×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

De-Anonymizing Social Network Users

kdawson posted more than 4 years ago | from the know-what-groups-you-joined-last-summer dept.

Privacy 88

An anonymous reader writes "The H has an article about some researchers who found a new way to de-anonymize people. Compared to the EFF's Panopticlick, the goal of this experiment is not to identify a user's browser uniquely, but to identify individual users. The test essentially exploits the fact that many social network users are identifiable by their membership of various groups. According to the researchers, it's very unlikelly that two people on any social network will belong to exactly the same groups. A 'group fingerprint' can thus allow websites to identify previously anonymous visitors. They describe the setup and all details and the results look very interesting. They also have a live demo for the social network Xing that was able to de-anonymize me."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

88 comments

First Post (1, Insightful)

Ethanol-fueled (1125189) | more than 4 years ago | (#30992406)

Fuck social networks.

why is that modded offtopic? (2, Insightful)

Adolf Hitroll (562418) | more than 4 years ago | (#30992806)

It obviously hit the nail quick and straight on the head. ...I d' add: "social networks fuck" as they do have a very negative impact upon one's social life IRL.

Maybe some mod is being to sensitive about short first posts. I hope he knows not to act that stupidly IRL (though I higly doubt it).

Re:why is that modded offtopic? (1)

PawNtheSandman (1238854) | more than 4 years ago | (#30994856)

I disagree.. Social networking is great. IE: Facebook is great tool for reconnecting (having sex with) old friends from years past. It has had a very positive impact upon my social life IRL.

An anonymous reader? (5, Funny)

Tyir (622669) | more than 4 years ago | (#30992432)

Probably not so anonymous anymore!

Re:An anonymous reader? (0)

Anonymous Coward | more than 4 years ago | (#30994766)

Missed out on years of mod points all for nothing.

Signed, your pal,
Harry Mann
123 Maple Street
Biloxi, Mississippi

Take a right turn at the old dead stump. It's the house facing the street with the porch on the front, not the house facing away with the porch on the back, that's Mel's place.

Re:An anonymous reader? (0)

Anonymous Coward | more than 4 years ago | (#30994942)

Can they de-anonymize Anonymous Coward?

Re:An anonymous reader? (0)

Anonymous Coward | more than 4 years ago | (#30994988)

That would involve programming changes, and this being Slashdot, we all know that means it'll never happen.

Nothing new (3, Insightful)

stephanruby (542433) | more than 4 years ago | (#30992434)

There is nothing new about this. This is what any human being (a PI, or a stalker) would intuitively try to do. This is just streamlining and automating that process.

Re:Nothing new (4, Insightful)

AHuxley (892839) | more than 4 years ago | (#30992650)

IP can change, country can change, name can change.
But if your the user with a Mac, version 2.0.1b of a browser posting to a small interest section, this would be great to find you again and your new set of friends.
Thats why you never go back to the same sites if people are interested in you.

Re:Nothing new (1)

Hurricane78 (562437) | more than 4 years ago | (#31027460)

Thats why you never go back to the same sites if people are interested in you.

Only on Slashdot is this not modded as “Funny”...

Misleading description of what they're doing (1, Informative)

Anonymous Coward | more than 4 years ago | (#30992446)

A more accurate one, if I am RTFA right, is "by trawling through the browser history of visitors to a site it is possible to distinguish one from another so long as the user uses and regularly visits the group pages of select social networking sites and never clears their history". At most it seems to allow them to compare the "groups" pages you have visited on, say, Facebook and possibly identify which FB user you are using that information.

I see nothing to suggest that this helps them to identify who you actually are in meatspace unless you supply those details on your public Facebook page.

Solution: Never join any groups (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30992454)

Just try to de-anonymize the antisocial network!

Re:Solution: Never join any groups (0)

Anonymous Coward | more than 4 years ago | (#30992540)

Better yet, never join any social networks.

No Groups (0)

Anonymous Coward | more than 4 years ago | (#30992468)

people like myself who belong to no groups would like to say go fuck yourself.

Can I get a big who cares? (3, Interesting)

Eskarel (565631) | more than 4 years ago | (#30992480)

So basically if

  1. An attacker indexes the entire user list and group memberships of a social networking sites.
  2. You regularly visit a large number of the groups you belong to on said social networking site so that their url paths are in your history.
  3. You're the only person who uses your PC to log onto said social networking site.
  4. You visit a malicious website using this technique.

then an attacker might be able to work out the name you use on that social networking site?

