[sammax]

> Yes, and _that's it_! Just by getting someone to click on a site they find trustworthy, you are now able to extract country, device, browser, OS, time of access

So you'd be using this as an overly complex IP geolocation lookup and UA header parser? All of this information is either already known to you when you trick someone to click on that link (because they are on your website so you get the same data) or can instead be obtained by tricking them into clicking on a link to your website instead of that one (if it's an email for example).

[hobofan]

> because they are on your website so you get the same data

Or you provide the link via any social media website, or email, etc..

> or can instead be obtained by tricking them into clicking on a link to your website instead of that one

The target may feel much safer clicking a link to knowntrustedsite.abc than yourunknownphisysite.xyz

[sammax]

> The target may feel much safer clicking a link to knowntrustedsite.abc than yourunknownphisysite.xyz

Big doubt honestly, at least for the vast majority of people. Just set up some blog with some contest that interests them (can be copied from other blogs) and they're not gonna suspect a thing. People might notice if you pretend to be their bank but are actually a phishing site, but they don't notice if you pretend to be a blog and are actually a blog that harvests their data just like any other website.