Foreign Policy Blogs

I Know Where You've Been – So I Know Who You Are.

facebook-logoAnonymity on social networks is difficult. Sounds like a contradiction in terms, right? But what you choose to share with some is not what should be available to all. If you’re posting your Federalist Papers, you might want an alias. If you are planning a high school reunion, you’ll need your real name.

Thanks to some clever browser tricks, it can be possible to strip away the mask. A writeup in Dark ReadingHere’s the paper, for those interested in reading the academic prose of computer scientists. *shudder*

The great news? You can’t really patch against this attack. It is a feature, not a bug, in the way your browser is constructed.

No need to panic, yet. But another example of how difficult it is to keep secrets in the Internet age.

Social networking is a true double-edged sword for activists in authoritarian countries. A lot of organization for social change couldn’t possibly happen in meatspace – but if the thugs get access to your Facebook friends list they don’t even need to go to the bother of torturing you to get the names of all your associates.

Below the jump I’ll explain how it works. I’m not going to bore the rest of you.

When you click on links, they change colors. Makes it easy to see where you’ve been. Or it did, back in the late 90s when we used text links with default colors for everything. Well, here in The Future we don’t that much – but we do have tricks to tell the server in what color your browser shows a link. Therefore what you’ve visited. Try playing with a simple example.

If you’re clever – like these researchers and the Professor Moriaritys of the world – you can do something with that.

So you’re a member of a bunch of great facebook groups. Well, if you visit those group pages that info is cached in your browser. If you hit a page that’s designed to steal your browser history, it can capture the group pages you have visited. If the nefarious scoundrel is in or can join these groups, they can triangulate your unique identity by figuring what members are in all of these groups.

Realistically, this requires a lot of work to trawl all the groups and capture the information. But computers don’t get bored easily.

I just dropped the time that my computer saves history items to one week.