Why would anyone bother. Indexing facebook would take quite a bit of time and resources and at the end of it you'd have something which might or might not be someones real name. Even if it is their real name, what exactly are you going to do with it? So you've unmasked(maybe) the name(maybe) of someone who visited your site. It's not going to give you anything else useful unless you combine it with some other attack vector which could quite easily pick up their real name for free anyway.

I suppose you could use it to set up a honey pot site for people with certain beliefs or interests and use it to accumulate a list of people with those beliefs or interests, but to be honest, you'd probably do better social engineering their ISP to get their account details.

Re:Can I get a big who cares? (2, Informative)

AHuxley (892839) | more than 4 years ago | (#30992684)

It could be about the connections. If you get an ip and raid a house you get 1 person and a clean computer. They alert their friends and its all over.
With this you get the friends of friends and their interests.
The ability to play an eco nut, poker fan, open source gamer or other 'lifestyle' undercover is very tempting.
Over time they build a relationship and might get invited in.

Re:Can I get a big who cares? (3, Insightful)

Anonymous Coward | more than 4 years ago | (#30992694)

I suppose you could use it to set up a honey pot site for people with certain beliefs or interests and use it to accumulate a list of people with those beliefs or interests

You mean, like, a social networking site?

Uh, no thanks... (4, Funny)

creimer (824291) | more than 4 years ago | (#30992490)

I prefer not to de-anatomized all the Anonymous Cowards. Neutered them, sure. Let's leave it at that.

Re:Uh, no thanks... (0)

Anonymous Coward | more than 4 years ago | (#30992768)

No no you will not neuter me you bastar... aaaaaarrrrrrgggghhhhhh

Re:Uh, no thanks... (1)

Fred_A (10934) | more than 4 years ago | (#30993670)

I prefer not to de-anatomized all the Anonymous Cowards.

I think it's time anonymous users were de-anathemized.

Summary is wrong; idea is worthless (4, Insightful)

michaelmalak (91262) | more than 4 years ago | (#30992530)

The summary is incorrectly worded. It should read "Contrasted with the EFF's..."

But worse than that, the paper itself is horribly written, especially the abstract. The threat presented is not de-anonymization within the social network (since usually most profiles are real people anyway) but rather de-anonymization of visitors to arbitrary websites if those visitors also have social networking URLs in their browser history.

Now, the big privacy hole here is browser history stealing [blogspot.com], which is four years old. All this paper does is refine this mountain of privacy-invading information using social networking URLs that might be found there.

Re:Summary is wrong; idea is worthless (1, Informative)

Anonymous Coward | more than 4 years ago | (#30992696)

History stealing is even older than Jeremiah Grossman's blog posting, he also simply copied the idea: this design flaw was reported in bug tracking system of Mozilla (Netscape) back in 2000, the longest discussion in the system is from 2002 (http://bugzilla.mozilla.org/show_bug.cgi?id=147777 [mozilla.org]).

If you read the article, they clearly state that history stealing is a well-known technique, they just use it in a different setting to be able to find out the "group fingerprint".

Re:Summary is wrong; idea is worthless (1)

ArsenneLupin (766289) | more than 4 years ago | (#30994368)

the longest discussion in the system is from 2002 (http://bugzilla.mozilla.org/show_bug.cgi?id=147777 [mozilla.org]).

Actually, an even earlier discussion can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=57351 [mozilla.org]. And that one is probably not the oldest one either...

Re:Summary is wrong; idea is worthless (0)

Anonymous Coward | more than 4 years ago | (#30994478)

the longest discussion in the system is from 2002 (http://bugzilla.mozilla.org/show_bug.cgi?id=147777 [mozilla.org]).

Actually, an even earlier discussion can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=57351 [mozilla.org]. And that one is probably not the oldest one either...

I wrote longest discussion. Furthermore, I pointed out that one of the first entries in Bugzilla was back in 2000, actually I meant exactly the link you provided. Thus your comment is superfluous, please read my reply again.

Re:Summary is wrong; idea is worthless (2, Insightful)

pipatron (966506) | more than 4 years ago | (#30992798)

Which is why browsing with NoScript should be mandatory and why we should try to stop webmasters from using unnecessary javascript on their websites.

(Oh, and please stop mocking those of us that takes basic security precautions.)

