Thursday, May 27, 2010

.

More on aggregating information

For more evidence that the whole is more than the sum of its parts, we turn to some recent work at Vienna University of Technology:

An experimental website has managed to identify the names of people who visit it, by harvesting information about the groups they belong to. It’s a trick marketing teams and scammers would love to copy.

The snooping site exploits the fact that your web browser keeps track of which web addresses you have visited. Website owners can glean this information by hiding a list of web addresses in the code for their web page. When someone accesses this page, their browser will tell the website owner which of the hidden addresses they have already visited.

Basically put, the researchers snagged a set of independent bits of information that could all be tied back to a particular user. And by putting that information together, they identified the user. That the bits of information were all of the same type (groups to which the user belongs) is largely irrelevant, as is the mechanism by which they collected it (using an information leak in the web browser, which we talked about in these pages before).

What’s important to note is that if enough individual items of information are exposed and can be correlated, they can fairly easily be traced back to you, at least a good bit of the time. And that the value of enough that can effect that is smaller than you probably think.

2 comments:

Brent said...

So the old comic - on the internet, no one knows you are a dog - has come full circle? Not only do they know you are a dog, but which one!

Barry Leiba said...

He-he-he. Yes, indeed. And that's a funny way to look at it!