Slashdot Mirror

← Back to Stories (view on slashdot.org)

It Is Easy To Expose Users' Secret Web Habits, Say Researchers (bbc.com)

Posted by msmash on from the privacy-woes dept.

An anonymous reader shares a BBC report: Two German researchers say they have exposed the porn-browsing habits of a judge, a cyber-crime investigation and the drug preferences of a politician. The pair obtained huge amounts of information about the browsing habits of three million German citizens from companies that gather "clickstreams." These are detailed records of everywhere that people go online. The researchers argue such data -- which some firms scoop up and use to target ads -- should be protected. The data is supposed to be anonymised, but analysis showed it could easily be tied to individuals. People's browsing history is often used to tailor marketing campaigns. The results of the research by Svea Eckert and Andreas Dewes were revealed at the Def Con hacking conference in Las Vegas this weekend. The pair found that 95% of the data they obtained came from 10 popular browser extensions. "What these companies are doing is illegal in Europe but they do not care," said Ms Eckert, adding that the research had kicked off a debate in Germany about how to curb the data gathering habits of the firms.

95 comments

  1. Which browser extensions? by Anonymous Coward · · Score: 2, Informative

    The pair found that 95% of the data they obtained came from 10 popular browser extensions.

    I can't even name 10 popular browser extensions. I didn't think the muggles installed extensions.

    1. Re:Which browser extensions? by cayenne8 · · Score: 1

      Yeah...why didn't they list the 10 most dangerous extensions...??

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    2. Re:Which browser extensions? by arth1 · · Score: 1

      Yeah...why didn't they list the 10 most dangerous extensions...??

      To not make themselves targets of civil lawsuits, I would imagine.

    3. Re:Which browser extensions? by Anonymous Coward · · Score: 5, Interesting

      You have no idea. Number one infection vector: Youtube downloaders. Not quite coincidentally, "proxtube" is one of the 10 browser extensions which leak every URL you visit. You can get an ordinary user to install anything. Just tell them they can get something for free that they would otherwise have to pay for.

    4. Re:Which browser extensions? by DontBeAMoran · · Score: 1

      Youtube downloaders?

      Step 1. Disable CSS
      Step 2. Scroll to the video
      Step 3. Right-click and select "Save video as..."

      Done.

      --
      #DeleteFacebook
    5. Re:Which browser extensions? by Anonymous Coward · · Score: 0

      That doesn't help. The user will download a video to MP3 converter. Boom - infected.

    6. Re:Which browser extensions? by Anonymous Coward · · Score: 0

      I'm sitting here trying hard to understand how my amnesic Puppy Linux distro could possibly be infected...

    7. Re:Which browser extensions? by Anonymous Coward · · Score: 0

      Browser extensions work on Linux too.

    8. Re:Which browser extensions? by Anonymous Coward · · Score: 0

      Amnesic, capisce? No extesinsons, No nothing. Bare metal against the world. Unscathed.

    9. Re:Which browser extensions? by Anonymous Coward · · Score: 0

      I watched a YT recording of a prior event to try and gather more information.

      1. They did not disclose which company provided the clickstream (i.e. the raw data) on 3M Germans. What they did is get hold of was free trial data (during a 14 days trial period), provided by one of the data trading companies (apparently with the expectation that they could later sell more real data).

      2. They identified WOT as one of the browser add-ons that leaked the clickstream using elimination principle - by working together with one of the identified persons (Mike Kuketz) and asking that person to uninstall browser plugins. His clickstream stopped after he uninstalled WOT (since they had access to a _live_ clickstream they could do this test).

      Slides #55 and #56 were not part of that talk. We'll have to wait for Def Con recording to find out how they got hold of the histogram on slide #55.

    10. Re:Which browser extensions? by Anonymous Coward · · Score: 0

      youtube-dl is one of the most useful utilities I have ever come across.

