"What Any Website Can See About You: A Look at MySysInfo"

9:30 pm

There's a new privacy transparency tool on the web called MySysInfo, and it's worth a visit — if only to remind yourself how much data your browser leaks by default.

The Concept

MySysInfo is dead simple: you load the page, and it shows you exactly what any website can see about you, with no login required. The data comes entirely from what your browser voluntarily exposes via headers, JavaScript APIs, and IP geolocation. Nothing is guessed or inferred from third-party sources.

What It Reveals

The tool surfaces about a dozen data points, each with a brief explanation of how it works and why websites collect it:

  • IP address — your device's network identifier, essential for routing
  • Location & coordinates — rough geolocation from IP database lookup, not GPS
  • Timezone — read directly from your system clock
  • Browser name & version — from the User-Agent header
  • Operating system — also from User-Agent
  • Device type — desktop, tablet, or mobile
  • CPU cores — via navigator.hardwareConcurrency
  • Screen resolution & viewport size — two different readings
  • Pixel ratio — for high-DPI detection
  • Language preferences — from Accept-Language header
  • Cookie status — whether cookies are enabled
  • Do Not Track — the voluntary (and increasingly ignored) signal

Why This Matters

The most striking thing about MySysInfo is that none of this requires special permission. Browsers don't prompt you for any of it. The IP address is a fundamental part of TCP/IP, the User-Agent is sent on every HTTP request, and JavaScript APIs like navigator.hardwareConcurrency are freely accessible to any script on any page.

This isn't malicious — most of this data powers legitimate features like content negotiation, responsive design, and fraud detection. But it's also the foundation of browser fingerprinting, which can identify users across sessions without cookies. When combined, these signals create a surprisingly unique profile.

The Takeaway

Tools like MySysInfo are valuable precisely because they're mundane. They don't show you a conspiracy; they show you the ordinary plumbing of the web. The real privacy conversation isn't about which companies are spying on you — it's about a system designed forty years ago that never considered privacy a design goal. The headers and APIs we use today were built for a web of documents, not a web of surveillance. Understanding that gap is the first step toward closing it.