When surfing the net beyond the realms of social networks or forums, I, and probably most of you too, assume that our presence is anonymous. So last Monday I was really surprised when I visited the de-anonymizing site created by researchers Thorsten Holz and Gilbert Wondracek which quickly ‘exposed’ me within a short space of time by entering a bare minimum of information. This scenario was well below my personal expectations in terms of anonymity, but in my function as VP Operations at XING AG, it got me really excited as the majority of the de-anonymizing process was based on information from our Group sites.
XING’s data protection maxim is ‘Our customers trust XING and its users’ and a key part of that trust is our customers’ right to decide for themselves how they want to appear in public and which data they want to post online. As a result of these considerations and our experience in security, we immediately initiated a number of measures to prevent this kind of classic history stealing and make it impossible for online users to be exposed. The technique deployed was of a purely academic and experimental nature specific to the intended purpose. As far as we are aware, this experiment posed no threat to XING users and their data whatsoever. Despite this, we decided to react immediately before the process became established beyond its current experimental context.
Put simply, de-anonymizing takes place in two steps (for a detailed description, please refer to the researchers’ original report):
- Publicly accessible Groups can be used to create a database which allows publicly known Group users to be matched to their fingerprint. To do this, you need to visit all of the public Groups and then crawl them. With a little bit of technical expertise, a service can then be programmed to provide the fingerprint of all users with this exact same fingerprint or a similar one. When I saw this in action, it seemed to work really well…
As a user you can simply delete your browser’s history on a regular basis and set your browser to private mode. Firefox also provides a plug-in (SafeHistory) to prevent against such attacks (only works with Firefox up to version 2, unfortunately.
We at XING are of course obliged to do all we can to protect our users. Based on this, we have now put a counter-measure in place to meet the recommendations made by Thorsten Holz and Gilbert Wondracek.
To be more specific, we have added a random number to all the relevant links on the platform (i.e. links containing Group names) which is then saved in the history, meaning that there is a probability of about zero that someone can guess the URL using the ‘yes/no’ question and answer game as the browser will only accept the exact same string as being the URL visited in the past. We are currently monitoring usage and will take further action over the next few days if required.
The upshot of all this is that your browser should now prevent anyone from de-anonymizing your XING profile. However, please bear in mind that your browser’s history will still contain entries dating back several hours, days or even weeks, so it’s best to be on the safe side and delete your browser’s history once you’ve finished surfing.
If you have any other questions, please feel free to contact the XING Group or post a comment here in the blog.
Link to this article: