Cisco Blogs

Reidentification Using Social Networks

February 11, 2010 - 0 Comments

Recently, the Electronic Frontier Foundation (EFF) and the International Secure Systems Lab (iSec Lab) have publicized methods of de-anonymization. The EFF released a tool to demonstrate de-anonymization via browser fingerprinting, while a iSec Lab paper was featured in Heise Security that discusses the authors’ attempts to use browser history and the unique properties of social networks to identify individuals. The threats to user privacy continue to grow more evident and sophisticated.

The iSec Lab’s approach to de-anonymization through social networking relies upon an attack against the user’s browser, known as “history stealing.” Specifically, the authors propose using HTML images or JavaScript to determine which links a user has visited, by querying the same information used by the browser to change the color of previously-viewed links. The basic attack works as follows:

  1. Enumerate all of the groups in a social network, and store their unique URLs
  2. Correlate members of groups to the groups themselves
  3. Create a webpage that performs history stealing
  4. Check for the “visited” property for thousands of group URLs for a given social network when the user visits the webpage
  5. Identify the user by matching the groups they belong to (as indicated by the groups they have visited) with the set of users who belong to all of those groups
  6. If necessary, produce a second set of URLs, such as a private landing page link that includes a username, to narrow down a small set of possible users to a specific user. If a page that is restricted to an authenticated user is checked for visitation history, the attacker can be reasonably certain that the user is identified

In fact, step 6 could be particularly useful in any targeted identification attack. If an attacker has a small set of possible users that is likely to contain a targeted victim, the attacker could use a short list of guesses to private profile pages in an attempt to find a definite identity. And, although iSec Lab focused on group membership, it may be possible to use other associations (including friend lists) to accomplish the same attack. With over 300 million users, Facebook’s decision to publish friend lists openly by default could allow many individuals’ friend lists to be publicly crawled, indexed, and used as a method to perform de-anonymization.

Certainly, calculating the combinations of associated friends could be much more time and resource intensive than using group memberships, but the technique remains valid if there is a commonly used, unique link that can be enumerated in a browser. If any set of uniquely identifying and likely exclusive combinations can be constructed, strong associations can be made with a likely end result of positive identification. While users can defend against this attack by disabling browsing history, restricting JavaScript, or through other practices, browser vendors might consider designing alternatives that preserve user functionality while restricting information leakage.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.