SlideShare uma empresa Scribd logo

(Ab)using Identifiers: Indiscernibility of Identity

BayCHI
BayCHI

Ben Gross at BayCHI November 10, 2009

EducaçãoTecnologia
1 de 41
Baixar para ler offline
(Ab)using Identifiers @ Ben Gross BayCHI 2009-11-10 University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @
@
Why I am interested @ bengross@gmail.com bgross@uiuc.edu @bengross bgross@acm.org bgross@bgross.com http://bengross.com http://flickr.com/bengross bgross@ischool.berkeley.edu http://facebook.com/bengross bgross@messagingnews.com @
How many @ Email addresses Web site logins Instant Social network messenger IDs profiles Domain names Phone numbers Do you have? @
All your @’s are belong to us @
Why you might care •Usability implications •Productivity implications •Security implications •Employee satisfaction @
How did I get here? •“I only have one email address...” •“Well, except that one I only use for...” •“And that other one I use with...” @
Half a million users “... average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.” Dinei Florêncio and Cormac Herley. A Large- Scale Study of Web Password Habits. WWW ’07 @
Population •Qualitative in-depth interview study •44 people across two Bay Area firms •Financial services firm (regulated) •Design firm (unregulated) • @
Data • Financial services • Average # of email addresses = 1.8 min 1 / max 4. IM = 1.8 min 1 / max 4 • Design Firm • Average # of email addresses = 3.6 min 1 / max 10 IM = 1.7 min 1 / max 3 • Combined total • Average = 3.3 @
“The individual in ordinary work situations presents himself and his activity to others, the ways in which he guides and controls the impression they form of him and the kinds of things he may and may not do while sustaining his performance before them.” Erving Goffman Presentation of Self in Everyday Life, 1959. @
Why more than one? @
Social factors •“I knew that my college one wasn't forever, so I wanted something more permanent after I graduated.” •“...I didn't like the name that I picked when it was my first email.” •“...you just say oh my first name and last name at gmail.com ... something easy to remember.” @
Technical factors •Namespace saturation AKA the jimsm1th77@hotmail.com problem •Firewalls and VPNs AKA “They don’t let me use Hotmail at work...” •Configuration problems AKA “What does SMTP-AUTH with MD5 checksums on port 567 mean?” @
Regulatory factors @
It’s Just Data... “We’re an information economy. They teach you that in school. What they don't tell you is that it's impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments that can be retrieved amplified...” William Gibson Johnny Mnemonic @
What’s Underneath? •Developer Tools •FireBug/FireCookie •Safari Web Inspector •Charles Proxy/HTTP Analyzer •Forensic Tools @
Cookies @
More detail @
Bake Your Own @
Managing Flash Cookies http://www.macromedia.com/support/ documentation/en/flashplayer/help/ settings_manager07.html @
Referer (sic) •adsl-75-18-132-43.dsl.pltn13.sbcglobal.net - - [10/Nov/2009:14:50:56 -0800] "GET / wireless.html HTTP/1.1" 200 29149 "http://bengross.com/voip.html" "Mozilla/ 5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9" @
Leaky Headers On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy and Craig Wills @
More Options •URL Munging and Session IDs in URL •Flash Cookies/Local Shared Object •Silverlight Cookies •Virtual Page Views, Event (Google Analytics) User Defined Values @
Synthetic IDs •Everything in the Referer header can be used to for a synthetic identifier. •The User Agent is a good source •IP addresses if you have them •Screen dimensions, user agent •Hash of IP address/remote ports @
Other Sources of Bits •Last Modified and ETag headers •HTTP Keepalive •SSL Session IDs •TCP Timestamps @
The Art of Being Lost •“We do not collect personal contact information from visitors to your website. Personal contact information means billing address, physical address, individual name, email address, etc.” (OpenTracker.com) @
Netflix Data Released •Dataset contains 100,480,507 movie ratings, created by 480,189 Netflix subscribers between December 1999 and December 2005. •“...all customer identifying information has been removed; all that remains are ratings and dates. This follows our privacy policy...” •No unique identifiers or quasi-identifiers @
You Only Need Two •Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov •IMBD as a source of entropy •“With 8 movie ratings (of which 2 may be completely wrong) and dates that may have a 14-day error, 99% of records can be uniquely identified in the dataset.” @
It comes down to this “Q: If you don't publicly rate movies on IMDb and similar forums, there is nothing to worry about. A: ...you should not ever mention any movies you watched prior to 2005 on a public blog or website. Everybody who was a Netflix subscriber prior to 2005 should restrain themselves from these activities... We do not think this is a feasible privacy policy.” FAQ “How to Break Anonymity of the Netflix Prize Dataset” @
Guessing Your SSN •Predicting Social Security Numbers from Public Data by Alessandro Acquisti and Ralph Gross •...I’ll just need the last 4 of your SSN for verification purposes... •“...we accurately predicted the first 5 digits of 2% of California records with 1980 birthdays, and 90% of Vermont records with 1995 birthdays.” @
Disclosure and UI •“Facebook Beacon is a way for you to bring actions you take online into Facebook. Beacon works by allowing affiliate websites to send stories about actions you take to Facebook.” •Launched November 2007 •Class action lawsuit August 2008 •Shut down September 2009 @
Opt Out: First Try @
Opt Out: Second Try @
Evasion •Ghostery •Opt Out Tools •Ad Blockers/Flash Blockers •HTTP Cookie/LSO Managers •Header Modification Tools •Proxies/Tor @
@
@
@
@
What’s Next? •Geolocation •Roll up for more large collections •More of addition bits need for de- anonymization available via social networks @
@ Ben Gross University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @

Recomendados

Searching the Internet
Searching the InternetSearching the Internet
Searching the Internetharoldtaylor1113
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Bohyun Kim
 
Computer basics #3
Computer basics #3Computer basics #3
Computer basics #3Bryan Boettcher
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101Amit Ranjan
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 

Recomendados

Searching the Internet
Searching the InternetSearching the Internet
Searching the Internetharoldtaylor1113
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Bohyun Kim
 
Computer basics #3
Computer basics #3Computer basics #3
Computer basics #3Bryan Boettcher
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101Amit Ranjan
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A VerbAndy Smith
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
 
Fighting Spam at Flickr
Fighting Spam at FlickrFighting Spam at Flickr
Fighting Spam at FlickrMikhail Panchenko
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT studentsArvind Devaraj
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracySarah Uthoff
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Internet basics
Internet basicsInternet basics
Internet basicsi360 staffing and training solutions
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientationmohannadalhanahnah
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIBayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITBayCHI
 

Mais conteúdo relacionado

Semelhante a (Ab)using Identifiers: Indiscernibility of Identity

Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A VerbAndy Smith
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT studentsArvind Devaraj
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracySarah Uthoff
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientationmohannadalhanahnah
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 

Semelhante a (Ab)using Identifiers: Indiscernibility of Identity (20)

DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A Verb
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
 
Fighting Spam at Flickr
Fighting Spam at FlickrFighting Spam at Flickr
Fighting Spam at Flickr
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT students
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information Literacy
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Internet basics
Internet basicsInternet basics
Internet basics
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart Cards
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guide
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile Dead
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientation
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart Parent
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 

Mais de BayCHI

The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIBayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITBayCHI
 
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...BayCHI
 
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...BayCHI
 
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoScot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoBayCHI
 
Jared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonJared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonBayCHI
 
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsLuke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsBayCHI
 
Jeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindJeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindBayCHI
 
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...BayCHI
 
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsDesigning Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsBayCHI
 
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordElaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordBayCHI
 
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...BayCHI
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchBayCHI
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchBayCHI
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...BayCHI
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...BayCHI
 
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesJoy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesBayCHI
 
BayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI
 
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingTaming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingBayCHI
 
Aiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldAiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldBayCHI
 

Mais de BayCHI (20)

The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
 
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
 
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
 
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoScot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
 
Jared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonJared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The Amazon
 
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsLuke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
 
Jeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindJeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in Mind
 
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
 
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsDesigning Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
 
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordElaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
 
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote Research
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote Research
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
 
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesJoy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
 
BayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI: Wikimania Redux
BayCHI: Wikimania Redux
 
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingTaming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
 
Aiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldAiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business World
 

Último

Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxAnupam32727
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesVijayaLaxmi84
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxAneriPatwari
 

Último (20)

Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their uses
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptx
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 

