Security experts Andreas Dewes and Svea Eckert revealed that an individual’s browsing history and habit can be traced, even after he/she is using incognito mode. The research was done on over 3 million Germans, out of which some where public figures.
If you think no one will get to know about your browsing history and pattern, just because you’ve deleted the history, you couldn’t be more wrong. Recently, a team of German researchers showed that anything you browse can be exposed.
In April 2017, United States president Donal Trump signed a term that lets ISPs (Internet Service Providers) fetch private browsing data of American Internet users, without asking for their permission. It was still no big deal, because the information was anonymized anyway.
However, the findings presented at the DefCon Hacking Conference in Las Vegas say something different. Two security expert Andreas Dewes and Svea Eckert successfully exposed the browsing schedule and habits of over 3 million German, which also involves famous public personalities like politicians and judges.
How Did They Do That?
With the help of 10 Chrome extensions, the team collected German user’s web activity, and matched the information to many of the individuals it was mined from. Their work revealed, for instance, the drug habits of a German politician and the preferred-adult movies of a judge.
In most of the cases, researchers simply had to match a visited webpage URL with that URL being published on social networking sites at the same time. In others, all they had to do was identify page visits to login address where the URL shows what user is logging in.
‘In most of cases, browsing data did not reveal anything illegal, but might be hard for some public figures to justify or explain’, said Svea Eckert. In a few scenarios, this information could leave them open to blackmail.
The data were extracted from “clickstreams” that are built into Google Chrome extensions to track minute-by-minute browsing activity in order to target advertisements.
Source: DEF CON 25 Hacker Conference
‘With only a few websites, you can instantly drill down into the information to just a few users’, Andreas Dewes said. It was not difficult to find the name of the users as the “clickstream” could open the URL of user’s personal account, he added.
Researchers found that about 95% of the data gathered came from 10 famous browser extensions. “What these giant organizations are doing is illegal but they don’t care”, Svea Eckert said.
These simple methods of identification could be used to de-anonymize browsing data that includes webpage addresses and the times they were opened.
The data were collected for study purpose only, and it had been deleted because researchers did not want to have it close to their hands. They were afraid that they would be hacked.