PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Indiscrete web browsers assist de-anonymisation

Posted on February 2, 2010July 3, 2025 by Dissent

A test on browser fingerprinting by the Electronic Frontier Foundation (EFF) has shown how uniquely identifiable a user’s browser is on the web. What that test is unable to do is to identify individual users. This, however, is the goal of an experiment by the International Secure Systems Lab (Isec Lab). Originally founded by the Vienna University of Technology (TUV), Isec Lab is now a collaborative venture between TUV, Eurécom and the University of California in Santa Barbara. The test makes use of Xing, a platform widely-used in Europe on which many millions of users have published profiles.

The test essentially exploits the fact that many Xing users are identifiable by their membership of various groups. According to Thorsten Holz, one of the researchers who designed the experiment, there are very few people on any social network who belong to exactly the same groups. A ‘group fingerprint’ could thus allow websites to identify previously anonymous visitors.

[…]

Gilbert Wondracek, Thorsten Holz, Engin Kirda and Christopher Kruegel describe the principles of the test in full in “A Practical Attack to De-Anonymize Social Network Users“. The paper also describes practical remedies for protecting against this kind of de-anonymisation attack, all of which are aimed at hampering history stealing. On the server-side, operators could insert random tokens into URLs, making it much more difficult to probe URLs at a later date. Client-side, users can block access to browser history by, for example, visiting certain sites in incognito mode, using protective plug-ins such as NoScript for Firefox or regularly clearing their history.

Read more on The H Security.

No related posts.

Category: Online

Post navigation

← Seven “Corporations of Interest” in Selling Surveillance Tools to China
Virgin Media battles privacy campaigners on P2P monitoring →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • California Attorney General Announces $1.55M CCPA Settlement with Healthline.com
  • Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance
  • Wiretap Suits Pit Old Privacy Laws Against New AI Technology
  • Action against tiny Scottish charity sparks huge ICO row
  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders

RSS Recent Posts on DataBreaches.net

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy