, this information can be discovered.
Examples of How This Could Be Used
To understand how serious this is, here are some examples of what might happen in real life:
If you Google:
- “AWS Cognito misconfiguration”
- “How to reset Azure App Gateway”
- “MongoDB exploit 2025”
An attacker knows:
- What infrastructure you’re running
- What technical problems you’re facing
- What security gaps might exist
They can target your organisation while you are still working to fix those issues.
If your history shows:
- Many late-night visits to Jira, Confluence, or AWS Console
- A sudden increase in job board visits
- Searches like “how to resign professionally”
An attacker might guess:
- Your company has an upcoming deadline or serious incident
- Certain employees may be preparing to leave
- The best time to send phishing emails or fake job offers
If you visit:
- Stress, anxiety, or burnout articles
- Sleep improvement blogs
- Work-life balance tips
It could suggest:
- That you are under pressure and possibly easier to manipulate
If you search for:
- “Encrypted messaging apps for protests”
- Local activist group websites
- Legal advice about personal rights
A government or organisation could guess:
- What causes you support
- When and where events might take place
- Who you might be connected to
And none of this would require reading your emails or stealing your passwords.
Big Tech Was Already Doing This
For years, large tech companies like Facebook, Google, and others have quietly tracked people’s online habits to create personal profiles for advertising. They could guess your interests, job, income level, and political opinions, based on what websites you visited and what you searched for.
The difference is, back then only these big companies had the technology and resources to analyse this kind of data at a large scale.
Now, with advanced LLM models available to anyone, this ability no longer belongs to big tech alone.
Anyone with access to your browser history and a public or open-source LLM model could run the same kind of analysis. It could be a competitor, a cybercriminal, a government, or even someone with basic technical skills.
Final Thought
People spend a lot of time choosing strong passwords, setting up two-factor authentication, and using encrypted apps.
But many forget that their browser history might quietly reveal more about them than any password ever could.
What if your browsing history is the one weakness you forgot to protect?
It’s worth thinking about!
