Researchers say 'anonymous' advert data can be tied to users

Project shows how compromising data could be used in blackmail attempts

Data protection

Researchers have reportedly been able to link data gathered by companies creating targeted adverts to individual users, including the drug preferences of a politician and the porn habits of a judge.

German researchers Svea Eckert and Andreas Dewes revealed their findings at the Def Con hacking conference in Las Vegas over the weekend, showing that browsing data known as "clickstreams", used by companies to create targeted adverts, can be easily tied to individual users, according to the BBC.

Advertisement - Article continues below

Companies are able to gather reams of a user's search history to customise display adverts, but any identifiable data related to the individual is supposed to be removed.

Although this data is normally anonymised, the pair demonstrated that discovering the identity of the person is "trivial", arguing marketing companies that collect the data are not doing enough to ensure it's protected.

"What these companies are doing is illegal in Europe but they do not care," said Eckert.

Datasets typically record a list of every site and link clicked by a user, and assign the history to a customer identifier in order to generate appropriate ad content. The researchers demonstrated that by using this identifier and public information shared across social media sites, it was possible to correlate the data with an individual.

Advertisement - Article continues below

Users sharing links through Twitter, announcing to their friends which YouTube videos they were watching, or sharing which items they have just bought online, could all be used to accurately pinpoint users and their history. Once paired, their entire search history could be viewed and potentially exposed.

Advertisement - Article continues below

"With only a few domains you can quickly drill down into the data to just a few users," said Dewes. "The public information about users is growing so it's getting easier to find the information to do the de-anonymisation."

In some particularly alarming cases, clickstreams would even contain links to a user's social media page, which would directly reveal who the search history belonged to. One data set revealed the porn browsing habits of an individual who was later discovered to be a judge. 

"This could be so creepy to abuse," said Eckert. "You could have an address book and just look up people by their names and see everything they did. After the research project we deleted the data because we did not want to have it close to our hands anymore. We were scared that we would be hacked."

While these specific search histories revealed nothing incriminating, the risk that users could be blackmailed is far more likely should the data fall into the wrong hands.

Advertisement - Article continues below

Under the UK's Investigatory Powers Act, ISPs are forced to collect and store the browsing histories of everyone in the UK for up to one year, in the event data is required to support criminal investigations. Technology companies argued at the time of its enactment that this would weaken encryption as a result. 

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020