Anonymity Deanonymization & Unique Identification.

[Fixxx]

Deanonymization​

Deanonymization is the process of establishing a user's identity online or their true point of internet access. The concept of deanonymization is inseparable from the concept of anonymity. Anonymity is the ability to visit websites and perform active actions on web resources, such as leaving messages, without the possibility of linking your actions to your real identity or the location from which you access the internet. Many equate anonymity with hiding the true IP address, but this is a very simplified approach. Firstly, an attacker can conduct a JavaScript attack and, using vulnerabilities in the web browser, gain access to your device. Then, having control over the device, they may try to identify the owner based on the analysis of visited sites, the real IP address, documents and information in messengers. Secondly, a website can check for the presence of your accounts on social networks where you are logged in. If you are logged into Facebook and your real data is listed there, the website owner can obtain that information without your knowledge.

Passive and Active Deanonymization: Differences and Methods.​

Passive deanonymization is based on collecting information from publicly available sources, such as social networks, public databases and websites. An attacker gathers and analyzes available information about the target to uncover their personal data. In early January 2022, well-known Western journalist Brian Krebs de-anonymized hacker Mikhail Matveev, for whom the FBI had announced a reward of $10 million. Krebs specializes in data analysis from various sources and correlating information. His work allowed him to identify a resident of Abakan due to their careless attitude towards security and the use of unverified accounts. Active deanonymization occurs when an attacker employs active methods to gather information about a user. This can involve using malicious JavaScript or phishing. Cybercriminals aim to access information stored in the browser, such as the IP address, browsing history, saved documents and lists of social networks where the victim is registered.

Methods of Deanonymization​

An overview of the main methods of deanonymization, including the analysis of IP addresses and MAC addresses.

• Network Traffic Monitoring: Monitoring internet traffic can reveal the user's IP address and device identifiers. This is especially relevant when the user doesn't use anonymization tools such as VPNs or Tor.
• Metadata Analysis: Metadata contains information about a file or message, including date, time, location and other details. Attackers can use metadata to identify the user.
• Data Correlation: Attackers can combine information from various sources to establish the user's identity. This may include analyzing data from social networks, forums, comments and other public sources.
• Phishing: Phishing attacks involve deceiving the user to obtain their personal data, such as passwords, usernames or financial information.
• Attacks on Anonymizing Networks: For example, attacks on the Tor network may attempt to reveal the real IP addresses of users, bypassing anonymization mechanisms.
• Behavior Analysis: Attackers may analyze the user's online behavior to identify them. This can include analyzing communication style, preferences and other characteristics.
• Cookie and Session Attacks: Cookies and sessions used to track users online can be vulnerable to attacks, allowing attackers to reveal their identity.
• Social Engineering: This method involves deceiving users into revealing their personal information or information about other users.
• Malware: Attackers may use malware to gain access to the user's computer and uncover their personal data.
• Interception and Analysis of Communications: Monitoring and analyzing electronic messages and communications can also aid in deanonymization.

Protection Against Deanonymization​

Working online anonymously, without leaving a "digital footprint", is very challenging. To remain unnoticed, it's essential to be aware of the main mistakes related to disclosing personal information. Here is a brief list of recommendations:

• Avoid using the same nickname on various forums, social networks and other online resources.
• Do'nt post real photos, including childhood pictures.
• Avoid publishing photos that may reveal your location.
• Don't disclose personal data.
• Don't use payment details registered in your name.
• Set maximum privacy settings wherever possible.
• Refrain from excessive posting and sharing unnecessary information.
• Use special applications, extensions and programs to conceal your personal information.

Unique Identification​

Unique identification is the process of searching for and collecting unique browser identifiers to create a unique fingerprint that can always recognize that browser, regardless of the IP address and the data provided by the user. Unique identification typically does not aim to establish the user's identity but merely to recognize them in any situation. For example, if you visit a website where you have left your data, such as an online store, that store may have an anti-fraud system designed to protect against fraudsters. The anti-fraud system obtains a unique fingerprint of your browser and the data you provided during your order. With this information, it can recognize you on any website you visit where its scripts are present, whether you want it to or not. Currently, almost everyone spends a significant portion of their time online. This motivates companies to invest huge budgets in online advertising. For it to be effective, it's necessary to identify the same user across different websites, browsers and devices. Without such identification, it's impossible to answer key questions that are crucial for advertisers:

• Did the user click on the ad they just viewed?
• Is the person who viewed the product today the same user who saw that ad a few days ago?
• What are the interests of the user currently sitting in front of the computer and viewing advertising content?
• How many times have we shown the same ad to the same user?

Main Methods of Collecting Information About the User's Computer​

• Canvas Fingerprint: As mentioned earlier, Canvas Fingerprint is based on how the browser renders images and graphics. This method utilizes rendering differences that can be unique to each computer. Such differences may include information about the graphics card, operating system and other parameters.
• WebGL Fingerprint: This method collects information about the user's computer based on parameters and characteristics related to WebGL (Web Graphics Library), which is used in web browsers for rendering 3D graphics and visualizations on web pages.
• User-Agent String: This is a string that the browser sends to the server in the HTTP request header. It contains information about the browser version, operating system and other characteristics of the client device. While this information is not always unique, it can assist in identifying the user.
• Supercookies: These are cookies specifically designed for tracking users and are stored on their devices for extended periods. They can use various methods for identification, including IP address, browser parameters and other characteristics.
• IP Address Hashing: This method creates a unique hash based on the user's IP address. Although the IP address can change, the hash can be used to track the user even after the address changes.
• Font Fingerprint: Information about the fonts available on the user's computer can be used to create a unique identifier. Each computer may have its own set of fonts, making this method useful for tracking.

These methods can be used for both analytical and marketing purposes. However, they raise privacy concerns and users may take measures to reduce tracking, such as using privacy protection tools and adjusting browser security settings.

Main Ways to Identify Users​

• Cookies: Cookies are primarily used for three purposes:
• Session Management: Logins, shopping carts, game scores or anything else that the server needs to remember.
• Personalization: User settings, themes and other configurations.
• Tracking: Recording and analyzing user behavior.

Once, cookies were used for general storage on the client side. While this made sense when they were the only way to store data on the client, modern storage APIs are now recommended.

Device and Browser Characteristics​

• HWID (Hardware ID): This is a unique hardware fingerprint that identifies the user's device. It can only be obtained by installing software on your computer that collects data for unique identification. Device unique identification is possible due to the unique serial numbers of your computer's components. The serial number of the motherboard and the hard drive is assigned by the manufacturer and changing them is not a simple task. Even monitors and keyboards have unique serial numbers. Even if you uninstall the software, reinstall the system and then reinstall the software, it will recognize you by the same HWID generated based on the unique serial numbers of your computer's hardware. HWID and various hardware identifiers are primarily used for software licensing and anti-fraud systems.
• HTTP Entity Tag (ETag): This is part of the HTTP response header that represents a unique identifier assigned to a specific resource on the web server. ETag is used to determine changes in the resource and for caching data on the client (browser) and server side.
• Mobile Device Advertising Identifiers (IDFA, Google’s AID, Microsoft’s Advertising ID, etc.): These are unique identifiers assigned to mobile devices (smartphones and tablets) and are used to identify specific devices for advertising purposes. They are string values or numbers that help advertisers and marketers track and reach target audiences on mobile devices.

User browser unique identification is primarily used to combat fraud but can also be used for tracking and even deanonymization.