Mozilla Proves that Browsing History Can De-Anonymize Internet Users

• Browsing histories can be matched to internet user profiles and distinctive fingerprints.
• Given enough data, someone can lift the shroud of privacy from 100% anonymized users.
• Users are advised to use a VPN, enable privacy modes on their browsers, and activate anti-tracking.

A team of researchers working for Mozilla has revisited a 2012 paper subject that proved the possibility of identifying internet users by analyzing their internet browsing histories. Unfortunately, the new study is finding the same problems at a larger scale and without the appropriate education or warnings to users on how to protect their privacy and anonymity.

The researchers used data from 52,000 Firefox users who consented to have their internet histories scraped for the study, and were able to identify 48,919 profiles that had a uniqueness level of 99%.

What this means is that if given enough data, someone can tell browsing histories apart from one another. But how much is enough? The identifiability rates ranged at around 10% when using histories from 100 sites, but increased to 80% when having sets that extent to 10,000 sites.

As we have seen in the past, there’s an extensive network of firms cooperating to exchange vast amounts of data to fingerprint users, mainly to serve users with targeted ads. Brave has previously pointed the finger to a behemoth-size tracking system consisting of 8.4 million websites belonging to 2,000 companies.

Related: Brave Browser Executive Accuses Google of GDPR Violations

Suppose this is combined with other information like IP addresses, for example, which is what ISP would hold, figuring out who is who would be a walk in the park. From there, a distinctive profile could be created around an internet user, and advertising firms (for example) could tell when that user is browsing the web even from a different IP or device.

The researchers warn that there’s a large number of companies that engage in these user fingerprinting practices, ranging from ISPs to data brokers.

All these companies allege that they use anonymized data, so they don’t feel they’re breaching their subscribers, users, or mere visitors’ privacy. For example, ISPs are routinely selling subscriber data to advertising and marketing firms, and they see nothing wrong in that. In fact, it is a perfectly legal practice since 2017, so nobody can accuse internet service providers of anything - that doesn’t mean people should simply accept their fate, though.

Internet users should activate privacy add-ons on their browsers and also enable any anti-tracking features that are available. Additionally, using a VPN to route your internet traffic through random IP addresses and encryption tunnels would be a positive practice to follow if you want to disperse your browsing history around.