  2. You are not anonymous online by bobbied · · Score: 4, Insightful

    Despite the appearance or how hard you try, you are NOT anonymous online. You may be harder to trace than the next person, but you are not able to totally hide. Increasingly, with the advent of "big data" and "data mining", smart people are going to make inroads in tracing every jot and tittle of what you do. The question is only about where the data collection is happening that drives this data mining effort.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:You are not anonymous online by Anonymous Coward · · Score: 1


      Despite the appearance or how hard you try, you are NOT anonymous online.

      If your standard for "anonymous" is perfection and impossibility of tracing, you're right. But that's a very hard standard. I'd prefer to think of it like security. How hard is it to track you, and how badly does someone want to track you.

      You don't have to be perfectly anonymous. You just have to be more anonymous than the effort someone wants to go through to do so. For most people, simply turning on some anti-tracking software is sufficient for those purposes.

    2. Re:You are not anonymous online by arth1 · · Score: 2

      You don't have to be perfectly anonymous. You just have to be more anonymous than the effort someone wants to go through to do so.

      Or, in some cases, more anonymous than his neighbor. Making sure you're not low hanging fruit goes a long way.

      In one way, the boundless data collection is an improvement on the lower volume and better targeted data collection we had before. The haystack grows bigger, and even though the data is there, it becomes permutationally harder to sift through.
      Police investigations have shown this many times now - the data was there, but they couldn't find it until the perpetrator had been identified by other means. And then they call that a success, and use it as a justification for collecting even more data...

    3. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      I might not be anonymous even with my best try, but at least I am a bit anonymous than Joe Sixpack.

    4. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      I wonder if people could misslead big data, after all it's mostly statistically driven; when I'm bored I click on every single ad I see (I use a sandboxed system so malware is minimum), I wonder if in some time I will start getting free offers from "Sponge monthly" or "[Insert terrible awful and/or disgusting thing] Magazine".

    5. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      I wonder if people could misslead big data,

      Of course they could. I actually do it. Misinformation, disinformation. It's been years since I saw the last online ad. You just need simple tools and a internet surfing strategy. Google gets me wrong all the time, and facebook is not even alowed in my connection. All fb domains to the loopback.

    6. Re:You are not anonymous online by ZorroXXX · · Score: 1

      "Data can be useful or anonymous, but never both" - Paul Ohm

      And Paul is not just anyone, he has done a lot of research and publications about privacy.

      This does not come as a surprise for anyone that has not ignored privacy issues the last couple of decades. There are countless examples of the fallacy of we can just "anonymize" data and then there are no longer any privacy problems, like AOL search data leak, 87% of USA's population is uniquely identified by birth date, sex and postal number/zip code (backstory), etc.

      --
      When you are sure of something, you probably are wrong (search for "Unskilled and Unaware of It").
    7. Re:You are not anonymous online by Falos · · Score: 1

      This. You're not throwing one wrench at one machine.

      You're spewing whatever you can at an invisible army who are all using a thousand different sets of conditions, scopes, techniques etc. and you usually can't tell what sticks. It doesn't matter, throw anyway, if only for the principle of it.

      Being less harvestable than the Next Guy may also help, as sister post mentions.

    8. Re:You are not anonymous online by swb · · Score: 1

      It seems obvious that "anonymizing data" and "targeting advertising" is a paradox. If it's effectively anonymized, it wouldn't be useful for targeting. That they're able to do targeting means that it's not really anonymous.

    9. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      Yes,

      I use PIA VPN, I run different Portable versions of Firefox for each particular "viewing session", with random user-agent strings, disable JS by default via Noscript and have all the privacy settings on using "Privacy Settings" extension.

    10. Re:You are not anonymous online by ColdWetDog · · Score: 1

      The haystack grows bigger, and even though the data is there, it becomes permutationally harder to sift through.

      Except for the fact that computers are extremely capable of sorting through piles of data, this might be true. Perhaps the Stasi had issues, but anybody with a decent Internet connection and a half powerful computer can sort through a whole bunch of hay bales.

      --
      Faster! Faster! Faster would be better!
    11. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      Computers may store and process large amounts of data but they are not fast enough to process petabytes of real time data needed to take action. One of the documents Snowden released contained the same assessment and recommended cancelling all efforts to collect real time internet traffic because even with the resources they were unable to see any benefit of this particular initiative.

