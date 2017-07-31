It Is Easy To Expose Users' Secret Web Habits, Say Researchers (bbc.com) 45
An anonymous reader shares a BBC report: Two German researchers say they have exposed the porn-browsing habits of a judge, a cyber-crime investigation and the drug preferences of a politician. The pair obtained huge amounts of information about the browsing habits of three million German citizens from companies that gather "clickstreams." These are detailed records of everywhere that people go online. The researchers argue such data -- which some firms scoop up and use to target ads -- should be protected. The data is supposed to be anonymised, but analysis showed it could easily be tied to individuals. People's browsing history is often used to tailor marketing campaigns. The results of the research by Svea Eckert and Andreas Dewes were revealed at the Def Con hacking conference in Las Vegas this weekend. The pair found that 95% of the data they obtained came from 10 popular browser extensions. "What these companies are doing is illegal in Europe but they do not care," said Ms Eckert, adding that the research had kicked off a debate in Germany about how to curb the data gathering habits of the firms.
Which browser extensions? (Score:1)
The pair found that 95% of the data they obtained came from 10 popular browser extensions.
I can't even name 10 popular browser extensions. I didn't think the muggles installed extensions.
Re: (Score:2)
Re: (Score:2)
Yeah...why didn't they list the 10 most dangerous extensions...??
To not make themselves targets of civil lawsuits, I would imagine.
Re: (Score:2)
Youtube downloaders?
Step 1. Disable CSS
Step 2. Scroll to the video
Step 3. Right-click and select "Save video as..."
Done.
You are not anonymous online (Score:3)
Re: (Score:2)
You don't have to be perfectly anonymous. You just have to be more anonymous than the effort someone wants to go through to do so.
Or, in some cases, more anonymous than his neighbor. Making sure you're not low hanging fruit goes a long way.
In one way, the boundless data collection is an improvement on the lower volume and better targeted data collection we had before. The haystack grows bigger, and even though the data is there, it becomes permutationally harder to sift through.
Police investigations have shown this many times now - the data was there, but they couldn't find it until the perpetrator had been identified by other mean
Re: (Score:2)
This. You're not throwing one wrench at one machine.
You're spewing whatever you can at an invisible army who are all using a thousand different sets of conditions, scopes, techniques etc. and you usually can't tell what sticks. It doesn't matter, throw anyway, if only for the principle of it.
Being less harvestable than the Next Guy may also help, as sister post mentions.
Re: (Score:2)
"Data can be useful or anonymous, but never both" - Paul Ohm
And Paul is not just anyone, he has done a lot of research and publications about privacy.
This does not come as a surprise for anyone that has not ignored privacy issues the last couple of decades. There are countless examples of the fallacy of we can just "anonymize" data and then there are no longer any privacy problems, like AOL search data leak [wikipedia.org], 87% of USA's population is uniquely identified by birth date, sex and postal number/zip code [dataprivacylab.org] (backstory [arstechnica.com]), etc.
Which ten browser extensions? (Score:2)
Already checked the article, and it does not appear to say or link to a list of them. That sort of info would be quite helpful, as a major step toward solving this sort of thing *without needing the government / laws* is to publicize when companies are doing the wrong thing with our data so that people who care about it can stop using them.
Adblock Plus (Score:2)
Re: (Score:2)
And those serious about security switched to hosts files.
APK, can we get more details on that?
Re: (Score:2)
Interesting - uBlock.org or uBlock Origin? They appear to be different.
I dislike when competing things have such similar names, and something similar happened with AdBlock and Adblock Plus as well.
Re: (Score:2)
Ok, let's figure it out (Score:2)
Wait... (Score:4, Funny)
...does this work on someone browsing in incognito mode??!?!??!?!?!??!!?
Asking for a friend.
Re:Wait... (Score:4, Informative)
Well insofar as they're saying that they obtained data from browser extensions, incognito mode might help. In Chrome's ingcognito mode, for example, extensions are disabled by default. You have to go into your extensions' settings and check a box that says "Allow in incognito" for them to remain active.
However, in all honesty, there are other ways that you're being tracked.
Re: (Score:2)
that's only to hide stuff from your wife or girlfriend
Re: (Score:2)
Or both.
Just wait until everyone has IPv6 (Score:2)
Then these sites, Facebook, etc. will have absolutely no ambiguity about your identity. Log into Facebook and then load their code on another side and they'll know **exactly** and unambiguously that you visit that site.
Oh the flip side, even the average US Senator is likely to be so creeped out by that side of IPv6 that we might see privacy-promoting legislation in the US.
Re: (Score:1)
Um, guy, most sites are already running IPv6, you're just seeing an IPv4 representation of the IPv6 web. We ran out of numbers last decade.
Re: (Score:1)
Not true. Not only are there big swaths of the Internet that cannot be reached from an IPv6-only system, most users still use IPv4 exclusively, even if they could technically also use IPv6. We ran out of numbers, but this actually helps privacy. With CGNAT in wide use now, IP addresses reveal very little information about individual users, as each IP-address is shared by many users. Law enforcement is trying to reduce the number of suspects by asking ISPs to make fewer users share a given IP address.
Correction: untrained anon browsing correlated (Score:1)
It's fairly easy to establish and maintain personae on the web, but you have to:
1. never link to your own activities.
2. don't use the same search or info services
3. be disciplined about not using the same phrasing or background sources
It's one of the first things they teach you in spy school.