Re:Summary is wrong; idea is worthless (1)

ciderVisor (1318765) | more than 4 years ago | (#30992992)

(Oh, and please stop mocking those of us that takes basic security precautions.)

[Nelson Muntz] Ha ha ! [/Nelson Muntz]

Re:Summary is wrong; idea is worthless (2, Insightful)

zdzichu (100333) | more than 4 years ago | (#30992888)

The whole site and paper looks like an attempt at marketing Xing. I never heard of this site before, now it's on the news.

Re:Summary is wrong; idea is worthless (1)

camperslo (704715) | more than 4 years ago | (#30999652)

The whole site and paper looks like an attempt at marketing Xing.

It's a clever trick to profile the Slashdot crowd, known for penguin worship, frequently known to follow radical publications (Periodic Table, Bill of Rights, Wikipedia...), secretly behind tech controversies (Do triodes or tetrodes sound better??)...

Re:Summary is wrong; idea is worthless (1)

Doctor O (549663) | more than 4 years ago | (#31002180)

Xing has over 8 million members and is the #1 B2B social network in Europe. It isn't irrelevant or exotic just because you haven't heard of it. Duh. Yes, I'm a member. Yes, I made quite a nice amount of business (=money) because of Xing.

http://corporate.xing.com/english/company/ [xing.com]

Before they rebranded it, it was called OpenBC (Open Business Club). Maybe you've heard of that. ;)

Re:Summary is wrong; idea is worthless (0)

Anonymous Coward | more than 4 years ago | (#31006732)

Never heard of OBC either. And I'm from Europe, from the center of it. #1 socnet here is LinkedIn, #2 are some local clones like GoldenLine.

Re:Summary is wrong; idea is worthless (1)

paleshadows (1127459) | more than 4 years ago | (#30993740)

Not sure why you think it's worthless. Like you say, the paper shows that browser-history-stealing can be exploited in a new way, allowing any web site to uniquely identify those who actively participate in social networks. All people who fall under the latter category (presumably very many) are affected, and I imagine quite a few of them do not wish to be identified. So why is this worthless?

Re:Summary is wrong; idea is worthless (1)

michaelmalak (91262) | more than 4 years ago | (#30994750)

How about all the other things that can be found in one's browser history, such as Google searches, or, say, one's own name on some websites, such as Facebook when viewing one's own profile?

Re:Summary is wrong; idea is worthless (1)

paleshadows (1127459) | more than 4 years ago | (#30996568)

How about all the other things that can be found in one's browser history, such as Google searches, or, say, one's own name on some websites, such as Facebook when viewing one's own profile?

I think you don't get it. The same-origin principle [wikipedia.org], enforced by all contemporary browsers, prevents sites from just querying the history. Thus, an arbitrary site is by no means able to just view the user's Google searches or Facebook profile from the browser's history, contrary to what you seem to suggest.

The problem is that it's very, very hard to truly enforce 100% of the same-origin principle. Some limited information might leak due to side channels. For example, an attacker can try to find out if the victim visited site X by attempting to retrieve X, timing how long it takes, and concluding whether or not X was retrieved from the browser's cache based on the response time; see, e.g., "timing attacks on web privacy" [princeton.edu] (which was BTW published 10 years ago). There are lots of other tricks unrelated to timing that an attacker can employ.

As far as I understand, the contribution of TFA is noticing that group membership information is nearly unique, per user, and (based on the aforesaid methods) suggesting practical ways to trick the browser into revealing this information.

Is this worthless?

Fonts, Plugins, History... why? (5, Interesting)

advocate_one (662832) | more than 4 years ago | (#30992536)

Having gone on that panopticlick site and discovered that my browser was unique amongst some half million visitors... I was shocked that my browser was blabbing about what fonts were on my system... Why on earth would a browser transmit the list of installed fonts at all? All it needs locally are a set of alternatives, ie. if page says this font, then use this local font... wasn't that the entire point of the webfonts package?

similarly, the plugins list... another thing that doesn't need to be sent out by the browser...

Firefox devs, you listening here? these do not need to be transmitted so block them...

anyone know of a plugin that blocks them?

and why on earth is it possible to sniff the history list???

Re:Fonts, Plugins, History... why? (3, Interesting)

macraig (621737) | more than 4 years ago | (#30992570)

You're barking up the wrong tree: you should be screaming at the JavaScript wizards, I think.

