Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Privacy The Internet Communications Network Networking Security Twitter Technology

72% of 'Anonymous' Browsing History Can Be Attached To the Real User (thestack.com) 67

An anonymous reader quotes a report from The Stack: Researchers at Stanford and Princeton have succeeded in identifying 70% of web users by comparing their web-browsing history to publicly available information on social networks. The study "De-anonymizing Web Browsing Data with Social Networks" [PDF] found that it was possible to reattach identities to 374 sets of apparently anonymous browsing histories simply by following the connections between links shared on Twitter feeds and the likelihood that a user would favor personal recommendations over abstract web browsing. The test subjects were provided with a Chrome extension that extracted their browsing history; the researchers then used Twitter's proprietary URL-shortening protocol to identify t.co links. 81% of the top 15 results of each enquiry run through the de-anonymization program contained the correct re-identified user -- and 72% of the results identified the user in first place. Ultimately the trail only leads as far as a Twitter user ID, and if a user is pseudonymous, further action would need to be taken to affirm their real identity. Using https connections and VPN services can limit exposure to such re-identification attempts, though the first method does not mask the base URL of the site being connected to, and the second does not prevent the tracking cookies and other tracking methods which can provide a continuous browsing history. Additionally UTM codes in URLs offer the possibility of re-identification even where encryption is present. Further reading available via The Atlantic.
This discussion has been archived. No new comments can be posted.

72% of 'Anonymous' Browsing History Can Be Attached To the Real User

Comments Filter:
  • Pr0n (Score:4, Funny)

    by felixrising ( 1135205 ) on Tuesday February 07, 2017 @08:50PM (#53822979)
    As long as my wife can't see my porn browsing history, no worries!
  • Idiots (Score:5, Insightful)

    by DontBeAMoran ( 4843879 ) on Tuesday February 07, 2017 @08:53PM (#53822993)

    ... by comparing their web-browsing history to publicly available information on social networks.

    Well, there's your problem. STOP USING SOCIAL NETWORKS.

    • by Anonymous Coward

      STOP USING SOCIAL NETWORKS

      I'd also add stop calling them social networks. They are anti-social data mining platforms premised on pervasive user surveillance. Call them what they are: snoops.

    • This.

      To be thorough, locate the circuit breaker panel for your location and flip all the switches you see from, "ON," to "OFF."

      Drill holes in your smart phone(s) and tablet(s).

      yw

    • You're assuming they're actually using it for the use case anonymous browsing was built for.

      I use privacy tabs for accessing my other Twitter account (I have personal and business accounts like any normal person), or my other Yahoo email account (there's the main one and the one I use for notifications from BBSes), and so on.

      The "right" way to do this would be for Firefox, Chrome, et al, to make it easy to have several browser profiles, with their own cookies etc, open at once. But while I know Firefox

    • by houghi ( 78078 )

      So no more /. ?

  • Twitter? (Score:5, Insightful)

    by lokedhs ( 672255 ) on Tuesday February 07, 2017 @09:10PM (#53823095)
    First, they talk about a user's identity. Later they merely talk about Twitter links and finding the user's Twitter ID. So what is it? Can they identify users or Twitter accounts? If it's the former, that's concerning. But it seems to be more likely that they found a Twitter account user by comparing the browser history to a Twitter account that had been sharing those links. The latter doesn't seem as impressive now does it?
    • by raymorris ( 2726007 ) on Tuesday February 07, 2017 @09:45PM (#53823221) Journal

      That's almost exactly what they did. First, they need your browser history. And your Twitter / Facebook profile needs to be wide open publicly. And you have to use Twitter regularly.

      If they had been smarter, they would have just looked at which Facebook and Twitter profiles you visited most often, and from there inferred those are probably your closest friends. A list of your closest friends fairly well identifies your profile. They decided to make it a tad more complex, though.

      Rather than looking at the friends list, they looked at links appearing in the person's feed. They reasoned that if the subject' browsing history shows them clicking in 50 links from a Twitter feed, it's probably an account that has those 50 links in their feed.

      • Before and after Firefox, I run the following .bat file:

        [ ccleaner [howtogeek.com] ]

        What is your method of cleaning up before and after opening your browser? Tips appreciated.

        --

        taskkill /f /im iexplore.exe
        taskkill /f /im firefox.exe
        taskkill /f /im chrome.exe
        RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351
        cd\
        cd C:\Program Files\CCleaner
        ccleaner /auto

        exit

        --

        • Use Virtualbox VMs, restoring the previous snapshot after every shutdown. (There might be a way to do this automatically.) When it comes to computer security/privacy, the easiest to understand and easiest to implement options are not infrequently the most powerful ones as well.

          Or you can go a step further [slashdot.org].
          • by lokedhs ( 672255 )
            You probably want to use Qubes OS which provides an environment where all of this is handled for you. I switched to it and I'm really happy with it.

            You can create multiple templates and all you do in the templates is installing software and make generic configurations. The actual VM's where you run stuff is based on the templates and are reset whenever you restart them.

            • You probably want to use Qubes OS which provides an environment where all of this is handled for you.

