February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Andre Yee
Andre Yee's Security Insider
 An open dialogue about security and compliance for the enterprise.

« Phishing Scams on the Rise | Main | McAfee Acquires Citadel Security »

October 03, 2006
Clickprinting - The End of Anonymity on the Web?

Surfing on the web has always provided the individual with the cloak of anonymity. To paraphrase a popular commercial - "whatever is done on the web, stays on the web"...until now.

There are a number of emerging technologies that threaten to render anonymous web surfing a thing of the past. Clickprinting is one such technology. In a recent article on The Guardian, clickprinting is described as a "a unique pattern of web surfing behavior based on actions such as the number of pages viewed per session, the number of minutes spent on each page, the time or day of the week the page is visited, and so on".

Professor Professor Balaji Padmanabhan ( Wharton School at the University of Pennsylvania) and Professor Catherine Yang (Graduate School of Management at the University of California, Davis) assert that over a number of sessions, it is possible to distinguish patterns of web surfing that can uniquely identify a particular individual.

"Our main finding is that even trivial features in an internet session can distinguish users," Padmanabhan told the Wharton Review. "People do seem to have individual browsing behaviors." The duo found that anywhere from three to 16 sessions are needed to identify an individual's clickprint.

"The paper is really a proof of concept that behavior and minimal information can be used to identify users," says Yang. In one example, they found thatfrom just seven aggregated sessions they could distinguish between two different surfers with a confidence of 86.7%. Given 51 sessions, the confidence level rose to 99.4%.

Why the interest in this technology? It is anticipated that clickprinting can help identify eCommerce companies reduce the probability for fraud by identifying inconsistent user behavior. The notion is that even if someone gained access to your login information, their behavior may give them away and hence alert the eCommerce company of a possible fraud in play. I'm not sure if it'll work that well in practice but clickprinting is certainly worthy of note.

Of course, the idea of fingerprinting anonymous surfers isn't anything new. At the Black Hat Briefings in Las Vegas, Dr. Neal Krawetz, of Hacker Factor Solutions noted how gender, nationality and other attributes can be identified by non-classical forensic methods. This include analysis of text posted on blogs, listservs and forums. Dr. Krawetz cautions that this approach is only 60-70% accurate but it offers clues when you're tracking down a malicious hacker. If you're interested, you can checkout his presentation here.

Posted by andreyee in Odds and Ends |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/749

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
RSS Subscription

Recent Posts
Categories
Archives
Blog Roll
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map