Re:Fonts, Plugins, History... why? (5, Informative)

zwei2stein (782480) | more than 4 years ago | (#30992586)

Your font list is reported by flash and java. Your browser is innocent of this. Disabling flash & java goes long way to make your system information less accessible.

Sniffing history is basic feature of xhtml/css, price you pay for selectors. a:visited (background-image:"slashdotorg.png") && boo! [shasldot.org] - if you go to my site, you will request specific image and i can see it in logs, boom, i know you were to slashdot.

Re:Fonts, Plugins, History... why? (1)

grumbel (592662) | more than 4 years ago | (#30992860)

That should be easy to fix, shouldn't it? Just fetch all images from the CSS instead of doing it on demand.

Re:Fonts, Plugins, History... why? (1)

netsharc (195805) | more than 4 years ago | (#30994464)

Annoying design trade-off, fetching all images specified in CSS will waste a lot of bandwidth, sure for a lot of desktop people bandwidth is fast and cheap, but mobile and modem users might not like the idea that much. (In Australia they still have x GB monthly limits on broadband!).

Also, I can foresee another trick: ok, the browser fetches all images, rendering my log examination useless. So now I can write a Javascript function that checks whether a particular element has this particular background image, and if so make an AJAX request to my log recording script. Boom, problem (from the marketer's point of view) solved!

Indeed, this is a nightmare. Perhaps a browser can ask "This website would like to gain access to your visited links information. Allow this? [Yes/No/Always/Never]", argh I'd hate to be the one who has to implement a feature that asks this question without nagging the user too much...

In similar ways you can detect font w/o Flash/Java (1)

Animaether (411575) | more than 4 years ago | (#30992898)

Your selectors example can be used similarly for font detection. Set up CSS with a particular font - fall back to a standard font with known metrics. Once the page is rendered, use javascript to get the metrics of e.g. the block element you stuck the text in, and you can determine with fair certainty that the user either has that font, or doesn't. Obviously user CSS overriding things, scripting getting blocked, etc. thwart this - but that's not going to be the vast majority of users.

Re:Fonts, Plugins, History... why? (0)

Anonymous Coward | more than 4 years ago | (#30993178)

"Your font list is reported by flash and java."

It's javaSCRIPT not Java; two different technologies.

Re:Fonts, Plugins, History... why? (0)

Anonymous Coward | more than 4 years ago | (#30993410)

While you're right the techs are different, if JavaScript would be the cause, that would counteract with his first statement (ie. that it's not the browser's fault).

Re:Fonts, Plugins, History... why? (1)

pjt33 (739471) | more than 4 years ago | (#30993664)

I saw the Java plugin fire up when I visited the Panopticlick site. It contains an applet.

Re:Fonts, Plugins, History... why? (1)

ArsenneLupin (766289) | more than 4 years ago | (#30994402)

Sniffing history is basic feature of xhtml/css, price you pay for selectors. a:visited (background-image:"slashdotorg.png")

Why not load a:visited images unconditionally (even when they aren't displayed)? And why allow getComputedStyle on elements whose rendering depends on :visited?

Re:Fonts, Plugins, History... why? (1)

equivocal (655448) | more than 4 years ago | (#31001350)

browser.display.use_document_colors defeats background-image in firefox. At least I think that's the correct one. Whatever it is, it's user accessible through the gui prefs interface. There may be some side-effects, like not being able to buy from amazon.com, but they're pretty insignificant.

Re:Fonts, Plugins, History... why? (2, Informative)

Anonymous Coward | more than 4 years ago | (#30992644)

"anyone know of a plugin that blocks them?"

NoScript blocks Javascript which in turn blocks most of these queries.

Still says I'm 1 in 200.000. Probably due to running Ubuntu. I'd have to manipulate my HTTP headers to something very common to counter that. No idea if there's an add-on that does that ... or what value to use.

Add Flashblock if you want to control the execution of Flash independently (e.g. allow JavaScript but only run one of the flash applets, like the video but not all those add/tracker applets).

Re:Fonts, Plugins, History... why? (2, Informative)

advocate_one (662832) | more than 4 years ago | (#30992662)

I was running with noscript, flashblock and adblock... mind you, I think I had noscript set not quite so strictly... and clicked on the flash blocked box thinking it needed clicking on for the site to work...

Re:Fonts, Plugins, History... why? (1)

pipatron (966506) | more than 4 years ago | (#30992822)

"anyone know of a plugin that blocks them?"

