Social network history can reveal your identity
London: When you enrol yourself as a member on a social networking site, may be revealing more than you bargained for, an experimental website has proved.
The website has managed to identify the names of people who visit it, by harvesting information about the groups they belong to.
And the trick could act as the biggest tool for marketing teams and scammers.
The snooping site exploits the fact that your web browser keeps track of which web addresses you have visited.
Website owners can collect this information by hiding a list of web addresses in the code for their web page, reports New Scientist.
When someone accesses this page, their browser will tell the website owner which of the hidden addresses they have already visited.
Membership groups within social networks have distinct web addresses and the names of group members are publicly available.
Gilbert Wondracek at the Vienna University of Technology in Austria and his colleagues collected data on 6500 groups, containing 1.8 million users, on Xing, a business-oriented social network based in Hamburg, Germany.
On analysing the overlap between membership lists they estimated that 42 per cent of users could be uniquely identified by the groups they visit.
The researchers then built a website that read visitors` history of browsing Xing addresses.
When they asked 26 friends and colleagues who use Xing to try it, they were able to identify 15 of them.
Since Wondracek`s experiment, Xing has started adding random numbers to the addresses used to access its membership groups.
The Xing server ignores the extra numbers, but they confuse attacks by a site like Wondracek``s.
More complete protection may come in the next round of browser updates. The developers of Firefox, Chrome and Safari are working on fixes that will prevent browsing history being relayed back to website owners.
The study was presented at the IEEE Symposium on Security and Privacy in Oakland, California.