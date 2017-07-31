Follow Slashdot stories on Twitter

 


It Is Easy To Expose Users' Secret Web Habits, Say Researchers (bbc.com) 45

An anonymous reader shares a BBC report: Two German researchers say they have exposed the porn-browsing habits of a judge, a cyber-crime investigation and the drug preferences of a politician. The pair obtained huge amounts of information about the browsing habits of three million German citizens from companies that gather "clickstreams." These are detailed records of everywhere that people go online. The researchers argue such data -- which some firms scoop up and use to target ads -- should be protected. The data is supposed to be anonymised, but analysis showed it could easily be tied to individuals. People's browsing history is often used to tailor marketing campaigns. The results of the research by Svea Eckert and Andreas Dewes were revealed at the Def Con hacking conference in Las Vegas this weekend. The pair found that 95% of the data they obtained came from 10 popular browser extensions. "What these companies are doing is illegal in Europe but they do not care," said Ms Eckert, adding that the research had kicked off a debate in Germany about how to curb the data gathering habits of the firms.

  • Which browser extensions? (Score:1)

    by Anonymous Coward

    The pair found that 95% of the data they obtained came from 10 popular browser extensions.

    I can't even name 10 popular browser extensions. I didn't think the muggles installed extensions.

    • Yeah...why didn't they list the 10 most dangerous extensions...??

      • Re: (Score:2)

        by arth1 ( 260657 )

        Yeah...why didn't they list the 10 most dangerous extensions...??

        To not make themselves targets of civil lawsuits, I would imagine.

  • You are not anonymous online (Score:3)

    by bobbied ( 2522392 ) on Monday July 31, 2017 @12:09PM (#54913745)
    Despite the appearance or how hard you try, you are NOT anonymous online. You may be harder to trace than the next person, but you are not able to totally hide. Increasingly, with the advent of "big data" and "data mining", smart people are going to make inroads in tracing every jot and tittle of what you do. The question is only about where the data collection is happening that drives this data mining effort.

    • "Data can be useful or anonymous, but never both" - Paul Ohm

      And Paul is not just anyone, he has done a lot of research and publications about privacy.

      This does not come as a surprise for anyone that has not ignored privacy issues the last couple of decades. There are countless examples of the fallacy of we can just "anonymize" data and then there are no longer any privacy problems, like AOL search data leak [wikipedia.org], 87% of USA's population is uniquely identified by birth date, sex and postal number/zip code [dataprivacylab.org] (backstory [arstechnica.com]), etc.

  • Already checked the article, and it does not appear to say or link to a list of them. That sort of info would be quite helpful, as a major step toward solving this sort of thing *without needing the government / laws* is to publicize when companies are doing the wrong thing with our data so that people who care about it can stop using them.

    • I don't know about a top 10 list, but the top 1 list should be Adblock Plus [medium.com]. Security conscious users switched to uBlock years ago.

      • And those serious about security switched to hosts files.

        APK, can we get more details on that?

      • Interesting - uBlock.org or uBlock Origin? They appear to be different.

        I dislike when competing things have such similar names, and something similar happened with AdBlock and Adblock Plus as well.

    • Logically the extensions they're so coyly mentioning must either deliver telemetry or alter requests so distinctively that they become unprivate. So the suspects should be: 1) Shopping add ons, especially cross site addons. 2) Clipper addons, such as Evernote's. 3) Good old fashioned spyware. What do you mean freecryptosearch is bad? 4) Discovery addons, like stumbleupon. 5) Antivirus addons.

  • Wait... (Score:4, Funny)

    by argStyopa ( 232550 ) on Monday July 31, 2017 @12:16PM (#54913797) Journal

    ...does this work on someone browsing in incognito mode??!?!??!?!?!??!!?

    Asking for a friend.

  • Then these sites, Facebook, etc. will have absolutely no ambiguity about your identity. Log into Facebook and then load their code on another side and they'll know **exactly** and unambiguously that you visit that site.

    Oh the flip side, even the average US Senator is likely to be so creeped out by that side of IPv6 that we might see privacy-promoting legislation in the US.

    • Um, guy, most sites are already running IPv6, you're just seeing an IPv4 representation of the IPv6 web. We ran out of numbers last decade.

      • Re: (Score:1)

        by Anonymous Coward

        Not true. Not only are there big swaths of the Internet that cannot be reached from an IPv6-only system, most users still use IPv4 exclusively, even if they could technically also use IPv6. We ran out of numbers, but this actually helps privacy. With CGNAT in wide use now, IP addresses reveal very little information about individual users, as each IP-address is shared by many users. Law enforcement is trying to reduce the number of suspects by asking ISPs to make fewer users share a given IP address.

  • It's fairly easy to establish and maintain personae on the web, but you have to:

    1. never link to your own activities.
    2. don't use the same search or info services
    3. be disciplined about not using the same phrasing or background sources

    It's one of the first things they teach you in spy school.