      And wouldn't it nice if all of these Def-Con participants applied their not inconsiderable skills to protecting the systems they gleefully try to compromise. It is easy to break something but it is a lot harder than building something. Why do we need "security" researchers who always seem to be two steps behind the people creating the exploits? Who really cares what the technical details of the exploit are 6 months after the exploit has been released into the wild? Postmortem research is fine but it's usefulness is rather limited.

      And the Stasi comparison is an example of the fatal ignorance of people whose knowledge of history comes from a Twitter feed. Comparing anything being practiced in the US today minimizes the horror the Stasi and their Russian minders practiced in E. Germany. The Stasi adopted the same strategy to keep their population that the USSR and China used. One of the most insidious methods was to indoctrinate the children to the state ideology starting in the 2nd grade. The students were fed propaganda on a daily basis and were encouraged to report anyone they knew who said anything bad about the state. This led to the children being told to keep a close eye on their parents and report them if they said anything against the state. Informers were also cultivated and neighbor reported neighbor over any slight, real or imagined. Informers were rewarded with jobs and other perks. In the end they created a state where everyone was watching everyone else and all the enforcers had to do was show up and summarily execute the offenders.

    12. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      And wouldn't it nice if all of these Def-Con participants applied their not inconsiderable skills to protecting the systems they gleefully try to compromise.

      Trying to compromise them is protecting them.

    13. Re:You are not anonymous online by arth1 · · Score: 1

      Except for the fact that computers are extremely capable of sorting through piles of data, this might be true.

      Faster computers and networks allow you to sift through bigger bales of hay in the same time. However, if they give you 0.1% of the haystack as a result with a small haystack, they will give you 0.1% of the haystack as a result with a much bigger haystack, which is less useful.
      Add that the amount of different data types change too, which is where the permutations come in. You now have green hay, yellow hay, straws of various lengths and curvature, and needles made out of different materials, with and without holes.
      To compensate, you need to evolve your queries and understanding of what you ask for and how. The more data types, the more intelligent the query needs to be. And I can't see the average TLA employee assembling intelligent SQL queries based on a broad range of different parameters. People put years and lifetimes into query parsing algorithms; they don't add themselves automatically just because you have more data.

      So I think the net result is that they drown themselves in results and false positives, and become less and less capable of using any of the data other than as after-the-fact "evidence" that they should have discovered beforehand, but didn't. And this is what we see happening.

    14. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      Yet maybe that "Privacy Settings" extension is one of the 10 most popular extensions that leaks info...

    15. Re:You are not anonymous online by Rick+Schumann · · Score: 1

      I understand all that. But I'm not going to give up and make it easy for them. In fact as of about a month or so ago I set about to making it as difficult as possible. Using Tor for everything I can. Paying cash for things I buy in person, so no purchasing history because no plastic use. I haven't used so-called 'social media' in YEARS and have no plans to do so ever again. If they really want to try to build a 'profile' of me based on my paying utility bills online and ordering the occasional (maybe once every month or so) pizza online, they're welcome to try, but it won't be anywhere near accurate, and I use several adblockers so they can't even effectively perpetrate MitM attacks to inject ads to try to sell me things. Most junk email goes directly and automatically into (NUL:) so I never even see it, and the rest gets deleted immediately and it never even registers on my short-term memory. Also, unless things get so bad that they start blackmailing people or something, I don't know what it is they think they're going to do anyway. I'm not married. I have no children. I'm not susceptible to ads in my face. Come at me, bro. :-)

    16. Re:You are not anonymous online by bobbied · · Score: 1

      You are crazy! Hey, I know who you are.. Ted Kaczynski is it? You might consider moving to a cabin in some remote plot of land...

      For some of us, what does it matter, really? I erase my browser cookies and don't use common usernames or passwords for anything important... I also am mindful of putting any personal information in E-mail or on social media sites I might visit..... Not to mention that I don't have much disposable income anyway, so advertisers are spitting in the wind sending me ads....

