‘Anonymized’ Web Browsing Not Actually Anonymous, Finds Princeton Study
The specific online behavior of an individual can be identified by linking anonymous web browsing histories with social media accounts, according to new research. This issue raises another series of questions about online privacy, as pointed out by researchers from Princeton and Stanford.
Private browsing can be linked to social media profiles, such as Facebook, Reddit, or Twitter, as the scientific paper points out. The results of the article will be presented as part of the 2017 World Wide Web Conference, Perth, Australia, in April.
Private Browsing, Not So Private
Some companies, such as Google and Facebook, are known for tracking their users online. These companies could identify the identities of the users even when they browse in private mode, according to Arvind Narayanan, assistant professor of computer science at Princeton, and co-author of the paper.
Aside from tracking the users' behaviors, these companies also reveal the browsing histories of people, mostly to other companies and organizations, for advertising purposes. The users are generally identified through the analysis of the public information from social media accounts.
The scientific paper is part of a larger project aimed at alarming the internet users about the privacy practices of corporations and vulnerabilities of individual users on the web. While most of the websites make their privacy policies and cookie policies public for their users, research on web footprints shows that the data anonymization process is broken when it comes to web policies.
Narayanan, web footprint specialist, has already published another paper concerning the problems with data anonymization.
"Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information," noted the previous research.
In addition to the conclusions in that scientific article regarding privacy policies. The current project shows that while online privacy risks are not a new issue on the web, they persist in the context of large corporations with equally generous databases of user activities.
Additionally, Stanford undergraduate Ansh Shukla, a senior studying mathematics, noted that although advertisers will not know the names of the people they target initially, most of the so-called anonymous browsing history will be known.
Online Advertisers And How Users Should Protect Themselves
The reason why advertisers are so increasingly interested in gathering data about people's behavior online and in tracking their activities is that an anonymous person with a real identity can be obtained by cross-referencing databases.
Assuming someone is interested in hair coloring products, that person will spend time on websites related to this interest. Additionally, a commercial entity will then be able to "plant" ads concerning hair dye offers on different websites, even if the browsing is done privately.
"Each person's browsing history is unique and contains tell-tale signs of their identity," noted Sharad Goel, an assistant professor at Stanford and co-author of the study.
This process allow the business owner or the commercial entity representatives to find out the true identity of the user, and target that person with an email campaign, for instance, without said person giving consent about this course of action.
"For most users, we recommend installing Ghostery and HTTPS Everywhere. Be sure to configure Ghostery to block all categories of trackers after the first install, but be aware that this will occasionally break some sites. More advanced users should consider the EFF's Privacy Badger which improves upon blacklist-based tools by blocking domains based on their actions. Finally, users who believe they are particularly at risk for targeted tracking are encouraged to use the Tor Browser Bundle," noted the Princeton WebTap page.