SlideShare uma empresa Scribd logo

(Ab)using Identifiers: Indiscernibility of Identity

BayCHI
BayCHI

Ben Gross at BayCHI November 10, 2009

EducaçãoTecnologia
1 de 41
Baixar para ler offline
(Ab)using Identifiers @ Ben Gross BayCHI 2009-11-10 University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @
@
Why I am interested @ bengross@gmail.com bgross@uiuc.edu @bengross bgross@acm.org bgross@bgross.com http://bengross.com http://flickr.com/bengross bgross@ischool.berkeley.edu http://facebook.com/bengross bgross@messagingnews.com @
How many @ Email addresses Web site logins Instant Social network messenger IDs profiles Domain names Phone numbers Do you have? @
All your @’s are belong to us @
Why you might care •Usability implications •Productivity implications •Security implications •Employee satisfaction @
How did I get here? •“I only have one email address...” •“Well, except that one I only use for...” •“And that other one I use with...” @
Half a million users “... average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.” Dinei Florêncio and Cormac Herley. A Large- Scale Study of Web Password Habits. WWW ’07 @
Population •Qualitative in-depth interview study •44 people across two Bay Area firms •Financial services firm (regulated) •Design firm (unregulated) • @
Data • Financial services • Average # of email addresses = 1.8 min 1 / max 4. IM = 1.8 min 1 / max 4 • Design Firm • Average # of email addresses = 3.6 min 1 / max 10 IM = 1.7 min 1 / max 3 • Combined total • Average = 3.3 @
“The individual in ordinary work situations presents himself and his activity to others, the ways in which he guides and controls the impression they form of him and the kinds of things he may and may not do while sustaining his performance before them.” Erving Goffman Presentation of Self in Everyday Life, 1959. @
Why more than one? @
Social factors •“I knew that my college one wasn't forever, so I wanted something more permanent after I graduated.” •“...I didn't like the name that I picked when it was my first email.” •“...you just say oh my first name and last name at gmail.com ... something easy to remember.” @
Technical factors •Namespace saturation AKA the jimsm1th77@hotmail.com problem •Firewalls and VPNs AKA “They don’t let me use Hotmail at work...” •Configuration problems AKA “What does SMTP-AUTH with MD5 checksums on port 567 mean?” @
Regulatory factors @
It’s Just Data... “We’re an information economy. They teach you that in school. What they don't tell you is that it's impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments that can be retrieved amplified...” William Gibson Johnny Mnemonic @
What’s Underneath? •Developer Tools •FireBug/FireCookie •Safari Web Inspector •Charles Proxy/HTTP Analyzer •Forensic Tools @
Cookies @
More detail @
Bake Your Own @
Managing Flash Cookies http://www.macromedia.com/support/ documentation/en/flashplayer/help/ settings_manager07.html @
Referer (sic) •adsl-75-18-132-43.dsl.pltn13.sbcglobal.net - - [10/Nov/2009:14:50:56 -0800] "GET / wireless.html HTTP/1.1" 200 29149 "http://bengross.com/voip.html" "Mozilla/ 5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9" @
Leaky Headers On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy and Craig Wills @
More Options •URL Munging and Session IDs in URL •Flash Cookies/Local Shared Object •Silverlight Cookies •Virtual Page Views, Event (Google Analytics) User Defined Values @
Synthetic IDs •Everything in the Referer header can be used to for a synthetic identifier. •The User Agent is a good source •IP addresses if you have them •Screen dimensions, user agent •Hash of IP address/remote ports @
Other Sources of Bits •Last Modified and ETag headers •HTTP Keepalive •SSL Session IDs •TCP Timestamps @
The Art of Being Lost •“We do not collect personal contact information from visitors to your website. Personal contact information means billing address, physical address, individual name, email address, etc.” (OpenTracker.com) @
Netflix Data Released •Dataset contains 100,480,507 movie ratings, created by 480,189 Netflix subscribers between December 1999 and December 2005. •“...all customer identifying information has been removed; all that remains are ratings and dates. This follows our privacy policy...” •No unique identifiers or quasi-identifiers @
You Only Need Two •Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov •IMBD as a source of entropy •“With 8 movie ratings (of which 2 may be completely wrong) and dates that may have a 14-day error, 99% of records can be uniquely identified in the dataset.” @
It comes down to this “Q: If you don't publicly rate movies on IMDb and similar forums, there is nothing to worry about. A: ...you should not ever mention any movies you watched prior to 2005 on a public blog or website. Everybody who was a Netflix subscriber prior to 2005 should restrain themselves from these activities... We do not think this is a feasible privacy policy.” FAQ “How to Break Anonymity of the Netflix Prize Dataset” @
Guessing Your SSN •Predicting Social Security Numbers from Public Data by Alessandro Acquisti and Ralph Gross •...I’ll just need the last 4 of your SSN for verification purposes... •“...we accurately predicted the first 5 digits of 2% of California records with 1980 birthdays, and 90% of Vermont records with 1995 birthdays.” @
Disclosure and UI •“Facebook Beacon is a way for you to bring actions you take online into Facebook. Beacon works by allowing affiliate websites to send stories about actions you take to Facebook.” •Launched November 2007 •Class action lawsuit August 2008 •Shut down September 2009 @
Opt Out: First Try @
Opt Out: Second Try @
Evasion •Ghostery •Opt Out Tools •Ad Blockers/Flash Blockers •HTTP Cookie/LSO Managers •Header Modification Tools •Proxies/Tor @
@
@
@
@
What’s Next? •Geolocation •Roll up for more large collections •More of addition bits need for de- anonymization available via social networks @
@ Ben Gross University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @

Recomendados

Searching the Internet
Searching the InternetSearching the Internet
Searching the Internetharoldtaylor1113
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Bohyun Kim
 
Computer basics #3
Computer basics #3Computer basics #3
Computer basics #3Bryan Boettcher
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101Amit Ranjan
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 

Recomendados

Searching the Internet
Searching the InternetSearching the Internet
Searching the Internetharoldtaylor1113
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Bohyun Kim
 
Computer basics #3
Computer basics #3Computer basics #3
Computer basics #3Bryan Boettcher
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101Amit Ranjan
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A VerbAndy Smith
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
 
Fighting Spam at Flickr
Fighting Spam at FlickrFighting Spam at Flickr
Fighting Spam at FlickrMikhail Panchenko
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT studentsArvind Devaraj
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracySarah Uthoff
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Internet basics
Internet basicsInternet basics
Internet basicsi360 staffing and training solutions
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientationmohannadalhanahnah
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIBayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITBayCHI
 

Mais conteúdo relacionado

Semelhante a (Ab)using Identifiers: Indiscernibility of Identity

Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A VerbAndy Smith
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT studentsArvind Devaraj
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracySarah Uthoff
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientationmohannadalhanahnah
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 

Semelhante a (Ab)using Identifiers: Indiscernibility of Identity (20)

DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A Verb
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
 
Fighting Spam at Flickr
Fighting Spam at FlickrFighting Spam at Flickr
Fighting Spam at Flickr
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT students
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information Literacy
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Internet basics
Internet basicsInternet basics
Internet basics
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart Cards
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guide
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile Dead
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientation
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart Parent
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 

Mais de BayCHI

The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIBayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITBayCHI
 
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...BayCHI
 
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...BayCHI
 
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoScot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoBayCHI
 
Jared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonJared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonBayCHI
 
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsLuke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsBayCHI
 
Jeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindJeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindBayCHI
 
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...BayCHI
 
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsDesigning Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsBayCHI
 
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordElaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordBayCHI
 
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...BayCHI
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchBayCHI
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchBayCHI
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...BayCHI
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...BayCHI
 
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesJoy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesBayCHI
 
BayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI
 
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingTaming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingBayCHI
 
Aiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldAiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldBayCHI
 

Mais de BayCHI (20)

The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
 
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
 
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
 
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoScot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
 
Jared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonJared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The Amazon
 
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsLuke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
 
Jeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindJeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in Mind
 
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
 
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsDesigning Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
 
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordElaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
 
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote Research
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote Research
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
 
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesJoy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
 
BayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI: Wikimania Redux
BayCHI: Wikimania Redux
 
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingTaming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
 
Aiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldAiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business World
 

Último

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Último (20)

