Researchers are issuing a cautionary note on a potential method that attackers may employ to deanonymize website visitors. Additionally, they might connect the dots to gather data on other facets of the targeted customers’ online life.
The attack on de-anonymization
NJIT researchers have created a method that an attacker may use to trick a victim into loading a malicious website and obtaining precise information about the visitor.
The specifics include the visitor having control over a certain public identifier, such an email address or social media account, to connect the target visitor to a possibly personal piece of data.
In order to determine whether a target is signed into an account for sites like YouTube, Facebook, Dropbox, and Twitter, the hack examines subtle aspects of the victim’s browser behaviour.
The assaults are effective against practically all widely used browsers, including Tor Browser, which focuses on anonymity.
Conditions for the attack
A website they administer and a list of accounts connected to persons they wish to identify as having visited that site are two things this de-anonymization assault needs.
Additionally, it has to be uploaded to the platforms of the accounts on the target list, with the option to enable users to access it or to prevent them from doing so, since the attack might go both ways.
The attacker then incorporates the previously described content into the malicious website. Now that the attackers can see which people can read the content, they will be able to identify the target if they visit the website.
The Missing Component
Researchers have even recorded a variety of techniques used in the field and have seen instances when attackers were able to correctly identify specific users, but it was unclear how. They intend to report their findings at the Usenix Security Symposium in Boston the following month.
The de-anonymization hack highlights the vulnerability of the digital world and raises severe privacy issues. According to the experts, there must be significant and probably impractical adjustments made to the way processors are made. They further assert that possible chip-level adjustments may be necessary to resolve the problem.