A Passive Attack on the Privacy of Web Users Using Standard Log Information
In this paper, a passive attack is presented that uses information of a different network layer in the first place. It is exposed how expressive the data of the HyperText Transfer Protocol (HTTP) can be with respect to identify computers (and therefore their users). An algorithm to reidentify computers using dynamically assigned IP addresses with a certain degree of assurance is introduced. Thereafter simple countermeasures are demonstrated.
The motivation for this attack is to show the capability of passive privacy attacks using Web server log files and to propagate the use of anonymising techniques for Web users.
Keywordsprivacy anonymity user tracking and profiling World Wide Web server logs
Unable to display preview. Download preview PDF.
- 1.Fielding, R., Gettys, J., et al, J.M.: Hypertext transfer protocol-http/1.1 (1999)Google Scholar
- 2.Gold, J., Ethier, D.: One perspective on collecting data on the web. CMC-Computer-Mediated Communication Magazine 9 (1997)Google Scholar
- 3.Shen, A.: Request for participation and comment from the electronic privacy information center (epic). (1999)Google Scholar
- 4.McGregor, G.: The ppp internet protocol control protocol (ipcp) (1992)Google Scholar
- 5.Salton, G.: Automatic Text Processing: The Transformation, Analysis, and Retrieval of Information by Computer. Addison-Wesley (1989)Google Scholar
- 6.Salton, G.: Automatic Information Organization and Retrieval. McGraw-Hill (1968)Google Scholar
- 7.Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. In Rivest, R., ed.: Communication of the ACM. Volume 2. (1981) 84–88Google Scholar
- 8.Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity-a proposal for terminology. International Workshop on Design Issues in Anonymity and Unobservability LNCS 2009 (2000) 1–9Google Scholar
- 9.Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free mix routes and how to overcome them. International Workshop on Design Issues in Anonymity and Unobservability LNCS 2009 (2000) 30–45Google Scholar
- 10.: Anonymizer. (http://www.anonymizer.com/)
- 11.: Rewebber. (http://www.rewebber.com/)
- 12.Demuth, T., Rieke, A.: On securing the anonymity of content providers in the world wide web. Proceedings of SPIE 3657 (1999) 494–502Google Scholar