A PAIR OF GERMAN SECURITY RESEARCHERS have demonstrated how 'trivial' it is to link supposedly-anonymised browsing data to individuals.
The researchers, Svea Eckert and Andreas Dewes, revealed at Def Con in Las Vegas that they were able to gather the browsing habits of three million German citizens by intercepting 'clickstream' data. By doing so, the pair were able the see the porn browsing habits of a judge, a cyber-crime investigation and the drug preferences of a politician, the BBC reports.
Clickstreams are used by advertisers to target specific users based on their browsing habits, by retaining every click and web page visit a user makes. This data should be anonymised, but the pair found that circumventing this security step was "trivial", revealing sensitive details about specific users.
What's more, once this data is tied to public information - such as links people have shared on Twitter, photos they've posted to Facebook or news items they've shared - it became possible to easily connect the data to an individual.
"The public information available about users is growing so it's getting easier to find the information to do the de-anonymisation," Dewes said. "It's very, very difficult to de-anonymise it even if you have the intention to do so."
Eckert and Dewes told the BBC that 95 per cent of the data they obtained came from 10 popular background extensions,
"What these companies are doing is illegal in Europe but they do not care," said Eckert. "This could be so creepy to abuse. You could have an address book and just look up people by their names and see everything they did."
The pair has now deleted all of the sensitive data that they collected, noting that they were worried about being hacked themselves.
"After the research project we deleted the data because we did not want to have it close to our hands anymore," Eckert said. "We were scared that we would be hacked." µ
More wise words from Mountain View
Firm failed to say that launch prices were only an 'introductory offer'
We think we all have an airbag problem
Give us a break