Your private browsing history is far from private, researchers find


If you think you have covered your tracks online by searching the web using incognito or private mode, then think again.

Computer scientists at Princeton and Stanford Universities have discovered it is possible for companies to track your online activity from information you have posted on your social media accounts.

The research once again brings the issue of online privacy to the fore, and adds to the increasing ways third parties are able to track individual web users via their online activity.

Ahead of a presentation at the 2017 World Wide Web Conference in Perth, Australia, researchers revealed their findings in a study called De-anonymizing Web Browsing Data with Social Networks.

“We show that browsing histories can be linked to social media profiles such as Twitter, Facebook or Reddit accounts,” they explained.

Privacy mode, also known as incognito mode on web browsers disables your browsing history and clears your web cache.

This means that you can search the web in relative anonymity and that no data on the sites you visit are stored locally on your device.

However, researchers discovered that by using specially designed algorithms they were able to match patterns in anonymised web traffic data to identify then match it to user’s social media accounts.

Researchers said their algorithms compared the ‘private’ browsing history with links posted on unprotected or public social media accounts. When the algorithms found a pattern in the data, users could easily be identified.

Researchers went on to say that companies with access to web browsing data could easily identify people from their social media accounts.

Arvind Narayanan, an assistant professor of computer science at Princeton, who help to compile the study said: “Users may assume they are anonymous when they are browsing a news or a health website, but our work adds to the list of ways in which tracking companies may be able to learn their identities.”

“We show— theoretically, via simulation, and through experiments on real user data—that de-identified web browsing histories can be linked to social media profiles using only publicly available data,” he added.

“Our approach is based on a simple observation: each person has a distinctive social network, and thus the set of links appearing in one’s feed is unique.

“Assuming users visit links in their feed with higher probability than a random user, browsing histories contain tell-tale marks of identity,” he added.

“We evaluate this strategy on simulated browsing histories, and show that given a history with 30 links originating from Twitter, we can deduce the corresponding Twitter profile more than 50 per cent of the time.”

“Since our attack attempts to find the correct Twitter profile out of over 300 million candidates, it is—to our knowledge—the largest scale demonstrated de-anonymisation to date.”

H/T: Komando


Comments are closed.