NoScript blocks Javascript which in turn blocks most of these queries.

Still says I'm 1 in 200.000. Probably due to running Ubuntu. I'd have to manipulate my HTTP headers to something very common to counter that. No idea if there's an add-on that does that ... or what value to use.

Add Flashblock if you want to control the execution of Flash independently (e.g. allow JavaScript but only run one of the flash applets, like the video but not all those add/tracker applets).

Not many people disable javascript, that's just one more thing to make you more unique.

And there is a big drawback from changing your headers: You're no longer advertising a free operating system. I was thinking of changing my signatures, but I figured that I would rather like webmasters to know that they have linux users as well.

.. And last, if I'm not mistaken, NoScript lets me enable individual flash applets on a page, at least I can do that and I don't have Flashblock.

Re:Fonts, Plugins, History... why? (0)

Anonymous Coward | more than 4 years ago | (#30993090)

I agree with you. I like the idea that browsing the web is actually advertising free software. But I have three problems with the user agent string:

1. OS Architecture. The website shouldn't deliver me architecture dependent content. Why is it in there?

2. Build number. I see the point of 2.0 vs. 3.0. I can even tolerate 3.5 vs 3.6, allthough minor versions should always be backwards compatible. I don't see the point of 3.5.6 vs 3.5.7. That shouldn't make any difference and the website doesn't need to know that.

3. The build date. Firefox reports the fucking build date! I compiled Firefox on my machine (FreeBSD ports) and my user agent string is unique. Allthough using FreeBSD is surely not very common but I think the build date is more to blame. I don't even know how to fix this without completly changing to a Windows UAS.

It would be awesome if somebody would file a bug report to Firefox about this. I don't have an account for their bug tracker.
And when that kind and awesome person does that please also file a bug report that Private Browsing mode should help me with these issues. Like either report very generic and common stuff for fonts and UAS, or by generating random data.

Re:Fonts, Plugins, History... why? (1)

icebraining (1313345) | more than 4 years ago | (#30994928)

Not many people disable javascript, that's just one more thing to make you more unique.

Yes, but you replace many bits of data (plugin list, fonts, etc) with a single information, so it's probably better either way.

Re:Fonts, Plugins, History... why? (0)

Anonymous Coward | more than 4 years ago | (#30995958)

According to panopticlick, 20% disable JavaScript. For the overall population, that percentage is sure to be lower. But still, disabling JavaScript does not make you all that unique.

For my octogenarian parents, I have NoScript blacklist the obvious bad sites (doubleclick.net, etc).

Re:Fonts, Plugins, History... why? (4, Insightful)

StripedCow (776465) | more than 4 years ago | (#30992862)

Even more horrifying: in my case, my local username was part of the information that panopticlick found... the reason was that one of the plugin binaries was in a subdirectory of my homedir, and its path contained my username, and apparently the path of that binary was sent out by firefox. However, I'm not sure if the fault lies with firefox or with the particular plugin (citrix receiver for linux). Probably the latter, because in the plugin-box, it identifies itself with its full path.

Re:Fonts, Plugins, History... why? (2, Interesting)

osu-neko (2604) | more than 4 years ago | (#30993086)

This is one of the reasons why, on my Windows box, my local username is "root". If it gets embedded somewhere, this doesn't tell people much. (Just to add to the confusion, it's a normal user account, not an "administrator".)

Re:Fonts, Plugins, History... why? (1, Informative)

Anonymous Coward | more than 4 years ago | (#30993796)

Easy remedy:
about:config

plugin.expose_full_path Standard boolean false.

I bet yours is set to true.

Re:Fonts, Plugins, History... why? (0)

Anonymous Coward | more than 4 years ago | (#31014250)

http://mindyourdecisions.com/blog/2010/02/02/a-mystery-sherlock-holmes-couldnt-solve-but-you-can/

Re:Fonts, Plugins, History... why? (0)

Anonymous Coward | more than 4 years ago | (#31014316)

Aaargh I seriously bungled with that one... This is what I meant to post:

I noticed the exact same thing with one of my plugins. Fortunately it was easy to fix by setting plugin.expose_full_path to false.

Re:Fonts, Plugins, History... why? (1)

JackieBrown (987087) | more than 4 years ago | (#30993180)

It tells you were the blame is on that site.

