SlideShare une entreprise Scribd logo

(Ab)using Identifiers: Indiscernibility of Identity

BayCHI
BayCHI

Ben Gross at BayCHI November 10, 2009

FormationTechnologie
1  sur  41
Télécharger pour lire hors ligne
(Ab)using Identifiers @ Ben Gross BayCHI 2009-11-10 University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @
@
Why I am interested @ bengross@gmail.com bgross@uiuc.edu @bengross bgross@acm.org bgross@bgross.com http://bengross.com http://flickr.com/bengross bgross@ischool.berkeley.edu http://facebook.com/bengross bgross@messagingnews.com @
How many @ Email addresses Web site logins Instant Social network messenger IDs profiles Domain names Phone numbers Do you have? @
All your @’s are belong to us @
Why you might care •Usability implications •Productivity implications •Security implications •Employee satisfaction @
How did I get here? •“I only have one email address...” •“Well, except that one I only use for...” •“And that other one I use with...” @
Half a million users “... average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.” Dinei Florêncio and Cormac Herley. A Large- Scale Study of Web Password Habits. WWW ’07 @
Population •Qualitative in-depth interview study •44 people across two Bay Area firms •Financial services firm (regulated) •Design firm (unregulated) • @
Data • Financial services • Average # of email addresses = 1.8 min 1 / max 4. IM = 1.8 min 1 / max 4 • Design Firm • Average # of email addresses = 3.6 min 1 / max 10 IM = 1.7 min 1 / max 3 • Combined total • Average = 3.3 @
“The individual in ordinary work situations presents himself and his activity to others, the ways in which he guides and controls the impression they form of him and the kinds of things he may and may not do while sustaining his performance before them.” Erving Goffman Presentation of Self in Everyday Life, 1959. @
Why more than one? @
Social factors •“I knew that my college one wasn't forever, so I wanted something more permanent after I graduated.” •“...I didn't like the name that I picked when it was my first email.” •“...you just say oh my first name and last name at gmail.com ... something easy to remember.” @
Technical factors •Namespace saturation AKA the jimsm1th77@hotmail.com problem •Firewalls and VPNs AKA “They don’t let me use Hotmail at work...” •Configuration problems AKA “What does SMTP-AUTH with MD5 checksums on port 567 mean?” @
Regulatory factors @
It’s Just Data... “We’re an information economy. They teach you that in school. What they don't tell you is that it's impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments that can be retrieved amplified...” William Gibson Johnny Mnemonic @
What’s Underneath? •Developer Tools •FireBug/FireCookie •Safari Web Inspector •Charles Proxy/HTTP Analyzer •Forensic Tools @
Cookies @
More detail @
Bake Your Own @
Managing Flash Cookies http://www.macromedia.com/support/ documentation/en/flashplayer/help/ settings_manager07.html @
Referer (sic) •adsl-75-18-132-43.dsl.pltn13.sbcglobal.net - - [10/Nov/2009:14:50:56 -0800] "GET / wireless.html HTTP/1.1" 200 29149 "http://bengross.com/voip.html" "Mozilla/ 5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9" @
Leaky Headers On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy and Craig Wills @
More Options •URL Munging and Session IDs in URL •Flash Cookies/Local Shared Object •Silverlight Cookies •Virtual Page Views, Event (Google Analytics) User Defined Values @
Synthetic IDs •Everything in the Referer header can be used to for a synthetic identifier. •The User Agent is a good source •IP addresses if you have them •Screen dimensions, user agent •Hash of IP address/remote ports @
Other Sources of Bits •Last Modified and ETag headers •HTTP Keepalive •SSL Session IDs •TCP Timestamps @
The Art of Being Lost •“We do not collect personal contact information from visitors to your website. Personal contact information means billing address, physical address, individual name, email address, etc.” (OpenTracker.com) @
Netflix Data Released •Dataset contains 100,480,507 movie ratings, created by 480,189 Netflix subscribers between December 1999 and December 2005. •“...all customer identifying information has been removed; all that remains are ratings and dates. This follows our privacy policy...” •No unique identifiers or quasi-identifiers @
You Only Need Two •Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov •IMBD as a source of entropy •“With 8 movie ratings (of which 2 may be completely wrong) and dates that may have a 14-day error, 99% of records can be uniquely identified in the dataset.” @
It comes down to this “Q: If you don't publicly rate movies on IMDb and similar forums, there is nothing to worry about. A: ...you should not ever mention any movies you watched prior to 2005 on a public blog or website. Everybody who was a Netflix subscriber prior to 2005 should restrain themselves from these activities... We do not think this is a feasible privacy policy.” FAQ “How to Break Anonymity of the Netflix Prize Dataset” @
Guessing Your SSN •Predicting Social Security Numbers from Public Data by Alessandro Acquisti and Ralph Gross •...I’ll just need the last 4 of your SSN for verification purposes... •“...we accurately predicted the first 5 digits of 2% of California records with 1980 birthdays, and 90% of Vermont records with 1995 birthdays.” @
Disclosure and UI •“Facebook Beacon is a way for you to bring actions you take online into Facebook. Beacon works by allowing affiliate websites to send stories about actions you take to Facebook.” •Launched November 2007 •Class action lawsuit August 2008 •Shut down September 2009 @
Opt Out: First Try @
Opt Out: Second Try @
Evasion •Ghostery •Opt Out Tools •Ad Blockers/Flash Blockers •HTTP Cookie/LSO Managers •Header Modification Tools •Proxies/Tor @
@
@
@
@
What’s Next? •Geolocation •Roll up for more large collections •More of addition bits need for de- anonymization available via social networks @
@ Ben Gross University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @

Recommandé

Searching the Internet
Searching the InternetSearching the Internet
Searching the Internetharoldtaylor1113
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Bohyun Kim
 
Computer basics #3
Computer basics #3Computer basics #3
Computer basics #3Bryan Boettcher
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101Amit Ranjan
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 

Recommandé

Searching the Internet
Searching the InternetSearching the Internet
Searching the Internetharoldtaylor1113
 
Internet and Social Media for Beginners
Internet and Social Media for BeginnersInternet and Social Media for Beginners
Internet and Social Media for Beginnersbecarreno
 
Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Coding 101: A hands-on introduction
Coding 101: A hands-on introduction Bohyun Kim
 
Computer basics #3
Computer basics #3Computer basics #3
Computer basics #3Bryan Boettcher
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101Amit Ranjan
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A VerbAndy Smith
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
 
Fighting Spam at Flickr
Fighting Spam at FlickrFighting Spam at Flickr
Fighting Spam at FlickrMikhail Panchenko
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT studentsArvind Devaraj
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracySarah Uthoff
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Internet basics
Internet basicsInternet basics
Internet basicsi360 staffing and training solutions
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientationmohannadalhanahnah
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIBayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITBayCHI
 

Contenu connexe

Similaire à (Ab)using Identifiers: Indiscernibility of Identity

Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A VerbAndy Smith
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Justin Denton
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT studentsArvind Devaraj
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracySarah Uthoff
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientationmohannadalhanahnah
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 

Similaire à (Ab)using Identifiers: Indiscernibility of Identity (20)

DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Friend is Not A Verb
Friend is Not A VerbFriend is Not A Verb
Friend is Not A Verb
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
 
Fighting Spam at Flickr
Fighting Spam at FlickrFighting Spam at Flickr
Fighting Spam at Flickr
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
 
Career options for CS and IT students
Career options for CS and IT studentsCareer options for CS and IT students
Career options for CS and IT students
 
Digital Natives? Basics of Information Literacy
Digital Natives? Basics of Information LiteracyDigital Natives? Basics of Information Literacy
Digital Natives? Basics of Information Literacy
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Internet basics
Internet basicsInternet basics
Internet basics
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart Cards
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guide
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile Dead
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Information Security Awareness Orientation
Information Security Awareness OrientationInformation Security Awareness Orientation
Information Security Awareness Orientation
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart Parent
 
Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 

Plus de BayCHI

The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIBayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITBayCHI
 
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...BayCHI
 
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...BayCHI
 
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoScot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoBayCHI
 
Jared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonJared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonBayCHI
 
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsLuke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsBayCHI
 
Jeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindJeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindBayCHI
 
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...BayCHI
 
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsDesigning Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsBayCHI
 
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordElaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordBayCHI
 
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...BayCHI
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchBayCHI
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchBayCHI
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...BayCHI
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...BayCHI
 
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesJoy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesBayCHI
 
BayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI
 
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingTaming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingBayCHI
 
Aiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldAiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldBayCHI
 

Plus de BayCHI (20)

The Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHIThe Importance of Facial Features, Gretchen Anderson at BayCHI
The Importance of Facial Features, Gretchen Anderson at BayCHI
 
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare ITChris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
Chris Longhurst at BayCHI: Unintended Consequences of Healthcare IT
 
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
Peter Merholz at BayCHI July 8, 2008: Creating Great Products and Services in...
 