(Ab)using Identifiers: Indiscernibility of Identity

  • 1. (Ab)using Identifiers @ Ben Gross BayCHI 2009-11-10 University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @
  • 2. @
  • 3. Why I am interested @ bengross@gmail.com bgross@uiuc.edu @bengross bgross@acm.org bgross@bgross.com http://bengross.com http://flickr.com/bengross bgross@ischool.berkeley.edu http://facebook.com/bengross bgross@messagingnews.com @
  • 4. How many @ Email addresses Web site logins Instant Social network messenger IDs profiles Domain names Phone numbers Do you have? @
  • 5. All your @’s are belong to us @
  • 6. Why you might care •Usability implications •Productivity implications •Security implications •Employee satisfaction @
  • 7. How did I get here? •“I only have one email address...” •“Well, except that one I only use for...” •“And that other one I use with...” @
  • 8. Half a million users “... average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.” Dinei Florêncio and Cormac Herley. A Large- Scale Study of Web Password Habits. WWW ’07 @
  • 9. Population •Qualitative in-depth interview study •44 people across two Bay Area firms •Financial services firm (regulated) •Design firm (unregulated) • @
  • 10. Data • Financial services • Average # of email addresses = 1.8 min 1 / max 4. IM = 1.8 min 1 / max 4 • Design Firm • Average # of email addresses = 3.6 min 1 / max 10 IM = 1.7 min 1 / max 3 • Combined total • Average = 3.3 @
  • 11. “The individual in ordinary work situations presents himself and his activity to others, the ways in which he guides and controls the impression they form of him and the kinds of things he may and may not do while sustaining his performance before them.” Erving Goffman Presentation of Self in Everyday Life, 1959. @
  • 12. Why more than one? @
  • 13. Social factors •“I knew that my college one wasn't forever, so I wanted something more permanent after I graduated.” •“...I didn't like the name that I picked when it was my first email.” •“...you just say oh my first name and last name at gmail.com ... something easy to remember.” @
  • 14. Technical factors •Namespace saturation AKA the jimsm1th77@hotmail.com problem •Firewalls and VPNs AKA “They don’t let me use Hotmail at work...” •Configuration problems AKA “What does SMTP-AUTH with MD5 checksums on port 567 mean?” @
  • 16. It’s Just Data... “We’re an information economy. They teach you that in school. What they don't tell you is that it's impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments that can be retrieved amplified...” William Gibson Johnny Mnemonic @
  • 17. What’s Underneath? •Developer Tools •FireBug/FireCookie •Safari Web Inspector •Charles Proxy/HTTP Analyzer •Forensic Tools @
  • 18. Cookies @
  • 21. Managing Flash Cookies http://www.macromedia.com/support/ documentation/en/flashplayer/help/ settings_manager07.html @
  • 22. Referer (sic) •adsl-75-18-132-43.dsl.pltn13.sbcglobal.net - - [10/Nov/2009:14:50:56 -0800] "GET / wireless.html HTTP/1.1" 200 29149 "http://bengross.com/voip.html" "Mozilla/ 5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9" @
  • 23. Leaky Headers On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy and Craig Wills @
  • 24. More Options •URL Munging and Session IDs in URL •Flash Cookies/Local Shared Object •Silverlight Cookies •Virtual Page Views, Event (Google Analytics) User Defined Values @
  • 25. Synthetic IDs •Everything in the Referer header can be used to for a synthetic identifier. •The User Agent is a good source •IP addresses if you have them •Screen dimensions, user agent •Hash of IP address/remote ports @
  • 26. Other Sources of Bits •Last Modified and ETag headers •HTTP Keepalive •SSL Session IDs •TCP Timestamps @
  • 27. The Art of Being Lost •“We do not collect personal contact information from visitors to your website. Personal contact information means billing address, physical address, individual name, email address, etc.” (OpenTracker.com) @
  • 28. Netflix Data Released •Dataset contains 100,480,507 movie ratings, created by 480,189 Netflix subscribers between December 1999 and December 2005. •“...all customer identifying information has been removed; all that remains are ratings and dates. This follows our privacy policy...” •No unique identifiers or quasi-identifiers @
  • 29. You Only Need Two •Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov •IMBD as a source of entropy •“With 8 movie ratings (of which 2 may be completely wrong) and dates that may have a 14-day error, 99% of records can be uniquely identified in the dataset.” @
  • 30. It comes down to this “Q: If you don't publicly rate movies on IMDb and similar forums, there is nothing to worry about. A: ...you should not ever mention any movies you watched prior to 2005 on a public blog or website. Everybody who was a Netflix subscriber prior to 2005 should restrain themselves from these activities... We do not think this is a feasible privacy policy.” FAQ “How to Break Anonymity of the Netflix Prize Dataset” @
  • 31. Guessing Your SSN •Predicting Social Security Numbers from Public Data by Alessandro Acquisti and Ralph Gross •...I’ll just need the last 4 of your SSN for verification purposes... •“...we accurately predicted the first 5 digits of 2% of California records with 1980 birthdays, and 90% of Vermont records with 1995 birthdays.” @
  • 32. Disclosure and UI •“Facebook Beacon is a way for you to bring actions you take online into Facebook. Beacon works by allowing affiliate websites to send stories about actions you take to Facebook.” •Launched November 2007 •Class action lawsuit August 2008 •Shut down September 2009 @
  • 33. Opt Out: First Try @
  • 35. Evasion •Ghostery •Opt Out Tools •Ad Blockers/Flash Blockers •HTTP Cookie/LSO Managers •Header Modification Tools •Proxies/Tor @
  • 36. @
  • 37. @
  • 38. @
  • 39. @
  • 40. What’s Next? •Geolocation •Roll up for more large collections •More of addition bits need for de- anonymization available via social networks @
  • 41. @ Ben Gross University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @