Security Free Reuse

Researchers at the Def Con hacking conference have revealed how easy it is to discover private browsing habits. Using ‘Clickstream’ data that is usually purchased by advertisers and other parties, they were able to find the porn habits of a judge and the drug preferences of a politician.

The German pair says that though such data is supposed to be anonymized, it’s ‘trivial’ to tie it to individuals. They’re using the achievement to argue that such data needs to be protected.

“What these companies are doing is illegal in Europe but they do not care,” said Svea Eckert, one of the researchers.

Advertisement

Links to Own Social Media Accounts

The clickstream data follows everywhere people go online, and is available even if you clear your browsing history. An analysis shows that 95% of it is from 10 popular browser extensions, but that data is supposed to be anonymized.

In reality, firms aren’t doing enough to protect user’s identity. Andreas Dewes says they were able to discover the sites user’s visited, their searches, and what they bought. They analyzed unique customer identifiers in the data and cross-referenced it with links shared on social media.

This lets them tie the customer identifier to a real person, and therefore discover comprehensive browsing history. However, Dewes says that in many cases it was even easier than that.

Clickstream data often contained links to user’s social media admin pages, which revealed their identity directly.

“The public information available about users is growing so it’s getting easier to find the information to do the de-anonymisation,” said Dewes. “It’s very, very difficult to de-anonymise it even if you have the intention to do so.”

It’s not hard to imagine the damage such information could cause. Malicious parties could use it to stalk or blackmail users, including public figures.

Dewes and Eckert found the data so dangerous that they deleted it, fearing a hack.

Advertisement