The Browser History from the Perspective of a Cybersecurity Specialist
Clearing the browser history may seem like a simple topic at first glance, but it is not, and we will dedicate two articles to it. This is the first of them, in which I will discuss some issues to consider when working with browser history; in the second, we will analyze where and in what form browsers store data about visited sites, how to disable it, and how to clear it.
Can websites remotely access browser history?
This question concerns many. If we are talking about remotely obtaining browser history from your hard drive, this requires a full-fledged hack of the device or the presence of a critical vulnerability in the browser. Of course, this is possible, but far from simple, and it is unlikely that, having gained access to the data on the disk, an attacker would limit themselves only to stealing browser history.
It is a different matter with re-paint attacks (checking the color change of visited links) or checking the execution of a JavaScript file: these attacks are easy to implement but do not allow obtaining the victim's history, only determining whether they visited a particular site.
Due to the nature of this method, it is difficult to check a large number of sites for visitation; usually, attackers are interested in the online banking services used by the victim or sites related to cryptocurrency management.
Unfortunately, just accept it as a fact that this is possible. To protect yourself, you can use Tor or "thoroughly" configure your browser, but this will inevitably affect convenience.
Plugins
Some plugins, such as ad blockers, send information about the sites you visit to remote servers. This does not mean at all that they collect your browser history; the data may not be stored at all or may be tied to anonymized temporary identifiers; we do not know this, so we assume the worst-case scenario.
I particularly do not recommend plugins for checking sites for presence in any databases, such as phishing site databases. Although I do not rule out that many are willing to share information about the site opened in the browser in exchange for an assessment of its security.
Website Translators
It is convenient when Chrome translates websites for you, but you should understand that all information from the site, including the link, is sent to Google servers. From a security standpoint, I recommend that you refrain from this option, as well as from Google Chrome in general.