Forgot your password?
typodupeerror
Privacy Social Networks

De-Anonymizing Social Network Users 88

Posted by kdawson
from the know-what-groups-you-joined-last-summer dept.
An anonymous reader writes "The H has an article about some researchers who found a new way to de-anonymize people. Compared to the EFF's Panopticlick, the goal of this experiment is not to identify a user's browser uniquely, but to identify individual users. The test essentially exploits the fact that many social network users are identifiable by their membership of various groups. According to the researchers, it's very unlikelly that two people on any social network will belong to exactly the same groups. A 'group fingerprint' can thus allow websites to identify previously anonymous visitors. They describe the setup and all details and the results look very interesting. They also have a live demo for the social network Xing that was able to de-anonymize me."
This discussion has been archived. No new comments can be posted.

De-Anonymizing Social Network Users

Comments Filter:
  • by Anonymous Coward on Tuesday February 02, 2010 @03:48AM (#30992446)

    A more accurate one, if I am RTFA right, is "by trawling through the browser history of visitors to a site it is possible to distinguish one from another so long as the user uses and regularly visits the group pages of select social networking sites and never clears their history". At most it seems to allow them to compare the "groups" pages you have visited on, say, Facebook and possibly identify which FB user you are using that information.

    I see nothing to suggest that this helps them to identify who you actually are in meatspace unless you supply those details on your public Facebook page.

  • by zwei2stein (782480) on Tuesday February 02, 2010 @04:23AM (#30992586) Homepage

    Your font list is reported by flash and java. Your browser is innocent of this. Disabling flash & java goes long way to make your system information less accessible.

    Sniffing history is basic feature of xhtml/css, price you pay for selectors. a:visited (background-image:"slashdotorg.png") && boo! [shasldot.org] - if you go to my site, you will request specific image and i can see it in logs, boom, i know you were to slashdot.

  • by Anonymous Coward on Tuesday February 02, 2010 @04:40AM (#30992644)

    "anyone know of a plugin that blocks them?"

    NoScript blocks Javascript which in turn blocks most of these queries.

    Still says I'm 1 in 200.000. Probably due to running Ubuntu. I'd have to manipulate my HTTP headers to something very common to counter that. No idea if there's an add-on that does that ... or what value to use.

    Add Flashblock if you want to control the execution of Flash independently (e.g. allow JavaScript but only run one of the flash applets, like the video but not all those add/tracker applets).

  • by advocate_one (662832) on Tuesday February 02, 2010 @04:45AM (#30992662)
    I was running with noscript, flashblock and adblock... mind you, I think I had noscript set not quite so strictly... and clicked on the flash blocked box thinking it needed clicking on for the site to work...
  • by AHuxley (892839) on Tuesday February 02, 2010 @04:49AM (#30992684) Homepage Journal
    It could be about the connections. If you get an ip and raid a house you get 1 person and a clean computer. They alert their friends and its all over.
    With this you get the friends of friends and their interests.
    The ability to play an eco nut, poker fan, open source gamer or other 'lifestyle' undercover is very tempting.
    Over time they build a relationship and might get invited in.
  • by Anonymous Coward on Tuesday February 02, 2010 @04:52AM (#30992696)

    History stealing is even older than Jeremiah Grossman's blog posting, he also simply copied the idea: this design flaw was reported in bug tracking system of Mozilla (Netscape) back in 2000, the longest discussion in the system is from 2002 (http://bugzilla.mozilla.org/show_bug.cgi?id=147777 [mozilla.org]).

    If you read the article, they clearly state that history stealing is a well-known technique, they just use it in a different setting to be able to find out the "group fingerprint".

  • Re:Xing? (Score:3, Informative)

    by LKM (227954) on Tuesday February 02, 2010 @06:04AM (#30992902) Homepage
    Xing is a German site similar to LinkedIn. It's quite popular in Europe. Nothing to do with BSD, GNU or anything else along those lines.
  • by Anonymous Coward on Tuesday February 02, 2010 @08:39AM (#30993796)

    Easy remedy:
    about:config

    plugin.expose_full_path Standard boolean false.

    I bet yours is set to true.

Cobol programmers are down in the dumps.

Working...