Results 1 to 6 of 6

Thread: So, you think you're surfing the web anonymously? Think again...

  1. #1
    Let sleeping tigers lie Khendraja'aro's Avatar
    Join Date
    Jan 2010
    Location
    In the forests of the night
    Posts
    6,238

    Default So, you think you're surfing the web anonymously? Think again...

    http://www.iseclab.org/papers/sonda-TR.pdf

    Page might be DDOS'ed due to massive interest

    The abstract:

    Abstract—Social networking sites such as Facebook,LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data. In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, we show that information about the group memberships of a user (i.e.,the groups of a social network to which a user belongs) is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates. To determine the group membership of a user, we leverage well-known web browser history stealing attacks. Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors.
    The implications of our attack are manifold, since it requires a low effort and has the potential to affect millions of social networking users. We perform both a theoretical analysis and empirical measurements to demonstrate the feasibility of our attack against Xing, a medium-sized social network with more than eight million members that is mainly used for business relationships. Our analysis suggests that about 42% of the users that use groups can be uniquely identified, while for 90%,we can reduce the candidate set to less than 2,912 persons.Furthermore, we explored other, larger social networks and performed experiments that suggest that users of Facebook and LinkedIn are equally vulnerable (although attacks would require more resources on the side of the attacker). An analysis of an additional five social networks indicates that they are also prone to our attack.
    A different angle of attack than I thought, but highly interesting nonetheless.
    When the stars threw down their spears
    And watered heaven with their tears:
    Did he smile his work to see?
    Did he who made the lamb make thee?

  2. #2
    I don't have time to find it but there was also an article on Slashdot, and Gizmodo detailing how cookies are no longer necessary to track browsing behavior either. Going solely by information that can be queried from your machine, such as operating system, its version, your browser, its version, installed browser plug-ins, system fonts, etc. a unique id of your particular machine can be built, like a finger print. This Website employs the methods mentioned above to show you this effect.

    With Khen's article though it should just make it more evident that you shouldn't be sharing certain information through social networking sites that you wouldn't want everyone to have access to or see.
    . . .

  3. #3
    The article(s) Illusion is talking about link to a new site the EFF launched that shows how much information your computer sends out while you're surfing around....

    https://panopticlick.eff.org/


    Attach that info to a single social profile, and you have a marketing or ID theft gold mine. Great time for Facebook to radically change its privacy policies so that far more information is public by default.

  4. #4
    Quote Originally Posted by Ominous Gamer View Post
    Attach that info to a single social profile, and you have a marketing or ID theft gold mine. Great time for Facebook to radically change its privacy policies so that far more information is public by default.
    To be quite honest I don't think Zuckenberg gives a damn. If it were either legal, or he could get away with it, and was given the right price, I'm sure he'd sell everyone's information on the site regardless of content. He seems to be a fan of the "What do you have to hide?" line of reasoning, and also seems to believe that regardless of what privacy rules you've setup using their site you shouldn't post data you don't want everyone to see...while ignoring the fact that the reason we have to worry about this is because of how he/his company runs the site, not because of technological limitations.
    . . .

  5. #5
    Does this mean anything for this forum, what we post or what our profile info says?

  6. #6
    Interesting, my browser etc info is unique from all tested by that site. Seems its the browser plugin details that makes it unique, surprised the browser gives out so much info on plugin details

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •