Study: 72% of anonymous traffic can be linked to real users.

Advertisers would give everything in the world to be able to look over their shoulders, which pages users view on the network. They want to know which sites a person visits, how he got on them, how long he stays on them, where he goes next. And at the same time collect the maximum possible amount of personal information about him.

Of course, for this they need not be in the same room with the user: dozens of built-in trackers on almost every site collect information about the user's actions, and cookies stored in the browser tell advertisers how often they visit the site. But the main dream of any advertiser is to combine all this scattered information into a single profile that corresponds to each individual user, that is, to create a full-fledged portrait of each person on the Internet.
')
The companies that make up user profiles usually do this under a pseudonym: this is how they can get a lot of demographic data, but as a rule, they don’t combine behavioral data with individual identities. A team of researchers from Stanford and Princeton Universities has developed a system that can put this data together simply by examining the viewing history.

When the team tested the technology on 374 real people who submitted their browsing history, the de-anonymizer identified the volunteer profiles on Twitter in almost three-quarters of an hour.

The researchers proceeded from the assumption that a person would most likely follow the link shared by friends on social networks than a random link. Given this information, as well as the browser history of an anonymous source, researchers can calculate the likelihood that a Twitter user has created this browsing history. Such a habit of clicking on links unmasks the user, and this process takes less than a minute.

To test the algorithm, the researchers gathered volunteers who downloaded an extension for Google Chrome that retrieves browsing history. Since Twitter uses its own abbreviation URL - t.co, the program could easily find out which sites the user went through this social network. The program extracted 100 links from each user and passed them through the de-anonymization system. Within a few seconds, the algorithm produces 15 of the most successful results from all possible Twitter users, in order of maximum compliance. Then volunteers were asked if they had Twitter accounts and asked to log in to verify their identity. The algorithm chose the correct profile in 72% of cases, and in 81% the profile was in the TOP-15.

In order for this method to work in the real world, where people are reluctant to share their data, even if for scientific purposes, access to the “digital trail” needs to be obtained in some other way. Owners of at least part of the browsing history are often advertisers, Internet service providers and, of course, special services.

With the help of trackers, the advertiser can get an idea of ​​the user, but the simplest ad blockers can prevent them. Providers have the opportunity to get a lot of information about which sites their client visits, except when the pages are protected by the HTTPS protocol, which encrypts traffic. However, people can still be identified using unencrypted sites: researchers were able to “unmask” almost a third of volunteers using only HTTP traffic. VPN services may limit direct attempts to de-anonymize, but they will not interfere with the collection of cookies and other tracking methods that can provide the retriever with a continuous browsing history.

Researchers are sure that if you want to use microblogging under your own name, you can’t do anything to avoid the deanonymization technique - even if a person does not post tweets, but simply looks at someone else’s profiles, he will not go unnoticed. They also note that the program does not exploit any service vulnerability. Users themselves usually give the information that you only need to collect. The study implies that open social networks and detailed reports in them about their activities are at variance with confidentiality. According to the creators of the de-anonymizer, it is impossible to maintain Twitter confidentiality without abandoning the main function of the social network - its general accessibility.

Browser features such as Safari private browsing mode or Chrome incognito mode will not save you from de-anonymization. After the windows in one of these modes are closed, the browser deletes the visit history, but does not interfere with the work of trackers or, for example, the special services to monitor traffic.

Not everything is as categorical as it seems. With the help of Tor, a program that provides anonymity on the Internet by routing traffic randomly through a network of servers, you can hide from all but the most stubborn "spies". But for the average user not familiar with modern privacy technologies, the veil of anonymity is very thin. As for those who are more interested in keeping their profiles open and “following” as many interesting people as possible than hiding data from marketers or Internet providers.