This is the video of the talk titled "Contemporary Profiling of Web Users
" by Dominik Herrmann and Lexi given at the 27th Chaos Communication Congress
This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity.
We will show, amongst others: * ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits.
We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. * traffic analysis and fingerprinting attacks on users of anonymizing networks.
Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.