      But hey, If you want to go crazy about this, have at it. I'll run a TOR node to help..

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    17. Re:You are not anonymous online by Anonymous Coward · · Score: 0

      The haystack grows bigger, and even though the data is there, it becomes permutationally harder to sift through.
      Police investigations have shown this many times now - the data was there, but they couldn't find it until the perpetrator had been identified by other means. And then they call that a success, and use it as a justification for collecting even more data...

      It is dangerous to think like this, as things are changing rapidly. Compute power continues to grow at the same pace as it always has, no matter what some clueless idiots might say about Moore's Law, and machine learning/data mining continues to advance as more money and effort continue to get thrown at it. Soon enough, the less competent types (think local PD) will be able to buy some shit off the shelf, or even just rent somebody's processing power, and all of the work will be done for them.

  3. Which ten browser extensions? by WilliamGeorge · · Score: 4, Insightful

    Already checked the article, and it does not appear to say or link to a list of them. That sort of info would be quite helpful, as a major step toward solving this sort of thing *without needing the government / laws* is to publicize when companies are doing the wrong thing with our data so that people who care about it can stop using them.

    --
    William George
    1. Re:Which ten browser extensions? by Anonymous Coward · · Score: 0

      The DefCon 25 Speaker List doesn't even mention a top 10 extension list.

      Anyone attend the presentation?
      -----
      Dark Data
      Friday at 15:00 in Track 3

      45 minutes
      Svea Eckert NDR
      Andreas Dewes PhD

      A judge with preferences for hard core porn, a police officer investigating a cyber-crime, a politician ordering burn out medication - this kind of very personal and private information is on the market. Get sold to who is willing to pay for.

      In a long time experiment, with the help of some social engineering techniques, we were able to get our hands on the most private data you can find on the internet. Click stream data of three million German citizens. They contain every URL they have looked at, every second, every hour, every day for 31 days. In our talk we will not only show how we got that data, but how you can de-anonymize it with some simple techniques.

      This data is collected worldwide by big companies, whose legal purpose is to sell analytics and insights for marketers and businesses. In the shadow of Google and Facebook, companies have evolved, their names unknown to a broader public but making billions of dollars with your data. The new oil of the 20th century.

      Our experiment shows in a drastic way, what the youngest decision reversing the Broadband Privacy Rule means. What the consequences for everyday life could be, when ISPs are allowed to sell your browsing data. And why that piece of regulation from the FCC was so important regarding privacy and constitutional rights.

      Svea Eckert
      Svea Eckert works as a freelance journalist for Germany's main public service broadcaster "Das Erste" (ARD). She is researching and reporting investigative issues for the PrimeTime news shows and high quality documentaries. Her main focus lies on new technology: computer and network security, digital economics and data protection.

      Bigger projects and documentaries are for example "Superpower Wikileaks?" (ARD), "Facebook - Billion Dollar Business friendship" (ARD), her first book "Monitored and spied out: Prism, NSA, Facebook & Co" and in 2015 "Netwars" (ARD). Svea Eckert studied "Journalism and Communications" and Economics in Hamburg. She completed her journalistic training at NDR, Hamburg and Hannover.

      Twitter: @sveckert
      Website: www.sveaeckert.de

      Andreas Dewes
      Andreas Dewes is a trained physicist with a PhD in experimental quantum computing and a degree in quantitative economics. He has a passion for data analysis and software development. He has received numerous awards for his work on data analysis and his work on data privacy and big data has been featured in the national and international press.

      Twitter: @japh44
      Github: adewes

    2. Re:Which ten browser extensions? by Zocalo · · Score: 1

      The presentation is available (as a 6.2MB PDF) from the Def Con Media server, along with all the other presentations, but it doesn't provide a list either. It does provide some useful insights into how they do it though, which should enable the more clueful to run their own tests. The only plug in I could see that was mentioned was Web of Trust, but without the context of the talk it might only appear to be getting singled out for special attention. Generally speaking though it appears that any extension that is validating URLs against a central source for whatever reason - just as WoT does - is a great source of data that can then be readily mined to provide a unique identity.