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

(Ab)using Identifiers: Indiscernibility of Identity

  • 1. (Ab)using Identifiers @ Ben Gross BayCHI 2009-11-10 University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @
  • 2. @
  • 3. Why I am interested @ bengross@gmail.com bgross@uiuc.edu @bengross bgross@acm.org bgross@bgross.com http://bengross.com http://flickr.com/bengross bgross@ischool.berkeley.edu http://facebook.com/bengross bgross@messagingnews.com @
  • 4. How many @ Email addresses Web site logins Instant Social network messenger IDs profiles Domain names Phone numbers Do you have? @
  • 5. All your @’s are belong to us @
  • 6. Why you might care •Usability implications •Productivity implications •Security implications •Employee satisfaction @
  • 7. How did I get here? •“I only have one email address...” •“Well, except that one I only use for...” •“And that other one I use with...” @
  • 8. Half a million users “... average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.” Dinei Florêncio and Cormac Herley. A Large- Scale Study of Web Password Habits. WWW ’07 @
  • 9. Population •Qualitative in-depth interview study •44 people across two Bay Area firms •Financial services firm (regulated) •Design firm (unregulated) • @
  • 10. Data • Financial services • Average # of email addresses = 1.8 min 1 / max 4. IM = 1.8 min 1 / max 4 • Design Firm • Average # of email addresses = 3.6 min 1 / max 10 IM = 1.7 min 1 / max 3 • Combined total • Average = 3.3 @
  • 11. “The individual in ordinary work situations presents himself and his activity to others, the ways in which he guides and controls the impression they form of him and the kinds of things he may and may not do while sustaining his performance before them.” Erving Goffman Presentation of Self in Everyday Life, 1959. @
  • 12. Why more than one? @
  • 13. Social factors •“I knew that my college one wasn't forever, so I wanted something more permanent after I graduated.” •“...I didn't like the name that I picked when it was my first email.” •“...you just say oh my first name and last name at gmail.com ... something easy to remember.” @
  • 14. Technical factors •Namespace saturation AKA the jimsm1th77@hotmail.com problem •Firewalls and VPNs AKA “They don’t let me use Hotmail at work...” •Configuration problems AKA “What does SMTP-AUTH with MD5 checksums on port 567 mean?” @
  • 16. It’s Just Data... “We’re an information economy. They teach you that in school. What they don't tell you is that it's impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments that can be retrieved amplified...” William Gibson Johnny Mnemonic @
  • 17. What’s Underneath? •Developer Tools •FireBug/FireCookie •Safari Web Inspector •Charles Proxy/HTTP Analyzer •Forensic Tools @
  • 18. Cookies @
  • 21. Managing Flash Cookies http://www.macromedia.com/support/ documentation/en/flashplayer/help/ settings_manager07.html @
  • 22. Referer (sic) •adsl-75-18-132-43.dsl.pltn13.sbcglobal.net - - [10/Nov/2009:14:50:56 -0800] "GET / wireless.html HTTP/1.1" 200 29149 "http://bengross.com/voip.html" "Mozilla/ 5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9" @
  • 23. Leaky Headers On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy and Craig Wills @
  • 24. More Options •URL Munging and Session IDs in URL •Flash Cookies/Local Shared Object •Silverlight Cookies •Virtual Page Views, Event (Google Analytics) User Defined Values @
  • 25. Synthetic IDs •Everything in the Referer header can be used to for a synthetic identifier. •The User Agent is a good source •IP addresses if you have them •Screen dimensions, user agent •Hash of IP address/remote ports @
  • 26. Other Sources of Bits •Last Modified and ETag headers •HTTP Keepalive •SSL Session IDs •TCP Timestamps @
  • 27. The Art of Being Lost •“We do not collect personal contact information from visitors to your website. Personal contact information means billing address, physical address, individual name, email address, etc.” (OpenTracker.com) @
  • 28. Netflix Data Released •Dataset contains 100,480,507 movie ratings, created by 480,189 Netflix subscribers between December 1999 and December 2005. •“...all customer identifying information has been removed; all that remains are ratings and dates. This follows our privacy policy...” •No unique identifiers or quasi-identifiers @
  • 29. You Only Need Two •Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov •IMBD as a source of entropy •“With 8 movie ratings (of which 2 may be completely wrong) and dates that may have a 14-day error, 99% of records can be uniquely identified in the dataset.” @
  • 30. It comes down to this “Q: If you don't publicly rate movies on IMDb and similar forums, there is nothing to worry about. A: ...you should not ever mention any movies you watched prior to 2005 on a public blog or website. Everybody who was a Netflix subscriber prior to 2005 should restrain themselves from these activities... We do not think this is a feasible privacy policy.” FAQ “How to Break Anonymity of the Netflix Prize Dataset” @
  • 31. Guessing Your SSN •Predicting Social Security Numbers from Public Data by Alessandro Acquisti and Ralph Gross •...I’ll just need the last 4 of your SSN for verification purposes... •“...we accurately predicted the first 5 digits of 2% of California records with 1980 birthdays, and 90% of Vermont records with 1995 birthdays.” @
  • 32. Disclosure and UI •“Facebook Beacon is a way for you to bring actions you take online into Facebook. Beacon works by allowing affiliate websites to send stories about actions you take to Facebook.” •Launched November 2007 •Class action lawsuit August 2008 •Shut down September 2009 @
  • 33. Opt Out: First Try @
  • 35. Evasion •Ghostery •Opt Out Tools •Ad Blockers/Flash Blockers •HTTP Cookie/LSO Managers •Header Modification Tools •Proxies/Tor @
  • 36. @
  • 37. @
  • 38. @
  • 39. @
  • 40. What’s Next? •Geolocation •Roll up for more large collections •More of addition bits need for de- anonymization available via social networks @
  • 41. @ Ben Gross University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @