In their Defcon 25 presentation, "Dark Data", journalist Svea Eckert and data scientist Andreas Dewes described how easy it was to get a massive trove of "anonymized" browsing habits (collected by browser plugins) and then re-identify the people in the data-set, discovering (among other things), the porn-browsing habits of a German judge and the medication regime of a German MP.
The pair were making a point about the ease of "re-identification" attacks on data-sets that have been "anonymized," a very active field, that is especially relevant because the EU's strict data-handling rules can be bypassed if you "anonymize" your data.
The data they were eventually given came, for free, from a data broker, which was willing to let them test their hypothetical AI advertising platform. And while it was nominally an anonymous set, it was soon easy to de-anonymise many users.
Dewes described some methods by which a canny broker can find an individual in the noise, just from a long list of URLs and timestamps. Some make things very easy: for instance, anyone who visits their own analytics page on Twitter ends up with a URL in their browsing record which contains their Twitter username, and is only visible to them. Find that URL, and you’ve linked the anonymous data to an actual person. A similar trick works for German social networking site Xing.
For other users, a more probabilistic approach can deanonymise them. For instance, a mere 10 URLs can be enough to uniquely identify someone – just think, for instance, of how few people there are at your company, with your bank, your hobby, your preferred newspaper and your mobile phone provider. By creating “fingerprints” from the data, it’s possible to compare it to other, more public, sources of what URLs people have visited, such as social media accounts, or public YouTube playlists.
'Anonymous' browsing data can be easily exposed, researchers reveal
Writer and data journalist Kevin Litman-Navarro subjected 150 privacy policies from leading online services to programmatic analysis for complexity (the Lexile test), and found them to be an incomprehensible mess second only to Kant's Critique of Pure Reason in their lack of clarity.
The Great State of Maine, having jettisoned its far-right lunatic "government" and replaced it with a responsive, progressive, evidence-based one, is now set to pass the nation's most stringent ISP privacy law, going further than both New York and California.
In 2012, Facebook settled an FTC privacy investigation by promising a host of privacy protections (that they never delivered on); now, the FTC is probing Facebook's noncompliance and they've demanded that the company let them look at Zuck's email, which prompted the company's legal team to have a look therein, and they really didn't like […]
Even if you feel like AirPods are worth the price tag, you’ve got to admit there’s a certain anxiety that comes with using them. What if I lose them? What if they get wet in the rain? Or drenched in sweat? Or fall into the drink you dropped them into? Shiny tech is great, but […]
With the quick-fix appeal of video games and their own cell phones, it can be tough to keep kids focused on supposedly “educational” toys. And while it may seem counter-intuitive to fight tech with more tech, we’re all in when it comes to the Toybox 3D Printer. We’re not sure if anyone had envisioned a […]
Whether you’re an artist, designer or just organizing a photo album, photo editing software is a must. And software designers know it: Platforms like Photoshop and Lightroom have a ton of helpful features, but you’ll pay for them in spades. Luckily, there’s some competition in the photo editing arena. Right now, Skylum’s Luminar software is […]