But you knew that right? "Your 'Anonymous' Browsing Data Isn't Actually Anonymous"
Eckert's first task with the data was to find out if her browsing data was included in the dataset. To do this, she queried the data for the URL linked with her company's login page, which generates a unique ID for each employee. Germany has a population of about 82 million, so the odds that Eckert herself was in browser data collected from 3 million Germans was small. Although it turned out her browser history wasn't in the data set, by querying the data for her company's login page Eckert discovered that a number of her colleagues were in the data by matching the unique login IDs from the company's page to the individuals.
With this information, Eckert would've been able to see her colleagues' entire browsing history for the last month. One of the colleagues included in the dataset was a close friend of hers, and she reached out to him to let him know that she had his browsing history. The question she had was which browser plugin was collecting and selling this data.
To answer this question, Eckert had her colleague delete one browser plugin every hour until he disappeared from the live data. On the seventh plugin, he disappeared. This suggested that the plugin collecting and selling his browser data was, ironically enough, called Web of Trust, which offers "free tools for safe search and web browsing."
The troubling thing about Eckert and Dewes' de-anonymization technique is that it can be used on anyone who has a public social media presence. For their report, Eckert and Dewes focused on Twitter and the German LinkedIn equivalent, Xing, to see if they could use these public profiles to de-anonymize public figures in the data.
When you click on your analytics page on Twitter, this brings you to a URL that includes your public Twitter handle—Xing has a similar feature. This means that Eckert and Dewes were able to query the database for these publicly available Twitter URLs for German politicians.
If the politicians were included in the dataset, the next step was to visit the Twitter profile of the politician and collect a few of the links they had recently posted. By using these links, coupled with the public Twitter URL, Eckert and Dewes were able to pull an individual's entire month-long browsing history from the anonymous dataset.
As Dewes pointed out when he and I spoke at Def Con, it requires an astonishingly small amount of browsing information to identify an individual out of an anonymous dataset of 3 million people. Since everyone's browsing habits are unique, it only takes about 10 website visits to create a "fingerprint" for an individual based on which websites they are visiting and when.
https://motherboard.vice.com/en_us/article/gygx7y/your-anonymous-browsing-da...
On Fri, Aug 04, 2017 at 08:48:11AM -0700, Razer wrote:
To answer this question, Eckert had her colleague delete one browser plugin every hour until he disappeared from the live data. On the seventh plugin, he disappeared. This suggested that the plugin collecting and selling his browser data was, ironically enough, called Web of Trust, which offers "free tools for safe search and web browsing."
https://motherboard.vice.com/en_us/article/gygx7y/your-anonymous-browsing-da...
With at least 7 plugins of this kind the lusers have bigger problems than just passive browsing history. btw, the history in the image appears entirely of porn to me.
On 08/04/2017 09:50 AM, Georgi Guninski wrote:
To answer this question, Eckert had her colleague delete one browser plugin every hour until he disappeared from the live data. On the seventh plugin, he disappeared. This suggested that the plugin collecting and selling his browser data was, ironically enough, called Web of Trust, which offers "free tools for safe search and web browsing."
https://motherboard.vice.com/en_us/article/gygx7y/your-anonymous-browsing-da... With at least 7 plugins of this kind the lusers have bigger problems
On Fri, Aug 04, 2017 at 08:48:11AM -0700, Razer wrote: than just passive browsing history.
btw, the history in the image appears entirely of porn to me.
hotmovs.com. I think that screenshot was chosen for 'impact'. The author didn't state if it was her voluntary cohort/acquaintance's browser history. For the record, Facebook's "comment plugin" no longer works if NoScript is enabled (McClatchyDC) even if you 'allow all globally'. I suspect the XSS filter is still active but haven't checked. There's no "Please turn off adblocker" message. Perhaps sites that make the bulk of their revenue from targeted advertising are getting a little testy. Rr
On Fri, Aug 04, 2017 at 07:50:04PM +0300, Georgi Guninski wrote:
On Fri, Aug 04, 2017 at 08:48:11AM -0700, Razer wrote:
To answer this question, Eckert had her colleague delete one browser plugin every hour until he disappeared from the live data. On the seventh plugin, he disappeared. This suggested that the plugin collecting and selling his browser data was, ironically enough, called Web of Trust, which offers "free tools for safe search and web browsing."
https://motherboard.vice.com/en_us/article/gygx7y/your-anonymous-browsing-da...
With at least 7 plugins of this kind the lusers have bigger problems than just passive browsing history.
btw, the history in the image appears entirely of porn to me.
PGLAF cartoon in 3 .. 2 .. Zero and One, by Anonymous, episode 0000 0000 ----------------------------------------------------------------- 0: "Ooh, you dirty little https wanna be url, shamelessly shedding all your TLS clothes to slink by on http alone..." 1: "No no, it's those skanky little dots after it that are corrupting the miners." 0: "Oh but that slash!" 1: "Don't get me started! And there's TWO of them, just begging to be wrapped around each other." 0: "Pervert! You and all your slashes!"
On Sat, Aug 05, 2017 at 11:48:00AM +1000, Anonymous wrote:
On Fri, Aug 04, 2017 at 07:50:04PM +0300, Georgi Guninski wrote:
On Fri, Aug 04, 2017 at 08:48:11AM -0700, Razer wrote:
To answer this question, Eckert had her colleague delete one browser plugin every hour until he disappeared from the live data. On the seventh plugin, he disappeared. This suggested that the plugin collecting and selling his browser data was, ironically enough, called Web of Trust, which offers "free tools for safe search and web browsing."
https://motherboard.vice.com/en_us/article/gygx7y/your-anonymous-browsing-da...
With at least 7 plugins of this kind the lusers have bigger problems than just passive browsing history.
btw, the history in the image appears entirely of porn to me.
PGLAF cartoon in 3 .. 2 ..
Zero and One, by Anonymous, episode 0000 0000 -----------------------------------------------------------------
0: "Ooh, you dirty little https wanna be url, shamelessly shedding all your TLS clothes to slink by on http alone..."
1: "No no, it's those skanky little dots after it that are corrupting the miners."
0: "Oh but that slash!"
1: "Don't get me started! And there's TWO of them, just begging to be wrapped around each other."
0: "Pervert! You and all your slashes!"
Future episodics, just waiting for ananon to embrace your skanky inner 01000101'er (btw, bc has convenient ibase and obase convertors) ---------------------------------------------------------------- PHP - where nominally BDSM-hatin' BDFLs outlaw (FTW!) by vigorous public shaming and eviction from the community, your chosen sexual lifestyle; "But, like, why?!" Because dominance over your contributors must NEVER be insubordinated, Foool!!! "Kneel, punk! .. Only NOW you are permitted to use this language!" NailGun - where two langs, one cup (of Java) is just, not, enough Python 2.7 - for all your programming geriatric pr0n needs PHP episode 0001 - for that tolerant, inclusive community feel Machine code - when PHP just aint hard enough Debian - the CoC swinging lifestyle community, though actually rather conservative PHP episode 0010 - you WILL submit to our undisclosed CoC, punk! Perl - come play strip twister with a dash of baby oil PHP episode 0011 - because the streissand effect will NOT work in Internet literate communities! Punk! Lisp - you are in a maze of twisty little passages, and only 01 leads to relief PHP episode 0100 - the "f*ck with the BDSMFL's authority and we WILL shame you" edition PHP episode 0101 - High Class shaming - how to fit in with our community - PHP, where nothing but submission is tolerated...
participants (3)
-
Georgi Guninski -
Razer -
Zenaan Harkness