The internet is no longer the anonymous playground it was, or seemed to be, since its inception. Svea Eckert, a journalist, teamed with data scientist Andreas Dewes to expose how easy it is to uncover a person’s entire browsing history. The results were chilling.
The Guardian reports that the pair revealed the results of their study at the Def Con hacking conference in Las Vegas.
They secured a database containing 3bn URLs from three million German users, spread over 9m different sites. Some were sparse users, with just a couple of dozen of sites visited in the 30-day period they examined, while others had tens of thousands of data points: the full record of their online lives.
The process was easier than expected. Eckert and Dewes created a fake marketing company, with a website and a LinkedIn page, and even decorated it with workplace photos and buzzwords. Then, they went to almost 100 companies asking for raw data, to “test a hypothetical AI advertising platform.”
It did not take very long before a data broker gave them all they could ever want, for free. The information was anonymous, but Dewes was able to zero in on individuals:
For instance, anyone who visits their own analytics page on Twitter ends up with a URL in their browsing record which contains their Twitter username, and is only visible to them. Find that URL, and you’ve linked the anonymous data to an actual person.
They can also reasonably assume your identity, based on just 10 URLs, in a process called “fingerprinting”:
Just think, for instance, of how few people there are at your company, with your bank, your hobby, your preferred newspaper and your mobile phone provider.
According to Dewes, the data received comes from a number of browser plugins. Ironically, one of the biggest offenders is a tool called Web of Trust, which is meant to protect your computer from unwanted viruses. Since the publication of Dewes and Eckert’s findings, the company has updated their privacy policy to acknowledge that they sell data.
And today we celebrate...