RSS Alerts

Share

More services

Related Links

Related Stories

  • EFF launches web browser entropy tool
    A new tool released by privacy advocacy group EFF is designed to help users find out how identifiable their web browsers are online.
  • Google Chrome in anonymity blunder
    The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports.
  • Netflix' second data challenge on revealing customers DVD rental habits has privacy experts hopping mad
    Privacy advocates are furious at plans by DVD rental service Netflix to unveil more data about the rental habits of its customers. Experts argue that the data could easily be used to identify customers and draw inferences about their lifestyles.
  • From the Eye of the Storm: 2011 Information Security Predictions
    Last January, Infosecurity magazine published prognostications by the (ISC)² Advisory Board of the Americas (ABA) regarding the information security field in 2010. Unlike many who have attempted to envision the future, the ABA has gone back and reviewed the accuracy of its predictions and provided a letter grade for each. The ABA will then offer new predictions for 2011.
  • Information security in 2020
    Information security has come a long way since the days of the Y2K IT problems and the infamous MafiaBoy staging a DDoS attack on major sites such as Amazon, CNN and Yahoo! in February 2000. Looking ahead, where will the industry be in 2020? Steve Gold asks some of the industry’s finest minds to share their predictions

Top 5 Stories

News

Researchers identify anonymous users through web browser history and social networks

25 February 2010

Researchers have combined stolen web browser history data with membership of social networking groups to identify large numbers of users who would otherwise be anonymous, it was revealed this week.

The researchers, from the Technical University of Vienna, the Institute Eurecom, Sophia Antipolis and the University of California, Santa Barbara, used information about the memberships that social networking members had to social network groups. "This is often sufficient to uniquely idenfity this user," they said. "When unique identification is not possible, then the attack might still significantly reduce the size of the set of candidates that the victim belongs to."

The researchers' technique uses websites with sparse data sets – that is, websites where information about each individual user represents only a small fraction of the overall attributes. This applies to social networking sites because even the most active user is only a member of a small fraction of all groups, which means that the group membership serves as a fingerprint, they said in a paper to be published at the 31st IEEE Symposium on Privacy and Security.

This fingerprint information is gathered using a technique called 'history stealing', in which a user's browser history is probed to see where they have been surfing. Such URLs can reveal information about which social networking groups they have joined, said the paper.

"By combining this information with previously collected group membership data from the social network, it is possible to de-anonymize any user (of this social network) who visits the attacker's website," the paper continued.

The researchers targeted the Xing social network for their proof-of-concept attack, which contains roughly eight million registered users, to prove their point. It also targeted Facebook and LinkedIn, which have far greater user bases. It found that 42% of Xing's users could be vulnerable to attack, and that both Facebook and LinkedIn are also potentially vulnerable.

Amazon and eBay could also be vulnerable to a de-anonymization attack, said the paper.

This article is featured in:
Internet and Network Security • IT Forensics

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012