Researchers warn of browser plug-ins harvesting ‘dark data’

One plug-in that claimed to help users identify trusted websites was selling on their data

It is relatively easy to gather and de-anonymise browsing data to reveal what anyone gets up to online

It is relatively easy to gather and de-anonymise browsing data to reveal what anyone gets up to online

 

“There are hundreds of companies ... trying to get their hands on your personal data, often with illegal methods. Most of them keep their data to themselves, some exchange it, but a few sell it to anyone who’s willing to pay,” blogs freelance journalist Svea Eckert, one of two researchers who presented their work at hacker convention Def Con 25 in Las Vegas last weekend.

Eckert and data scientist Andreas Dewes have spent the past year working on a project to demonstrate how relatively easy it is to gather and de-anonymise browsing data to reveal what anyone (this includes you) gets up to online.

A combination of social engineering, data science, and simply buying data from some of these companies led to the creation of a database of the browsing habits or “clickstreams” of three million German citizens, including politicians and public figures, which the pair were able to identify using various data analysis techniques.

Most of this data, they revealed, is gathered through browser plug-ins. One culprit they named was Web Of Trust, a free plug-in claiming to help users identify trusted websites that was gathering and selling on user data in the background.