Researchers at Stanford and Princeton have succeeded in identifying 70% of users by comparing their web-browsing history to publicly available information on social networks.
The study De-anonymizing Web Browsing Data with Social Networks found that it was possible to reattach identities to 374 sets of apparently anonymous browsing histories simply by following the connections between links shared on Twitter feeds and the likelihood that a user would favour personal recommendations over abstract web browsing.
The test subjects were provided with a Chrome extension that extracted their browsing history; the researchers then used Twitter’s proprietary URL-shortening protocol to identify t.co links. 81% of the top 15 results of each enquiry run through the de-anonymisation program contained the correct re-identified user – and 72% of the results identified the user in first place.
Browsing history is not directly accessible to websites, but data brokers and advertisers can gather up sufficient history via tracking cookies, supercookies and flash cookies to potentially conduct reidentification. The NSA has done advanced work in this field, and earlier researchers have noted that such information is for sale.
Ultimately the trail only leads as far as a Twitter user ID, and if a user is pseudonymous, further action would need to be taken to affirm their real identity.
Using https connections and VPN services can limit exposure to such re-identification attempts, though the first method does not mask the base URL of the site being connected to, and the second does not prevent the tracking cookies and other tracking methods which can provide a continuous browsing history. Additionally UTM codes in URLs offer the possibility of re-identification even where encryption is present.
I'm sure we all could have said that. It's good to have some research behind it.
This is why using a VPN only works for certain things. And why it's important to know what it is you want to protect, otherwise you can't know what you need to do to protect yourself.
Yeah, but without the study we would simply be called crazy wacko tin foil hat nutjobs.
This is yet another reason to browse only using a multitude of VMs that you replace with clean copies of themselves after every browsing session. That way all the tracking cookies, super cookies and flash cookies can't gather much data per session and nothing tangible at all if you use a strict "this VM is for these sites, that VM is for those sites" policy..
The only way stuff like this stops is like what I said to a person driving me back and forth today to and from London and that is we need a real revolution and yes people that requires guns and people getting hurt.
Maybe everything you've posted on your twitter is ok right now... but what about in 10, 20, 30 years?
What if you want into a country but you said something on twitter that was against the gov there... What if you want a job but your prospective employer found and scanned your twitter to get a personality profile on you and it's results said you were "lazy", "indifferent", "lacked ethical motivations", and/or "untrustworthy". Maybe you won't get that job... maybe you won't get into the country you want into... hell, maybe you won't even get back into your own country. All because you said some stupid stuff on twitter decades ago and can't manage to disconnect your identity from that twitter account. (don't forget that NOTHING is ever really deleted and the internet never forgets)
Would you like your government and your prospective employers to know about everything you said / posted when you were angry or pissed off or drunk 25 years ago?
Yup. The writing style can give you away (they CAN identify people solely based on their choice of words and sentence structure), but so can the IP address. To tweet anonymously you'll need a burner phone with a prepaid card (all paid cash, of course), one that never gets anywhere near your place of residence or your regular phone.
I have noticed that on my privacy badger. Lot of websites use buttons instead of simple links to social media. And those buttons collect data on you. So far I have blocked.
connect.facebook.com
ssl.google-analytics.com
platform.linkedin.com
I thought I had a twitter blocked but I can't find it.