72% of 'Anonymous' Browsing History Can Be Attached To the Real User

An anonymous reader quotes a report from The Stack: Researchers at Stanford and Princeton have succeeded in identifying 70% of web users by comparing their web-browsing history to publicly available information on social networks. The study "De-anonymizing Web Browsing Data with Social Networks" [PDF] found that it was possible to reattach identities to 374 sets of apparently anonymous browsing histories simply by following the connections between links shared on Twitter feeds and the likelihood that a user would favor personal recommendations over abstract web browsing. The test subjects were provided with a Chrome extension that extracted their browsing history; the researchers then used Twitter's proprietary URL-shortening protocol to identify t.co links. 81% of the top 15 results of each enquiry run through the de-anonymization program contained the correct re-identified user -- and 72% of the results identified the user in first place. Ultimately the trail only leads as far as a Twitter user ID, and if a user is pseudonymous, further action would need to be taken to affirm their real identity. Using https connections and VPN services can limit exposure to such re-identification attempts, though the first method does not mask the base URL of the site being connected to, and the second does not prevent the tracking cookies and other tracking methods which can provide a continuous browsing history. Additionally UTM codes in URLs offer the possibility of re-identification even where encryption is present. Further reading available via The Atlantic.

Exactly: If you use Twitter a lot, your public pro

[raymorris]

That's almost exactly what they did. First, they need your browser history. And your Twitter / Facebook profile needs to be wide open publicly. And you have to use Twitter regularly.

If they had been smarter, they would have just looked at which Facebook and Twitter profiles you visited most often, and from there inferred those are probably your closest friends. A list of your closest friends fairly well identifies your profile. They decided to make it a tad more complex, though.

Rather than looking at the friends list, they looked at links appearing in the person's feed. They reasoned that if the subject' browsing history shows them clicking in 50 links from a Twitter feed, it's probably an account that has those 50 links in their feed.