Researchers say 'anonymous' advert data can be tied to users

Project shows how compromising data could be used in blackmail attempts

Data protection

Researchers have reportedly been able to link data gathered by companies creating targeted adverts to individual users, including the drug preferences of a politician and the porn habits of a judge.

German researchers Svea Eckert and Andreas Dewes revealed their findings at the Def Con hacking conference in Las Vegas over the weekend, showing that browsing data known as "clickstreams", used by companies to create targeted adverts, can be easily tied to individual users, according to the BBC.

Advertisement - Article continues below

Companies are able to gather reams of a user's search history to customise display adverts, but any identifiable data related to the individual is supposed to be removed.

Although this data is normally anonymised, the pair demonstrated that discovering the identity of the person is "trivial", arguing marketing companies that collect the data are not doing enough to ensure it's protected.

"What these companies are doing is illegal in Europe but they do not care," said Eckert.

Datasets typically record a list of every site and link clicked by a user, and assign the history to a customer identifier in order to generate appropriate ad content. The researchers demonstrated that by using this identifier and public information shared across social media sites, it was possible to correlate the data with an individual.

Advertisement
Advertisement - Article continues below

Users sharing links through Twitter, announcing to their friends which YouTube videos they were watching, or sharing which items they have just bought online, could all be used to accurately pinpoint users and their history. Once paired, their entire search history could be viewed and potentially exposed.

Advertisement - Article continues below

"With only a few domains you can quickly drill down into the data to just a few users," said Dewes. "The public information about users is growing so it's getting easier to find the information to do the de-anonymisation."

In some particularly alarming cases, clickstreams would even contain links to a user's social media page, which would directly reveal who the search history belonged to. One data set revealed the porn browsing habits of an individual who was later discovered to be a judge. 

"This could be so creepy to abuse," said Eckert. "You could have an address book and just look up people by their names and see everything they did. After the research project we deleted the data because we did not want to have it close to our hands anymore. We were scared that we would be hacked."

While these specific search histories revealed nothing incriminating, the risk that users could be blackmailed is far more likely should the data fall into the wrong hands.

Advertisement - Article continues below

Under the UK's Investigatory Powers Act, ISPs are forced to collect and store the browsing histories of everyone in the UK for up to one year, in the event data is required to support criminal investigations. Technology companies argued at the time of its enactment that this would weaken encryption as a result. 

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020