      --
      UNIX? They're not even circumcised! Savages!
    3. Re:Which ten browser extensions? by Anonymous Coward · · Score: 0

      I bet it's wildvine, installed by default with a unique key. It also doesn't show up in the add-on list unless you've got 'expert' or 'developer' mode enabled.

    4. Re:Which ten browser extensions? by Anonymous Coward · · Score: 0

      Already checked the article, and it does not appear to say or link to a list of them. That sort of info would be quite helpful, as a major step toward solving this sort of thing *without needing the government / laws* is to publicize when companies are doing the wrong thing with our data so that people who care about it can stop using them.

      I could post the 10 bad extensions for you here, because I know which ones they are referring to. However, Slashdot folks don't seem to appreciate the unsung work of the anonymous. So, no evil-doer name for ya. Nobody but me and my posse will have the info.

    5. Re:Which ten browser extensions? by Anonymous Coward · · Score: 0

      We envy you and your posse. Really.

    6. Re: Which ten browser extensions? by Anonymous Coward · · Score: 0

      Cool story, bro

  4. Which 10 Extension by Anonymous Coward · · Score: 0

    The article doesn't even mention which top 10 popular extension

  5. Wait... by argStyopa · · Score: 5, Funny

    ...does this work on someone browsing in incognito mode??!?!??!?!?!??!!?

    Asking for a friend.

    --
    -Styopa
    1. Re:Wait... by Anonymous Coward · · Score: 0

      Incognito mode does nothing to disable WebRTC or hide your system's font collection or alter your User Agent, etc. It also doesn't mask your public IP address or your DNS lookups.

      It is just a switch to disable browser local history and cookie keeping which is not really all that useful.

    2. Re:Wait... by nine-times · · Score: 3, Informative

      Well insofar as they're saying that they obtained data from browser extensions, incognito mode might help. In Chrome's ingcognito mode, for example, extensions are disabled by default. You have to go into your extensions' settings and check a box that says "Allow in incognito" for them to remain active.

      However, in all honesty, there are other ways that you're being tracked.

    3. Re:Wait... by Anonymous Coward · · Score: 0

      If your "friends" plugins/extensions are still active in incognito mode then I suspect it still works.

    4. Re: Wait... by Anonymous Coward · · Score: 0

      Private/incognito browsing mode matters less than you think.

      It is pretty easy for websites to tell if it is enabled, and fingerprint your browser anyway.

      To see how this is done, go to the EFF's Panopticlick System and look at the detailed fingerprint information it can pull about your browser.

    5. Re:Wait... by known_coward_69 · · Score: 1

      that's only to hide stuff from your wife or girlfriend

    6. Re:Wait... by hyades1 · · Score: 1

      Or both.

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.
    7. Re:Wait... by Anonymous Coward · · Score: 0

      Hello facebook button on every web page!

      If you want to be safe block everything from the GAFA - and enjoy your crippled internet.

    8. Re: Wait... by denis.goddard · · Score: 1

      A toast attributed to Benjamin Franklin: "To our wives and mistresses... may they never meet."

    9. Re:Wait... by Falos · · Score: 1

      All incognito does is stifle some local machine stuff.

      Works good if you're 14 and parents aren't savvy enough to spot your porn. If you have a shared (lolwut) machine. If you think your girlfriend is nosing around in your machine.

      Other than that it's placebo.

    10. Re:Wait... by Anonymous Coward · · Score: 0

      In fact the system I'm using for this post is totally trackable. By design. It is the honeypot. ;)

    11. Re: Wait... by Anonymous Coward · · Score: 0

      Yes - if you see a facebook button on the page, then facebook knows that YOU saw THAT page.

      Simple tools like ublock will get rid of that though. Haven't seen that icon for years, except when seeing other peoples computers. Why would I want to 'like' anything anyway?

    12. Re: Wait... by hyades1 · · Score: 1

      Ben would have been a good guy to know. Bright, loved the ladies, known to take an occasional sip of alcohol...

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.
  6. Adblock Plus by Comboman · · Score: 1

    I don't know about a top 10 list, but the top 1 list should be Adblock Plus. Security conscious users switched to uBlock years ago.

    --
    Support Right To Repair Legislation.
    1. Re:Adblock Plus by DontBeAMoran · · Score: 0

      And those serious about security switched to hosts files.

      APK, can we get more details on that?

      --
      #DeleteFacebook
    2. Re:Adblock Plus by WilliamGeorge · · Score: 1

      Interesting - uBlock.org or uBlock Origin? They appear to be different.

      I dislike when competing things have such similar names, and something similar happened with AdBlock and Adblock Plus as well.

      --
      William George
    3. Re:Adblock Plus by Anonymous Coward · · Score: 0

      Know your developer! Know their site! Vladamir Palant = ABP If you only go by product name you're bound to install malware.

    4. Re:Adblock Plus by Anonymous Coward · · Score: 0

      And those serious about security switched to hosts files.

      New versions of Windows ignore hosts files when they see fit. It is not a suitable protection, nor is it reasonable to blacklist every possible malicious IP.

    5. Re:Adblock Plus by Anonymous Coward · · Score: 0

      Origin. The other fork hasn't been developed since 2015.

  7. Re:But we all already know APK loves moose dick by Anonymous Coward · · Score: 0

    Nah. APK loves him some 3rd-grader dick. All the other paedos think he's one sick motherfucker.

  8. Block advertising by Anonymous Coward · · Score: 0

    People's browsing history is often used to tailor marketing campaigns.

    When I don't use adblocker - iPad's Safari - where I shop AND what I was looking at appears in ad banners on every page I visit.

    And if I were in there shoes, I'd also market the data to government/law enforcement.

    "Buy my service! I track online consumers. You want to know the guy who went to Guns and Ammo, looked at a right wing wacko site, and shopped at Cabella's? Creating dragnet lists since 1999."

    Monetonize that data all I can and get that ROI up.

  9. Just wait until everyone has IPv6 by DeplorableCodeMonkey · · Score: 2

    Then these sites, Facebook, etc. will have absolutely no ambiguity about your identity. Log into Facebook and then load their code on another side and they'll know **exactly** and unambiguously that you visit that site.

    Oh the flip side, even the average US Senator is likely to be so creeped out by that side of IPv6 that we might see privacy-promoting legislation in the US.

    1. Re:Just wait until everyone has IPv6 by WillAffleckUW · · Score: 1

      Um, guy, most sites are already running IPv6, you're just seeing an IPv4 representation of the IPv6 web. We ran out of numbers last decade.

      --
      -- Tigger warning: This post may contain tiggers! --
    2. Re:Just wait until everyone has IPv6 by Anonymous Coward · · Score: 1

      Not true. Not only are there big swaths of the Internet that cannot be reached from an IPv6-only system, most users still use IPv4 exclusively, even if they could technically also use IPv6. We ran out of numbers, but this actually helps privacy. With CGNAT in wide use now, IP addresses reveal very little information about individual users, as each IP-address is shared by many users. Law enforcement is trying to reduce the number of suspects by asking ISPs to make fewer users share a given IP address.

    3. Re:Just wait until everyone has IPv6 by Anonymous Coward · · Score: 0

      No, they just see my tunnel exit node. :)

  10. 10 popular browser extensions by Anonymous Coward · · Score: 0

    No names?! Fuck off!

  11. Correction: untrained anon browsing correlated by WillAffleckUW · · Score: 1

    It's fairly easy to establish and maintain personae on the web, but you have to:

    1. never link to your own activities.
    2. don't use the same search or info services
    3. be disciplined about not using the same phrasing or background sources

    It's one of the first things they teach you in spy school.

    --
    -- Tigger warning: This post may contain tiggers! --
  12. Which 10 extensions? by Anonymous Coward · · Score: 0

    The pair found that 95% of the data they obtained came from 10 popular browser extensions.

    TFA leaves out the most important information in this story: the 10 extensions involved.

    Anyone able to track the info down?

    1. Re:Which 10 extensions? by Anonymous Coward · · Score: 2, Informative

      Well, here's the actual presentation: https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Svea-Eckert-Andreas-Dewes-Dark-Data.pdf

      It appears they opted not to name the extensions.

      Not so helpful.

    2. Re: Which 10 extensions? by Anonymous Coward · · Score: 0

      I was at the talk and they only named one extension ironically called Web of Trust.

      They did say there could be others but they could only ID that one.

    3. Re:Which 10 extensions? by Anonymous Coward · · Score: 0

      Back in the day the names would be all over the thread. Posted anonymously, ya know.

    4. Re: Which 10 extensions? by Anonymous Coward · · Score: 0

      https://www.ghacks.net/2016/11/01/browsing-history-sold/

      Note the publication date

  13. Re: But we all already know APK loves moose dick by Anonymous Coward · · Score: 0

    Actually, most of the paedos also love young dick. There are proportionally WAY more gay paedos than straight paedos. And it only makes news if it's a Catholic priest. The vast majority of these pervs work in public schools or other places where they're close to their victims.

  14. Re: But we all already know APK loves moose dick by Anonymous Coward · · Score: 0

    If you're gay and like kids, find a job in juvenile correction. Guards have the best jobs. Young tail for the asking. And the best part is that nobody gives a shit, but you never get caught anyway because it's their feeble word against yours.

  15. Ok, let's figure it out by Presence+Eternal · · Score: 1

    Logically the extensions they're so coyly mentioning must either deliver telemetry or alter requests so distinctively that they become unprivate. So the suspects should be: 1) Shopping add ons, especially cross site addons. 2) Clipper addons, such as Evernote's. 3) Good old fashioned spyware. What do you mean freecryptosearch is bad? 4) Discovery addons, like stumbleupon. 5) Antivirus addons.

    1. Re:Ok, let's figure it out by Zocalo · · Score: 1

      Having gone through the presentation I linked above, it seems to be anything that might send back the complete URLs that you visit to a central server for any reason. Web of Trust is the only extension they mention specifically, but anything that purports to vet URLs/domains "for your safety" - like many antivirus addons - would seem to be the ones that put you at the greatest risk of this. Basically, they're looking at matching data in URLs visited with things like YouTube playlists, social media posts, and so on, then looking to see which is the only "anonymous" user that matches the most entries on a given playlist.

      --
      UNIX? They're not even circumcised! Savages!
  16. Here is the actual Defcon presentation by Anonymous Coward · · Score: 0

    Voila.

    https://media.defcon.org/DEF%2...

    I suspect video will be available soon...

  17. Re: But we all already know APK loves moose dick by Anonymous Coward · · Score: 0

    Seems you thought this scenario out on your own time. You just snitched on yourself.

  18. Bad-ass Researcher Name by cloud.pt · · Score: 2

    Martin Fuchs is the name of one of the researchers. He should have to pay extra to have such a cool name at a conference like Def Con. Not a single Fuchs was given about naming the 10 extensions though. They do mention that 10.000 more extension versions (?) are affected by such problems, so I guess it doesn't really matter. We all dun Fuchs'd.

    1. Re:Bad-ass Researcher Name by Anonymous Coward · · Score: 0

      His surname is literally the German word for Fox.

  19. Re: But we all already know APK loves moose dic by Anonymous Coward · · Score: 0

    Oh golly, no. I'm not gay or a pedophile. But if I were, that's the job I would take. As someone who knows people who were in juvi when they were kids, I think the witness testimony is pretty sound.

  20. APK Hosts File Engine 9.0++ 32/64-bit by Anonymous Coward · · Score: 0

    Better in efficiency + ability vs. browser addons -> APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    Ads/script & malware rob speed/security/privacy

    Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

    Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

    Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

    * Via what u NATIVELY have in the FASTER kernelmode IP stack!

