Slashdot Mirror

← Back to Stories (view on slashdot.org)

De-Anonymizing Social Network Users

Posted by kdawson on from the know-what-groups-you-joined-last-summer dept.

An anonymous reader writes "The H has an article about some researchers who found a new way to de-anonymize people. Compared to the EFF's Panopticlick, the goal of this experiment is not to identify a user's browser uniquely, but to identify individual users. The test essentially exploits the fact that many social network users are identifiable by their membership of various groups. According to the researchers, it's very unlikelly that two people on any social network will belong to exactly the same groups. A 'group fingerprint' can thus allow websites to identify previously anonymous visitors. They describe the setup and all details and the results look very interesting. They also have a live demo for the social network Xing that was able to de-anonymize me."

9 of 88 comments (clear)

  1. An anonymous reader? by Tyir · · Score: 5, Funny

    Probably not so anonymous anymore!

  2. Uh, no thanks... by __aaclcg7560 · · Score: 4, Funny

    I prefer not to de-anatomized all the Anonymous Cowards. Neutered them, sure. Let's leave it at that.

  3. Summary is wrong; idea is worthless by michaelmalak · · Score: 4, Insightful
    The summary is incorrectly worded. It should read "Contrasted with the EFF's..."

    But worse than that, the paper itself is horribly written, especially the abstract. The threat presented is not de-anonymization within the social network (since usually most profiles are real people anyway) but rather de-anonymization of visitors to arbitrary websites if those visitors also have social networking URLs in their browser history.

    Now, the big privacy hole here is browser history stealing, which is four years old. All this paper does is refine this mountain of privacy-invading information using social networking URLs that might be found there.

  4. Fonts, Plugins, History... why? by advocate_one · · Score: 5, Interesting
    Having gone on that panopticlick site and discovered that my browser was unique amongst some half million visitors... I was shocked that my browser was blabbing about what fonts were on my system... Why on earth would a browser transmit the list of installed fonts at all? All it needs locally are a set of alternatives, ie. if page says this font, then use this local font... wasn't that the entire point of the webfonts package?

    similarly, the plugins list... another thing that doesn't need to be sent out by the browser...

    Firefox devs, you listening here? these do not need to be transmitted so block them...

    anyone know of a plugin that blocks them?

    and why on earth is it possible to sniff the history list???

    --
    Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
    1. Re:Fonts, Plugins, History... why? by zwei2stein · · Score: 5, Informative

      Your font list is reported by flash and java. Your browser is innocent of this. Disabling flash & java goes long way to make your system information less accessible.

      Sniffing history is basic feature of xhtml/css, price you pay for selectors. a:visited (background-image:"slashdotorg.png") && boo! - if you go to my site, you will request specific image and i can see it in logs, boom, i know you were to slashdot.

      --
      -- Technology for the sake of technology is as pathetic as eschewing technology because it's technology.
    2. Re:Fonts, Plugins, History... why? by StripedCow · · Score: 4, Insightful

      Even more horrifying: in my case, my local username was part of the information that panopticlick found... the reason was that one of the plugin binaries was in a subdirectory of my homedir, and its path contained my username, and apparently the path of that binary was sent out by firefox. However, I'm not sure if the fault lies with firefox or with the particular plugin (citrix receiver for linux). Probably the latter, because in the plugin-box, it identifies itself with its full path.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
  5. What about loners? by macraig · · Score: 5, Interesting

    Brilliant plan, guys... except you still left one variable unknown: the aloof guy who doesn't belong to any groups. How do you pick him out of the crowd when he's not in it to begin with? Those aloof loners are always the ones we should be worrying about, right? That's what the movies always say.

  6. Re:Nothing new by AHuxley · · Score: 4, Insightful

    IP can change, country can change, name can change.
    But if your the user with a Mac, version 2.0.1b of a browser posting to a small interest section, this would be great to find you again and your new set of friends.
    Thats why you never go back to the same sites if people are interested in you.

    --
    Domestic spying is now "Benign Information Gathering"
  7. uhh, why? by TechnoVooDooDaddy · · Score: 4, Insightful

    All you have to do is post a stupid little survey to Facebook and millions of idiots will fill the silly thing out giving you their mother's maiden name, street they grew up on, and last 4 digits of their social security in return for generating a few sentences of nonsense.