A Practical Attack to De-Anonymize Social Network Users
Source: Vienna University of Technology
Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates and have millions of registered users. In this paper, the authors introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, they show that information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is sufficient to uniquely identify this person, or, at least, to significantly reduce the set of possible candidates. That is, rather than tracking a user's browser as with cookies, it is possible to track a person. To determine the group membership of a user, they leverage well-known web browser history stealing attacks.