              I briefly covered this in a post from last year, [slashdot.org], which I linked to in the post you just replied to. I'm using Qubes right now.

              OP was talking about Windows, though, and if it's true that he's not a regular Linux user then the Virtualbox solution is probably a better place to start.

  • Wouldn''t this part of the problem be solved simply by using the privacy mode of the browser? If not, use a Linux Live distribution, which typically have no persistent storage (although some of them have an overlay filesystem that can be enabled especially for this purpose). This can be combined with anonymizing software like Tor for enough protection against everybody else but government-backed attackers.
    • Re: (Score:3, Informative)

      Wouldn''t this part of the problem be solved simply by using the privacy mode of the browser? If not, use a Linux Live distribution, which typically have no persistent storage (although some of them have an overlay filesystem that can be enabled especially for this purpose). This can be combined with anonymizing software like Tor for enough protection against everybody else but government-backed attackers.

      Whoops, bad advice. While it prevents the addition of new sites to the browser history, incognito mode doesn't erase the record of sites already visit. So it's better simply to create a new profile from scratch and then delete that profile. Now I think incognito mode is really a brain damaged idea, because it raises false expectations of privacy.

      • Whoops, bad advice. While it prevents the addition of new sites to the browser history, incognito mode doesn't erase the record of sites already visit. So it's better simply to create a new profile from scratch and then delete that profile. Now I think incognito mode is really a brain damaged idea, because it raises false expectations of privacy.

        As well, your ISP is keeping records of you. There simply is no privacy on the intertoobz. It was never designed to be that way. And if you use TOR, there are others who will take great interest in you. About the only use of incognito mode is to keep your spouse from finding out about that shemale midget scat porn some folks like.

        • ... shemale midget scat porn ...

          So, no link?

          No.

          Because you only think about yourself.

          • ... shemale midget scat porn ...

            So, no link?

            No.

            Because you only think about yourself.

            Shudder.... Well, figuring a rule 34 happening, I plunged in, did a DuckDuckGo, and.......

            I think they actually do...Jeebuuz k. Rist! But I'm too afraid to click the links - imgine if the wife walks in when I'm looking at that! "It's not what it looks like honey! I'm doing important internet research - Seriously!!"

            I mean Two Girls One Cup would be a walk in the park by comparison.

            • lol

              From Uncle Sam's Yacht Club: The difference between a "sea story" and a "fairy tale" is, a fairy tale starts out with, "Once upon a time ..." and a sea story starts out with, "Hey; this ain't no shit ..."

              So, hey. This ain't no shit:

              Mobil Oil Corp systems analyst ca. late '90s ...

              I was doing an overhead projection of the Internet (Netscape), showcasing how it could help with Just-In-Time Inventory research.

              Lesson learned: Try shit before I make an ass of myself in front of all the suits.

              I searched for, "s

              • I searched for, "stocking just in time inventory."

                Up came a photo of a major trophy babe in fishnet stockings and little else at a site selling "Stockings just in time for Christmas and we have a huge inventory."

                HAH! Well, sales probably went up, and I guess the presentation was kind of prophetic about the internet. "Yikes!" used to be a pretty risky search word - dunno, I haven't included it for years.

    • by TheRaven64 ( 641858 ) on Tuesday February 07, 2017 @10:04PM (#53823297) Journal
      No. Incognito modes prevent your browser from storing your browsing history (in persistent storage, assuming no bugs). They do not prevent other sites from recording it. If you're not actively blocking them, any page that contains a Twitter or Facebook button notifies these companies that you've visited the page. The same applies most advertising networks.
      • by crtreece ( 59298 )

        any page that contains a Twitter or Facebook button notifies these companies that you've visited the page

        Until you install noscript, and tell it not to load scripts from other domains.

        • by Anonymous Coward

          You don't get it. It's not about ~your choice and your precious NoScript~, princess. The server is still using its access logs, amongst many other techniques, in bad faith to fingerprint you.

  • by ( 4621901 )

    People's Twitter profiles have been found out when following Twitter.

    "they were able to correctly pick out the volunteers’ Twitter profiles" with the reason "People’s basic tendency to follow links they come across on Twitter"

    The remaining 28% that they didn't correctly pick out probably didn't use Twitter and had nothing but cat videos.

  • ...then they can identify you 72% of the time, otherwise the trail is cold. Brilliant!

    • Except for YouTube, which REFUSES to recommend videos that I actually want to watch, regardless of if they know me or not.
  • it could be attached to an IP address, but they dont know who is at the keyboard,
  • by gravewax ( 4772409 ) on Wednesday February 08, 2017 @02:12AM (#53824121)
    This is hardly news. I would argue if you are browsing social media then you simply aren't browsing anonymously and many of us that have understood this ensure we behave appropriately when trying to be anonymous, this is not new. When I am using my Anonymous VPN to access content Social Media tools and sites, blogs etc are all big no no's.
  • I'd have thought that over 80%, not under, could be identified just by what they browse. Mainstream being stereotypically homogenous, and everything.

  • Don't broadcast your life on social media. Why would you have any expectation of privacy in that situation?

But it does move! -- Galileo Galilei

Working...