Mozilla Proves that Browsing History Can De-Anonymize Internet Users

Last updated June 28, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

A team of researchers working for Mozilla has revisited a 2012 paper subject that proved the possibility of identifying internet users by analyzing their internet browsing histories. Unfortunately, the new study is finding the same problems at a larger scale and without the appropriate education or warnings to users on how to protect their privacy and anonymity.

The researchers used data from 52,000 Firefox users who consented to have their internet histories scraped for the study, and were able to identify 48,919 profiles that had a uniqueness level of 99%.

What this means is that if given enough data, someone can tell browsing histories apart from one another. But how much is enough? The identifiability rates ranged at around 10% when using histories from 100 sites, but increased to 80% when having sets that extent to 10,000 sites.

As we have seen in the past, there’s an extensive network of firms cooperating to exchange vast amounts of data to fingerprint users, mainly to serve users with targeted ads. Brave has previously pointed the finger to a behemoth-size tracking system consisting of 8.4 million websites belonging to 2,000 companies.

Related: Brave Browser Executive Accuses Google of GDPR Violations

Suppose this is combined with other information like IP addresses, for example, which is what ISP would hold, figuring out who is who would be a walk in the park. From there, a distinctive profile could be created around an internet user, and advertising firms (for example) could tell when that user is browsing the web even from a different IP or device.

The researchers warn that there’s a large number of companies that engage in these user fingerprinting practices, ranging from ISPs to data brokers.

identifiability

Source: Mozilla study

All these companies allege that they use anonymized data, so they don’t feel they’re breaching their subscribers, users, or mere visitors’ privacy. For example, ISPs are routinely selling subscriber data to advertising and marketing firms, and they see nothing wrong in that. In fact, it is a perfectly legal practice since 2017, so nobody can accuse internet service providers of anything - that doesn’t mean people should simply accept their fate, though.

Internet users should activate privacy add-ons on their browsers and also enable any anti-tracking features that are available. Additionally, using a VPN to route your internet traffic through random IP addresses and encryption tunnels would be a positive practice to follow if you want to disperse your browsing history around.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: