In the study “Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiableness of Web Browsing Histories” three Mozilla employees, Sarah Bird, Ilana Segall and Martin Lopatka, attempted to uniquely identify users based on analysis of their browsing history as it is accessed by websites and advertising services.
They replicated and expanded what was presented in a previous document from 2012 "“Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns”. In this paper A method for identifying users' browsing profiles by analyzing browsing histories was presented, and it was emphasized how these profiles maintain their uniqueness over time.
The three researchers reproduced the results and extended this original work, updating and extending it using a much more precise database. This work used anonymous browsing data provided by 52,000 Firefox browser users over a two-week period.
At the end of the analysis, the three employees were able to uniquely identify the 99% of the users, equal to 48,919 distinct browsing profiles.
I was struck by the fact that such a large database is not necessary to obtain interesting results; rather, it may be sufficient to limit the analysis to the 50-150 domains preferred and most frequently visited by the user.
Finally, it is emphasized that numerous third-party actors, analytics companies, and online advertisers, already use browsing history, gathered from multiple sources, as a way to accurately profile users and more effectively target advertising.
Both are available video both the slide of work presentation.
Returning to the OSINT field, I am wondering what the impact of this type of profiling in the Operational security of an OSInt Analyst.
Even with all the limitations involved, what data could be obtained if we decided to "study" the behavior of users who visit certain websites? honeypot artfully created (blogs about OSInt, or sites that talk about specific police forces, etc.)?
How accurate could the data obtained be?
What use could I make of it? fingerprint so precise?
Leave a Reply