For example my IE at work reads
Marlett, ..., Kanafont, Eurofont (via Flash)

My opera on my USB device with flash and javiscript disabled give almost no information other than the useragent (and that user-agent is not as detailed rich as my IE one.)

Re:Fonts, Plugins, History... why? (0)

Anonymous Coward | more than 4 years ago | (#30998706)

Yeah because the list of fonts installed in your computer is extremely sensitive data...

What about loners? (5, Interesting)

macraig (621737) | more than 4 years ago | (#30992554)

Brilliant plan, guys... except you still left one variable unknown: the aloof guy who doesn't belong to any groups. How do you pick him out of the crowd when he's not in it to begin with? Those aloof loners are always the ones we should be worrying about, right? That's what the movies always say.

Re:What about loners? (2, Interesting)

AHuxley (892839) | more than 4 years ago | (#30992702)

They slip up during car trips and are spotted by local cops.
Or buy 10X the normal amount of a substance and the local supplier pulls the FBI card as they are a upstanding citizen or are owned by the feds.
The smart ones make their own, but then it is always the essay to trip them up.

Re:What about loners? (1)

countertrolling (1585477) | more than 4 years ago | (#31004610)

That already happens now. Been that way for years. People without a traceable history, for example a credit history, or a small stack of credit cards, a job, etc., receive all sorts of "special" treatment at the border, made even worse in today's hysterical times. Yes, not having a file makes you very suspicious indeed. Upon its discovery, one will be created automatically for you. Those without facebook accounts clearly have something to hide. It will be mandatory real soon now. - Papers please -

Xing? (2, Interesting)

93 Escort Wagon (326346) | more than 4 years ago | (#30992556)

They (the authors) keep mentioning it in the same breath as Facebook, Twitter, and LinkedIn - but I've never heard of it (I realize that may not necessarily mean anything). It also seems a bit odd to see the BSD demon in one of the article graphics. I can't help but wonder if this was posted to actually discuss an attack vector against social networking sites, or if it was really some weird attempt to promote some GNU/Free social networking club.

Anyway, it seems to me that demoing a practical de-anonymization of a Facebook user or a LinkedIn profile would be more interesting.

Re:Xing? (3, Insightful)

thePowerOfGrayskull (905905) | more than 4 years ago | (#30992690)

I was wondering the same. Having never heard of xing, I went to its web site and learned that it's a "global network of professionals" that boasts "over 8 million members".

Xing membership is a fraction of facebook, linkedin, et al. I would have to assume that it's going to be easier to "fingerprint" users of Xing when they have such a relatively small userbase. TFA doesn't say that their method works anywhere else either (though they imply that it could...); further they specify it only works for people in groups. This reduces the population of 8 million down to 1.7 million by itself. How many of those belong to just 1 or 2 groups, in which you might expect to find a high degree of overlap?

Re:Xing? (0)

Anonymous Coward | more than 4 years ago | (#30992692)

I guess it's the usual: only because it's big in the USA doesn't mean people all over the world use it.

AFAIK Xing is bigger than Linkedin in the EU and that's where (most of) the researchers are from.

Mainstream social sites like Facebook aren't as popular in the professional community. So I assume they were on Xing themselves and started from there.

Re:Xing? (3, Informative)

LKM (227954) | more than 4 years ago | (#30992902)

Xing is a German site similar to LinkedIn. It's quite popular in Europe. Nothing to do with BSD, GNU or anything else along those lines.

Re:Xing? (0)

Anonymous Coward | more than 4 years ago | (#30995724)

If you haven't heard of it it can't be important. Just like the metric system or public transportation.

False belief work both ways. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30992758)

Just as people who don't take privacy seriously aren't really anonymous, people who think that these revelations actually make people not anonymous online helps cater to said false belief, and keeping true Anonymous Cowards (who has the smarts to either not register on networking sites, or register with different false data on separate sites) safer, for the moment.

Posted as Anonymous Coward for obvious reasons.

Re:False belief work both ways. (3, Insightful)

osu-neko (2604) | more than 4 years ago | (#30993142)

...register with different false data on separate sites

This attack allows for a bit of quasi-de-anonymizing in this case. It doesn't tell you that user "vikingsfan" is real life Eric J. Andersen of Frostbite Falls, MN, but it does tell you that "vikingsfan" on the site is none other than "hockeypuck" on site B, who is also the same person as "moosehead" on site C, etc.

