You asked me why that information is supposed to be private. I told you that by assuming a worst-case scenario, which involved criminal activity. Yes, we have to presuppose the intent of a phisher, because the mere existence of such a person is grounds for protecting the privacy of where you go online.
Finding out which places people visit is actually rather hard, since everything usually goes through a localised router, which adds a degree of anonymity. If I were inside the network, I could sniff packets and determine where you went, but that involves me being close to you (geographically), and that limits the number of people I can attack (and reduces the likelihood of an attack occurring). If I am outside the network, finding out where you go is almost impossible, but the fact is it should be impossible (or very very hard) so that any attack has a very low success rate. The code that determines where you have been on the web is easily installed, making it very easy for someone to find out where you have been.
Look at it this way. Why do we have seat belts in cars? The vast majority of us don't have a need for them, since the vast majority of drivers don't get into accidents. However, we have them there because of the worst-case scenario, and in that case, they save lives. Sure, we could open up our browsing history and let anyone know where we have gone on the web, because most of the time it is of no interest to anyone. However, the worst-case scenario involves a breach of privacy, which leads to a loss of money and / or personal details. For this reason, we must secure our web history.
Finding out which places people visit is actually rather hard, since everything usually goes through a localised router, which adds a degree of anonymity. If I were inside the network, I could sniff packets and determine where you went, but that involves me being close to you (geographically), and that limits the number of people I can attack (and reduces the likelihood of an attack occurring). If I am outside the network, finding out where you go is almost impossible, but the fact is it should be impossible (or very very hard) so that any attack has a very low success rate. The code that determines where you have been on the web is easily installed, making it very easy for someone to find out where you have been.
Look at it this way. Why do we have seat belts in cars? The vast majority of us don't have a need for them, since the vast majority of drivers don't get into accidents. However, we have them there because of the worst-case scenario, and in that case, they save lives. Sure, we could open up our browsing history and let anyone know where we have gone on the web, because most of the time it is of no interest to anyone. However, the worst-case scenario involves a breach of privacy, which leads to a loss of money and / or personal details. For this reason, we must secure our web history.
