Malicious Sites Can Identify You from Your Social Groups

According to Technology Review, what is new here isn’t necessarily that salient points in your social footprint can be used to identify you. There has been good research showing just how little correlative data is needed to pull off that trick. Instead, the concern is that a browser flaw that leads to a history stealing attack combined with the permeation of social network services into third party sites is making this attack all too easy to pull off.

The researchers found that a malicious site could “capture” a person’s social networking groups from his browser with a trick known as history stealing. By cross-referencing these groups, they could reveal someone’s social-network profile–and therefore their real-life identity–42 percent of the time. This means that an otherwise anonymous Web user could be identified correctly by a malicious site simply because the user visited that site.

This research was conducted by folks at at the Vienna Institute of Technology, Institut Eurecom and UC Santa Barbara. I feel like my instant unease at seeing Facebook spread its Like button and other features to third party sites has now been fully vindicated.

Sadly, the history stealing issue is a long standing one and difficult to address. As the article notes, some browsers now throttle scripts requests for history information to try to increase the cost of attack. Another good reason to keep your browser as up to date as you can.

Your Groups Tell Hackers Who You Are, MIT Technology Review

Leave a Reply

Your email address will not be published. Required fields are marked *