There’s a fundamental problem with some websites, particularly those that do business with individuals via accounts that require logins. Some of them do it in a very insecure manner. While they do require logins with cookies and so forth, they display your account information and actions in your browser by modifying the URL in the address bar.
So if you log in and they take you to a particular account page, that URL will show your name and some other details, like the account number. That’s how they direct the server to display different pages, instead of using tokens (like cookies) stored in your browser to decide which page you get to see. If you pay attention, you can simply go to the page itself by saving that long, complicated URL, even without the formality of logging in.
It turns out that some browser plugins/add-ons you can install will collect all the URLs from your surfing online, and report those URLs to a third party.
A researcher found out by testing these plugins with fake accounts. He then visited this third party and noticed they would offer a list of those URLs to their clients for advertising purposes, tracking where he visited — including all those URLs that held private identifying information that could easily be parsed from those URLs. Worse, one of those outside parties verified each URL by visiting it themselves and downloading the page with all the personal and financial information included in those pages.
Did I mention that some banks, for example, use that procedure with long URLs for handling their online clients? Oh, and I recall reading some years ago that some browser plugins/add-ons will also keep a copy of your cookies. This was typical of those add-on toolbars you could get for some browsers. You can’t convinced they aren’t still doing that.
Be very careful what you install in your web browsers to make things convenient. You may not be aware of just how freely you are handing over your life to others.