Andre Yee's Security Insider

Andre Yee

Clickprinting - The End of Anonymity on the Web?

user-pic
Vote 0 Votes

Surfing on the web has always provided the individual with the cloak of anonymity. To paraphrase a popular commercial - "whatever is done on the web, stays on the web"...until now.

There are a number of emerging technologies that threaten to render anonymous web surfing a thing of the past. Clickprinting is one such technology. In a recent article on The Guardian, clickprinting is described as a "a unique pattern of web surfing behavior based on actions such as the number of pages viewed per session, the number of minutes spent on each page, the time or day of the week the page is visited, and so on".

Professor Professor Balaji Padmanabhan ( Wharton School at the University of Pennsylvania) and Professor Catherine Yang (Graduate School of Management at the University of California, Davis) assert that over a number of sessions, it is possible to distinguish patterns of web surfing that can uniquely identify a particular individual.

"Our main finding is that even trivial features in an internet session can distinguish users," Padmanabhan told the Wharton Review. "People do seem to have individual browsing behaviors." The duo found that anywhere from three to 16 sessions are needed to identify an individual's clickprint.

"The paper is really a proof of concept that behavior and minimal information can be used to identify users," says Yang. In one example, they found thatfrom just seven aggregated sessions they could distinguish between two different surfers with a confidence of 86.7%. Given 51 sessions, the confidence level rose to 99.4%.

Why the interest in this technology? It is anticipated that clickprinting can help identify eCommerce companies reduce the probability for fraud by identifying inconsistent user behavior. The notion is that even if someone gained access to your login information, their behavior may give them away and hence alert the eCommerce company of a possible fraud in play. I'm not sure if it'll work that well in practice but clickprinting is certainly worthy of note.

Of course, the idea of fingerprinting anonymous surfers isn't anything new. At the Black Hat Briefings in Las Vegas, Dr. Neal Krawetz, of Hacker Factor Solutions noted how gender, nationality and other attributes can be identified by non-classical forensic methods. This include analysis of text posted on blogs, listservs and forums. Dr. Krawetz cautions that this approach is only 60-70% accurate but it offers clues when you're tracking down a malicious hacker. If you're interested, you can checkout his presentation here.

An open dialogue about security and compliance for the enterprise.

Andre Yee

Andre Yee is an entrepreneur and technologist with nearly 20 years of experience in the business of technology.

Recently Commented On

Recent Webinars

    Monthly Archives

    Blogs

    ADVERTISEMENT