This sounds trivial, but it's of interest to some of us who may not want people on site A to know who we are on site B, when site A is an important social locale for us, even if no one on site A knows our real name (which is probably unimportant to them in any case, it might as well be just another nick...)

Put succinctly, it can expose your alts even if it doesn't expose your RL identity.

Re:False belief work both ways. (0)

Anonymous Coward | more than 4 years ago | (#30993534)

Posted as Anonymous Coward for obvious reasons.

Because they're after you, but you are outwitting them as a result of your superior intelligence and foresight. Yes, quite obvious to us all.

Porn mode kills this. (0)

Anonymous Coward | more than 4 years ago | (#30993984)

If anyone is even vaguely aware that they should be hiding their identity online, there's now an easy way to do it on every browser and it defeats history stealing.

This may still be useful to advertisers and other people chasing the unwary but don't bother setting up a porn site, hoping to catch a politician because they'd have to be a complete idiot to get caught by this... actually, never mind.

uhh, why? (4, Insightful)

TechnoVooDooDaddy (470187) | more than 4 years ago | (#30994192)

All you have to do is post a stupid little survey to Facebook and millions of idiots will fill the silly thing out giving you their mother's maiden name, street they grew up on, and last 4 digits of their social security in return for generating a few sentences of nonsense.

Use multiple pseudo-identities (1)

davidwr (791652) | more than 4 years ago | (#30994822)

Next Slashdot poll:

I have N Facebook accounts, where N is:
*1-4
*5-9
*10-19
*20-29
*30-39
*41 or more
*I just "borrow" one of CowboyNeal's
*My probation officer won't let me use Facebook, you insensitive clod!

30 Minutes of Testing (0)

Anonymous Coward | more than 4 years ago | (#30994892)

So it's been tested 30 times at about a minute per test. Do 30 minutes of testing make a tool worthy of all this press? Are these former Microsoft employees?

Lame Theory (1)

duggaman57 (1212618) | more than 4 years ago | (#30995130)

If I have a Social Networking account tied to the real me, and then I go and create an anonymous Social Networking page, do you really think I'm going to take the time to replicate all of my "groups" and things that would otherwise be on my primary profile? I obviously have something to hide, so this theory is bunk and not relevant.

Misleading summary (1)

argent (18001) | more than 4 years ago | (#30995396)

I don't think this is what the tool is designed for. If you read the paper, you'll see that all they'd get would be a list of groups that either of your identities were members of.

What this is for is to match identities at different sites. To tell what Facebook account Candidate@LinkedIn is using... you get Candidate@LinkedIn to visit a site (hey, send your resume to http://example.com/5jh332 [example.com] and it'll go right past HR) and hit him with a Facebook tracer while he's filling out the resume. Now you know that he's PartyGuy@Facebook and you send him a nice rejection letter.

Took 'em long enough. (1)

Proteus Child (535173) | more than 4 years ago | (#30997080)

It's amazing how long it took the private sector to rediscover good, old-fashioned intelligence analysis.

Find me (0)

Anonymous Coward | more than 4 years ago | (#30998134)

Who am I?

I have done nothing to especially hide myself except clicking "Post Anonymously" - I bet Cmdr Taco could make an educated guess by perusing logs though. I've often wondered if that is the case.

opting out of social networking (1)

Fuji Kitakyusho (847520) | more than 4 years ago | (#30998370)

A few weeks ago, I viewed a video interview with Facebook founder Mark Zuckerberg. In the interview, he stated that privacy simply doesn't exist anymore, or rather, that the world will need to get used to a "new standard" of privacy in context to online networking. That statement alone was sufficient impetus for me to purge my Facebook acount (I let it sit empty for a few weeks, then deleted it), as well as all other social networking profiles that I irresponsibly let sit on the web, as the statement is indicative of a mindset that will abuse my information in the future, if not now. Many persons may think I am being overly paranoid, but this article is evidence to the contrary, and I feel vindicated in my efforts when I read this sort of thing. On a related note, I have also taken to preferring cash to credit card transactions lately, and have a long standing habit of never disseminating personal information to retailers. I seem to be in the minority, but I refuse to leave myself open to abuse.

Privacy Law (1)

Benjamin_Wright (1168679) | more than 4 years ago | (#30999488)

Privacy law [typepad.com] often says (roughly) that personally identifiable information needs to be protected. But this research calls into question whether we can define personally identifiable information in a legally-meaningful way. All information related to a person can contribute to identifying the person.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...