PrivacyCan you be anonymous on the Internet? No, you cannot

Published 27 October 2016

If you still think you can be anonymous on the Internet, a team of Stanford and Princeton researchers has news for you: You cannot. Researchers say most people do not realize how much information they are leaving behind as they browse the Web. Online privacy risks are not new, but the researchers say their research is “another nail in the coffin” to the idea that the average person with the average Web browser can be private online.

If you still think you can be anonymous on the Internet, a team of Stanford and Princeton researchers has news for you: You cannot. Over the summer, the team launched what they called the Footprints Project, which invited individuals to participate in an online experiment that allowed researchers to access their anonymous web browsing history, including information about active Twitter usage. Stanford University says that based on that information alone, Footprints successfully identified eleven out of thirteen people who visited the site on its first day of operation. “I think the first thing I messaged was: ‘This is kind of scary,’” says Stanford undergraduate Ansh Shukla, a senior studying mathematics, who is working on the project with Stanford Engineering assistant professor Sharad Goel and Stanford computer science Ph.D. student Jessica Su.

The researchers ended the Footprints experiment in October. By then almost 300 users had visited the site, and the system had accurately identified 80 percent of them.

How did it work? Users voluntarily participated in Footprints. That gave the researchers permission to gather the names of any Web sites that a participant clicked on through Twitter while using Google Chrome. This unique set of links is a fingerprint. To find that user, the researchers crawled through millions of Twitter profiles to see who everyone is following.

So imagine that Jane Doe, John Smith, and Susie Q all participated anonymously, and that each of these three volunteers follow 100 Twitter accounts. All three might follow the official Stanford Engineering Twitter account. But Jane and John also follow the New York Times’s Twitter account for their news, while Susie instead follows the Los Angeles Times as her newspaper of choice. Researchers can then deduce that the person who visited links tweeted from Stanford Engineering and the New York Times is more likely to be Jane or John, not Susie.

“Although we happen to use Twitter, it’s not like Twitter is uniquely vulnerable,” Shukla says. “It doesn’t take a lot of recorded characteristics to have people become unique.”

This project is part of a growing body of research that brings heightened alarm to privacy vulnerabilities on the Web. For most Web sites we visit, we often implicitly consent to be tracked through a terms of service or “cookie” (a small file of identifying information left on a computer when you browse online) policy. Footprints researcher Arvind Narayanan, an assistant professor of computer science at Princeton, previously published a paper that demonstrated how data anonymization is broken on the Web. The work became well known outside of academia because Narayanan cross-referenced Netflix user data with Internet Movie Database (IMDb) users to uniquely identify individuals.

The Footprints researchers know that online privacy risks are not new, but their latest research is “another nail in the coffin” to the idea that the average person with the average Web browser can be private online, Shukla explains. “You should kind of go into the Internet assuming that everything you go to, someone might learn about someday,” he says.

Shukla says that even though many advertisers and Internet companies might not initially know your name, they likely have most of your anonymous browsing history — even if you regularly clear your cookies. This data might be used by a commercial entity to link an anonymous person with a real identity — something that is lucrative for an advertiser — by cross-referencing databases. So an anonymous person who keeps visiting certain furniture Web sites might eventually be identified and targeted through a direct mail campaign. Or a political campaign might be able to target a specific voter.

Shukla hopes that as people realize how easy it is to track their digital footprints, this will lead to a change of policy, such as collecting far less data. He also envisions new technologies to empower consumers that are more powerful than the “do not track” setting on browsers — an injunction often ignored by Web sites. “Security theater,” Shukla says.

Goel notes that most people do not even realize they are leaving behind digital footprints. “We conceived this as a consciousness-raising project,” he says, adding that he and his team plan to write a journal article about the Footprints experiment.

— Read more in Arvind Narayanan and Vitaly Shmatikov, Robust De-anonymization of Large Sparse Datasets (The University of Texas at Austin, 2016)