Mozilla: User can be identified by visiting preferred sites with 99% accuracy
Mozilla has studied the ability to identify users based on the history of visits to various sites. The magazine can be seen by unauthorized persons or various services and sites. During the study, Mozilla examined the profiles of approximately 52,000 Firefox users who agreed to participate in the project by installing the OpenWPM Firefox extension.
Data was collected from July 16 to August 13, 2019. The developers managed to get information on more than 35 million visited pages and 660 thousand domains. On average, each study participant viewed 8 domains per day.
The study consisted of two stages. In the first, Mozilla employees collected statistics on domain visits, and in the second, they tried to identify users from previously obtained data. The time interval between the two stages is 7 days. At the second stage, with a sample of 50 or more visited sites, 50% of users were identified. When the sample was increased to 150 or more domains, 80% of users were identified.
As it turned out , the uniqueness of the received website history profiles is 99%.
The authors of the project additionally examined 10,000 sites for the availability of tools for user identification. User IDs from Google were found on 9,823 sites, 7,348 from Facebook, and 5,500 from Verizon. These tools enable owners of popular resources to identify users with high probability.
The researchers noted that there are now new ways to identify users. For example, evaluating the caching of HSTS settings and analyzing the state of the visited CSS property. Also, in some cases, by enumerating popular domains in JavaScript code by estimating the time of access to resources, it was possible to find out whether the user had visited the desired site. However, cookies are still the most popular means of identifying visitors.
Mozilla notes that most users are unaware of the tools to protect against identification by site owners or others. For example, Edge and Firefox have built-in protection based on different vendor credentials blacklisting. The Tor browser periodically changes users' digital fingerprints. True, these methods in some cases lead to problems with the display of sites. Mozilla proposes to actively educate users about how to protect personal data and make extensive use of software tools to ensure privacy.