When you visit a website can it track or record your current browsing history cookies and keystrokes or just ip address without you knowing?

Answer 1

First and foremost - the remote computer (the web server the website is on) must know your IP address to begin with, so that a connection can be established at all. This information must be processed by the remote host in order to fulfill your request. If you do not accept this, then discontinue using the internet as some computer somewhere will have to see your IP address at some point. You always have the right to decline this service by choosing not to use it. By continuing to use it, it is assumed that you know of this fact and agree to it.

As for the other data (by some considered sensitive), like browsing history and cookies - a remote server cannot gather this information on its own - it has to have it sent to it from your computer. It is possible to obtain this information through various malicious means - mainly by exploiting known security vulnerabilities of Web Browsers, by tricking them into sending this information to where it shouldn't be sent. This is why it is important to always keep your software updated at all times - new security holes are found and fixed every day.

As for keystrokes - no, a remote server cannot by itself record your keystrokes, nor is it possible through the use of security holes in web browsers, commonly. Technically it is possible, but such holes are considered emergency-level problems and fixed almost immediately (most commonly at debugging stages).

For a server to receive your keystrokes, a separate application (program) must be run on your computer, or a new piece of hardware must be added to it physically. The software is most commonly known as a "trojan horse", or a "software keylogger", and is a form of malicious software (badware). It has to intercept your keystrokes and then send them to the server on its own. The best way to protect against such threats is to carefuly monitor what you download and run on your computer, typically using an up-to-date antivirus and a firewall.

As for hardware means, a device similar to a keyboard (understanding its protocol, but without any keys) can be plugged into your PC, between it and your real keyboard. This device can store your keystrokes within its memory, and then may at some point send this data to a remote location. The best way to protect against this kind of threat is to keep an eye on everyone accessing your machine physically. Of course, it's very hard to impossible to place a typical physical keylogger in a laptop if you're using the built-in keyboard.