Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy

Your Browsing History Can Uniquely Identify You (schneier.com) 32

Posted by EditorDavid from the webs-we-weave dept.
An anonymous reader writes: Researchers from Mozilla report in a study that web browsing histories (the lists of user visited websites) are uniquely identifying users (PDF). In their study that was the case for 99% of users. Treating web browsing histories like fingerprints, the researchers analysed how the users can be reidentified just based on the coarsened list of user-visited websites.

In doing so they upheld and confirmed a previous study from 2012, prompting the author of the original study to say that web browsing histories are now personal data subject to privacy regulations like the GDPR.

Sensitivity of web browsing history data questions the laws allowing ISPs to sell web browsing histories.
The now-vindicated author of the 2012 study added this emphatic note in their blog post. "Web browsing histories are personal data. Deal with it."
This discussion has been archived. No new comments can be posted.

Your Browsing History Can Uniquely Identify You More

Your Browsing History Can Uniquely Identify You

Comments Filter:

  • Let's place heavy penalties on its use. All we can do is take away their advantage. Time to get creative!

    • Or you could skip your ISPs DNS server and use DNS over TLS + DNSSEC. That makes it borderline impossible for them to truly track your web browsing.

      • Temporary short term measures only work as long as they are not widely adopted. It will always be cat and mouse. Eventually comes deep packet inspections, then all bets are off. You will use only the ISPs approved white list of protocols and services and websites.

      • "Browser History".

        It is collected before it ever goes near any network... by the browser. Tweaking DNS will do absolutely nothing.

  • So the guy with the history full of sites browsed as BeerFartMoron is, in fact, BeerFartMoron. Genius deduction there.

  • Most Hated Feature (Score:5, Funny)

    by DatbeDank ( 4580343 ) on Saturday August 29, 2020 @02:44PM (#60453362)

    Be Me, 2002. Furiously browsing porn on ie6. Hey you're young and it was that dark time between Netscape and Firefox.

    Hears car

    "OH shit!"

    Goes to internet options, clear history.

    "Phew, safe!"

    Except there's a bug where the history won't clear and now you're furiously clearing 500 plus pages of porn by right clicking and deleting.

    Seriously, most hated feature and IE6 is still the world's shittiest browser.

  • how to prevent websites (Score:4, Insightful)

    by FudRucker ( 866063 ) on Saturday August 29, 2020 @02:45PM (#60453368)
    from accessing my browsing history, i dont think they should be rifling through my cookies and browsing history, websites should only be able to access their own cookies they set and nothing more,
    • Ummm..... that was the plan back in olden days. Then we decided .2 cents a impression was a good amount for money for a banner ad.

  • I clear my history often (Score:1)

    by Anonymous Coward

    It's weird because when I visit some sites they accuse me of using an ad blocker. No, I just clear history after I visit a site and before I go to the next one.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      History and cookies.

      I got our company's proxy server IP blocked by the Washington Post [washingtonpost.com] once. I visited the site a couple of times, clearing history and cookies between visits. So instead of getting the 'you only have 2 free articles to read' nag screen, they popped up 'There appears to be something suspicious going on on your system'. And refused to serve up any more pages. The company grapevine said that everything at our office was blocked. Much to the chagrin of the Bleeding Hearts department. Who appar

    • It's easier to turn on incognito mode, nothing to clear.

  • I've been saying this for the longest time... (Score:4, Interesting)

    by kyoko21 ( 198413 ) on Saturday August 29, 2020 @03:08PM (#60453418)

    My coworkers laughed a decade ago but I proposed an "internet white noise" generator that would constant generate web and internet traffic so that this could be incorporated into not just your browsing history but as well as your over all internet traffic, or "signal" that is generated from your particular IP address. In doing so, your traffic, even if it's captured would be hard to analyze since there is so much traffic and noise to account for.

    If everyone visited whitehouse.com and pornhub.com how could you really tell who is really visiting whitehouse.com and pornhub.com. For that matter, who really knows for sure who is "problematic" and who isn't?

    • And just to mess with them a bit, once in a while you throw whitepornhousehub.com and pornwhitehubhouse.com in the list.

  • This is not new (Score:5, Informative)

    by YrWrstNtmr ( 564987 ) on Saturday August 29, 2020 @03:18PM (#60453440)
    The AOL search history that was leaked 14 years ago, a few GB of anonymized data.
    A few people ware identified precisely.
    https://en.wikipedia.org/wiki/... [wikipedia.org]

  • They won't want to uniquely identify me by my browsing history.

    • Set your browser to delete everything on closing

      Doesn't really help. If someone's in your local browser history, they're probably in your whole hard drive. In which case, being IDed from your browser history is the least of your problems. Deleting your browser history etc does nothing to stop your ISP eavesdropping. Which brings us neatly to...

      And use a fucking VPN.

      Okay, so give it all to your VPN provider instead of your ISP. And you trust the VPN more than your ISP, why? Again, nothing solved.

      • History can be derived by what images you already have cached, to name one single vector. Deleting the cache upon closure is a valid way of improving privacy.

        • History can be derived by what images you already have cached, to name one single vector. Deleting the cache upon closure is a valid way of improving privacy.

          Again, only if somebody's already got your hard drive. In which case they already know who you are. Because they're the cops, and they got that hard drive from that time when they raided your house.

          • If you load a page that contains the image "1471_Rule_34.png" and your browser downloads every other image on the page except that one, the server can infer information about your cache from that. This is of course a gross oversimplification, but should serve as an example of the kinds of tricks people can pull.

            • Ah, yes, I see where you're coming from. Yes, the cache does leak information to sites and advertisers and the like. Clearing the cache would interfere with anyone pulling tricks like that, but OTOH would perhaps make it easier for those who are simply logging every request, since you're then refetching everything every time. ISPs would presumably be in the latter category, if they're the ones selling your history (which is after all what TFA was about).
  • ...no one ever compliments me on my wonderful tastes in porn. I feel so let down!

  • Nope. Mine gets deleted (Score:3)

    by gweihir ( 88907 ) on Saturday August 29, 2020 @05:22PM (#60453766)

    And my browser does not send it anywhere before that. Anything potentially controversial, also in the future, I use a write-protected Tails stick for. You never know whether your country will have fascist or other authoritarian tendencies in 20 years (or much sooner). And you may even move to a different country with the same issue. Data like browsing history may get you killed or imprisoned. If not now, then later.
     

  • Comment removed based on user account deletion
    • Who still uses a computer to browse the internet? Everyone worth their advertisement costs are browsing on their phones, and the people browsing on laptop and desktops probably have 7 layers of adblockers.
  • I'm guessing 99% of the sites I visit are links from soylent, slashdot, fark, ars, or google news. I have half a dozen sites I visit daily, and those generate probably 50-100 links I click on.

  • No kidding! (Score:2, Funny)

    by Revek ( 133289 )
    What kind of loser goes to slashdot everyday and how many?

  • when did this come into effect, please?

    is there a list of who is selling what?

    is this "only in america" or worse?

Slashdot Top Deals

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Close