I don't have anything to hide- but a malicious attacker could easily cause me to.
Step One: Maliciously cause the target to click on a link or open a url (Phishing, Exploit, RFE, XSS etc)
Step Two: With JS, one can easy introduce HTTP connections to any number of websites, such as maybe the Talibans official website (They have one!), Google Searches for (to think of a few) "Gaziantep Places to Stay", "Turkey Flights", "Opposition to the Kuffar at home", "Dabiq Magazine", "how to join the Khalifah" etc
This could easily be done in a realisic appearing manner, especially to ISP/GCHQ filters and alerts.
Step Three: If any of this tallies with any physical activity (Let's say the target wanted to go Clay Pigeon Shooting, or Visited a Gun Club because he has in interest in .22 target shooting), then they have a case.
Sure, it's defendable, and this is a really simplistic example. But it's basically ruined the target's life.
Remember, it's probably not the "Government" doing this, as this info will be leaked.
I don't have anything to hide- but a malicious attacker could easily cause me to.
Step One: Maliciously cause the target to click on a link or open a url (Phishing, Exploit, RFE, XSS etc)
Step Two: With JS, one can easy introduce HTTP connections to any number of websites, such as maybe the Talibans official website (They have one!), Google Searches for (to think of a few) "Gaziantep Places to Stay", "Turkey Flights", "Opposition to the Kuffar at home", "Dabiq Magazine", "how to join the Khalifah" etc
This could easily be done in a realisic appearing manner, especially to ISP/GCHQ filters and alerts.
Step Three: If any of this tallies with any physical activity (Let's say the target wanted to go Clay Pigeon Shooting, or Visited a Gun Club because he has in interest in .22 target shooting), then they have a case.
Sure, it's defendable, and this is a really simplistic example. But it's basically ruined the target's life.
Remember, it's probably not the "Government" doing this, as this info will be leaked.