    APK

    P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

  21. You can be pretty incognito by Kludge · · Score: 1

    You can judge how incognito you are by examining the advertisements are on the pages you visit. For example, if you are browsing around to buy a chain saw on Amazon, and you later get an ad for chainsaws when you are watching a video on youtube or a porn site, you are not incognito.
    Sometimes I look at the advertisements that my wife gets. They are all for woman things-- clothes, shoes, meds, etc. She is totally tracked.
    To avoid this I use
    1. javascript blockers
    2. ad blockers
    3. user agent changers
    4. random VPNs
    5. different browsers for different web sites. I use 3 different browsers for different levels of browsing: A. credit card and banking use, B. everyday browsing, and C. the highly questionable stuff.

    Based on the mostly random rare ads that I see, I am pretty certain that no one can piece together everything that I do.

  22. Stop it cold MINUS extensions use by Anonymous Coward · · Score: 0

    Better in efficiency + ability vs. browser addons -> APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    Ads/script & malware rob speed/security/privacy

    Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

    Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

    Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

    * Via what u NATIVELY have in the IP stack in FASTER kernelmode!

    APK

    P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

  23. one more good one by Kludge · · Score: 1

    6. Set your browsers to wipe cookies and other web site data when you log out.

    1. Re:one more good one by Gr8Apes · · Score: 1

      I don't do 4 often as it slows things down too much, but 5 and 6 definitely. 6 ended the ads following me, at least until the next time you log into amazon or google (or, I guess, facebook or see what prez tweety burped today) it's pretty interesting to see when those ads come back. I block several of google, facebook, and twitter domains, so the amount of ads I see and that track me are pretty low.

      --
      The cesspool just got a check and balance.
    2. Re: one more good one by Anonymous Coward · · Score: 0

      There's already an add on that does that called Self Destructing Cookies, I use it in Firefox I don't about if it's available in Chrome

  24. What about tracker blockers? by fasuin · · Score: 1

    In case you are interested, other researchers have compared popular tracker blockers in a recent paper titled "Benchmark and Comparison of Tracker-blockers: Should You Trust Them?". Results shows that your mileage may vary, with some plugins performing overall quite poorly. Here is the link to the conference program and here the PDF of the paper.

    1. Re:What about tracker blockers? by Anonymous Coward · · Score: 0

      In case you are interested, other researchers have compared popular tracker blockers in a recent paper titled "Benchmark and Comparison of Tracker-blockers: Should You Trust Them?". Results shows that your mileage may vary, with some plugins performing overall quite poorly. Here is the link to the conference program and here the PDF of the paper.

      BTW, that PDF reports tests on uBlock, whereas uBlock Origin is the current actively supported program. New users should not be confused.

  25. I LOL'd by Trax3001BBS · · Score: 1

    That's a hard project. Should of just logged into the Usenet where everything is hidden in plain site.

  26. THIS by XSportSeeker · · Score: 2

    THIS is the sort of stuff privacy advocates should be doing everywhere.

    You pick some key politicians, some judges, and some sensitive public services and show how damaging exposing information of them can be from readily available and already working services and we'll see how willingly government will start moving towards less privacy erosion and a renewed fight against personal data collection.

    Security also goes that way. It's because these people live in a bubble that they don't care about anything of public interest.

    1. Re:THIS by Anonymous Coward · · Score: 0

      No. Their response will be to add laws making spying on THEM illegal. So you out a judge and SWAT descends on your home and you get dragged out in your underwear on the evening news.
      Someone outs you and your name appears along with hundreds of others on the evening news's web site for your girlfriend to find.
      Soon THEY will have a special secured network and yours will be crawling with TLA operatives.

  27. their web site by aepervius · · Score: 1

    https://sveaeckert.de/2016/bui...

    It seems they have been at it since december 2016, and this month was their results.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  28. Re:This stops it cold MINUS extensions by Anonymous Coward · · Score: 0

    I actually tried this just to humor you and it's no different from looking up a hosts file on pastebin and pasting it in yourself.

  29. Well aware of Google searches by Rick+Schumann · · Score: 1

    I use Tor for everything I can, and I use a plugin that 'cleans' Google search links so that they aren't able to track my clicking on them. Effective against Google?