De-anonymizing Web Browsing Data with Social Networks

Can online trackers and network adversaries de-anonymize web browsing data readily available to them? We show— theoretically, via simulation, and through experiments on real user data—that de-identified web browsing histories can be linked to social media profiles using only publicly available data. Our approach is based on a simple observation: each person has a distinctive social network, and thus the set of links appearing in one’s feed is unique. Assuming users visit links in their feed with higher probability than a random user, browsing histories contain tell-tale marks of identity. We formalize this intuition by specifying a model of web browsing behavior and then deriving the maximum likelihood estimate of a user’s social profile.

 We evaluatethis strategy on simulated browsing histories, and show thatgiven a history with 30 links originating from Twitter, wecan deduce the corresponding Twitter profile more than 50%of the time. To gauge the real-world e↵ectiveness of this approach,we recruited nearly 400 people to donate their webbrowsing histories, and we were able to correctly identifymore than 70% of them. We further show that several onlinetrackers are embedded on sucientlymany websites tocarry out this attack with high accuracy. Our theoreticalcontribution applies to any type of transactional data andis robust to noisy observations, generalizing a wide rangeof previous de-anonymization attacks. Finally, since our attackattempts to find the correct Twitter profile out of over300 million candidates, it is—to our knowledge—the largestscaledemonstrated de-anonymization to date.

http://randomwalker.info/publications/browsing-history-deanonymization.pdf