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
Xianhang Zhang: Lessons from Social Software: From Facebook to Face to Face D...
 
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/DjangoScot Hacker: Building a Killer Bucketlist Site with Python/Django
Scot Hacker: Building a Killer Bucketlist Site with Python/Django
 
Jared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The AmazonJared Spool: Revealing Design Treasures from The Amazon
Jared Spool: Revealing Design Treasures from The Amazon
 
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static FormsLuke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
Luke Wroblewski at BayCHI IxD BOF: Input: Moving Beyond Static Forms
 
Jeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in MindJeff Johnson at BayCHI: Designing with the Mind in Mind
Jeff Johnson at BayCHI: Designing with the Mind in Mind
 
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
Mindset for Achievement: How to Boost Achievement and Fulfillment Through Min...
 
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-PatternsDesigning Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
Designing Social Interfaces: 5 Principles, 5 Practices, 5 Anti-Patterns
 
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the HarpsichordElaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
Elaine Wherry, Meebo: What Web Application Design Can Learn from the Harpsichord
 
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
Scott MacKenzie at BayCHI: Evaluating Eye Tracking Systems for Computer Data ...
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote Research
 
Juliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote ResearchJuliette Melton at BayCHI: Real World Remote Research
Juliette Melton at BayCHI: Real World Remote Research
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
 
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
Conrad Albrecht-Buehler at BayCHI: Heed or: How I Learned to Stop Monitoring ...
 
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective LivesJoy Mountford at BayCHI: Visualizations of Our Collective Lives
Joy Mountford at BayCHI: Visualizations of Our Collective Lives
 
BayCHI: Wikimania Redux
BayCHI: Wikimania ReduxBayCHI: Wikimania Redux
BayCHI: Wikimania Redux
 
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design ThinkingTaming Complexity and Sparking Innovation Through Ideation and Design Thinking
Taming Complexity and Sparking Innovation Through Ideation and Design Thinking
 
Aiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business WorldAiming for Innovation: Living Design in a Business World
Aiming for Innovation: Living Design in a Business World
 

Dernier

USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 

Dernier (20)

USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 

(Ab)using Identifiers: Indiscernibility of Identity

  • 1. (Ab)using Identifiers @ Ben Gross BayCHI 2009-11-10 University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @
  • 2. @
  • 3. Why I am interested @ bengross@gmail.com bgross@uiuc.edu @bengross bgross@acm.org bgross@bgross.com http://bengross.com http://flickr.com/bengross bgross@ischool.berkeley.edu http://facebook.com/bengross bgross@messagingnews.com @
  • 4. How many @ Email addresses Web site logins Instant Social network messenger IDs profiles Domain names Phone numbers Do you have? @
  • 5. All your @’s are belong to us @
  • 6. Why you might care •Usability implications •Productivity implications •Security implications •Employee satisfaction @
  • 7. How did I get here? •“I only have one email address...” •“Well, except that one I only use for...” •“And that other one I use with...” @
  • 8. Half a million users “... average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.” Dinei Florêncio and Cormac Herley. A Large- Scale Study of Web Password Habits. WWW ’07 @
  • 9. Population •Qualitative in-depth interview study •44 people across two Bay Area firms •Financial services firm (regulated) •Design firm (unregulated) • @
  • 10. Data • Financial services • Average # of email addresses = 1.8 min 1 / max 4. IM = 1.8 min 1 / max 4 • Design Firm • Average # of email addresses = 3.6 min 1 / max 10 IM = 1.7 min 1 / max 3 • Combined total • Average = 3.3 @
  • 11. “The individual in ordinary work situations presents himself and his activity to others, the ways in which he guides and controls the impression they form of him and the kinds of things he may and may not do while sustaining his performance before them.” Erving Goffman Presentation of Self in Everyday Life, 1959. @
  • 12. Why more than one? @
  • 13. Social factors •“I knew that my college one wasn't forever, so I wanted something more permanent after I graduated.” •“...I didn't like the name that I picked when it was my first email.” •“...you just say oh my first name and last name at gmail.com ... something easy to remember.” @
  • 14. Technical factors •Namespace saturation AKA the jimsm1th77@hotmail.com problem •Firewalls and VPNs AKA “They don’t let me use Hotmail at work...” •Configuration problems AKA “What does SMTP-AUTH with MD5 checksums on port 567 mean?” @
  • 16. It’s Just Data... “We’re an information economy. They teach you that in school. What they don't tell you is that it's impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments that can be retrieved amplified...” William Gibson Johnny Mnemonic @
  • 17. What’s Underneath? •Developer Tools •FireBug/FireCookie •Safari Web Inspector •Charles Proxy/HTTP Analyzer •Forensic Tools @
  • 18. Cookies @
  • 21. Managing Flash Cookies http://www.macromedia.com/support/ documentation/en/flashplayer/help/ settings_manager07.html @
  • 22. Referer (sic) •adsl-75-18-132-43.dsl.pltn13.sbcglobal.net - - [10/Nov/2009:14:50:56 -0800] "GET / wireless.html HTTP/1.1" 200 29149 "http://bengross.com/voip.html" "Mozilla/ 5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9" @
  • 23. Leaky Headers On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy and Craig Wills @
  • 24. More Options •URL Munging and Session IDs in URL •Flash Cookies/Local Shared Object •Silverlight Cookies •Virtual Page Views, Event (Google Analytics) User Defined Values @
  • 25. Synthetic IDs •Everything in the Referer header can be used to for a synthetic identifier. •The User Agent is a good source •IP addresses if you have them •Screen dimensions, user agent •Hash of IP address/remote ports @
  • 26. Other Sources of Bits •Last Modified and ETag headers •HTTP Keepalive •SSL Session IDs •TCP Timestamps @
  • 27. The Art of Being Lost •“We do not collect personal contact information from visitors to your website. Personal contact information means billing address, physical address, individual name, email address, etc.” (OpenTracker.com) @
  • 28. Netflix Data Released •Dataset contains 100,480,507 movie ratings, created by 480,189 Netflix subscribers between December 1999 and December 2005. •“...all customer identifying information has been removed; all that remains are ratings and dates. This follows our privacy policy...” •No unique identifiers or quasi-identifiers @
  • 29. You Only Need Two •Robust De-anonymization of Large Sparse Datasets by Arvind Narayanan and Vitaly Shmatikov •IMBD as a source of entropy •“With 8 movie ratings (of which 2 may be completely wrong) and dates that may have a 14-day error, 99% of records can be uniquely identified in the dataset.” @
  • 30. It comes down to this “Q: If you don't publicly rate movies on IMDb and similar forums, there is nothing to worry about. A: ...you should not ever mention any movies you watched prior to 2005 on a public blog or website. Everybody who was a Netflix subscriber prior to 2005 should restrain themselves from these activities... We do not think this is a feasible privacy policy.” FAQ “How to Break Anonymity of the Netflix Prize Dataset” @
  • 31. Guessing Your SSN •Predicting Social Security Numbers from Public Data by Alessandro Acquisti and Ralph Gross •...I’ll just need the last 4 of your SSN for verification purposes... •“...we accurately predicted the first 5 digits of 2% of California records with 1980 birthdays, and 90% of Vermont records with 1995 birthdays.” @
  • 32. Disclosure and UI •“Facebook Beacon is a way for you to bring actions you take online into Facebook. Beacon works by allowing affiliate websites to send stories about actions you take to Facebook.” •Launched November 2007 •Class action lawsuit August 2008 •Shut down September 2009 @
  • 33. Opt Out: First Try @
  • 35. Evasion •Ghostery •Opt Out Tools •Ad Blockers/Flash Blockers •HTTP Cookie/LSO Managers •Header Modification Tools •Proxies/Tor @
  • 36. @
  • 37. @
  • 38. @
  • 39. @
  • 40. What’s Next? •Geolocation •Roll up for more large collections •More of addition bits need for de- anonymization available via social networks @
  • 41. @ Ben Gross University of Illinois Urbana Champaign Library and Information Science bgross@acm.org http://bengross.com/ @