Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Invisible Trails? An Identity Alignment Scheme based on Online Tracking

Ruisheng Shi, Zhiyuan Peng, Tong Fu, Lina Lan, Qin Wang, Jiaqi Zeng

TL;DR

The paper demonstrates that anonymized online tracking data can still enable cross-site identity alignment and deanonymization. It delivers an end-to-end framework with a data collector, an identity alignment algorithm, and two attacks (passive and active), complemented by a novel evaluation framework and a dataset-generation approach. Through extensive experiments on public and tracker data, it shows how time-granularity and user activity shape IASR, ASSR, and AIUP, and proves that active targeting can dramatically improve precision. The work further provides a crypto-suspect prototype to illustrate practical applications, while carefully addressing regulatory and ethical constraints that govern cross-platform identity tracking.

Abstract

Many tracking companies collect user data and sell it to data markets and advertisers. While they claim to protect user privacy by anonymizing the data, our research reveals that significant privacy risks persist even with anonymized data. Attackers can exploit this data to identify users' accounts on other websites and perform targeted identity alignment. In this paper, we propose an effective identity alignment scheme for accurately identifying targeted users. We develop a data collector to obtain the necessary datasets, an algorithm for identity alignment, and, based on this, construct two types of de-anonymization attacks: the \textit{passive attack}, which analyzes tracker data to align identities, and the \textit{active attack}, which induces users to interact online, leading to higher success rates. Furthermore, we introduce, for the first time, a novel evaluation framework for online tracking-based identity alignment. We investigate the key factors influencing the effectiveness of identity alignment. Additionally, we provide an independent assessment of our generated dataset and present a fully functional system prototype applied to a cryptocurrency use case.

Invisible Trails? An Identity Alignment Scheme based on Online Tracking

TL;DR

The paper demonstrates that anonymized online tracking data can still enable cross-site identity alignment and deanonymization. It delivers an end-to-end framework with a data collector, an identity alignment algorithm, and two attacks (passive and active), complemented by a novel evaluation framework and a dataset-generation approach. Through extensive experiments on public and tracker data, it shows how time-granularity and user activity shape IASR, ASSR, and AIUP, and proves that active targeting can dramatically improve precision. The work further provides a crypto-suspect prototype to illustrate practical applications, while carefully addressing regulatory and ethical constraints that govern cross-platform identity tracking.

Abstract

Many tracking companies collect user data and sell it to data markets and advertisers. While they claim to protect user privacy by anonymizing the data, our research reveals that significant privacy risks persist even with anonymized data. Attackers can exploit this data to identify users' accounts on other websites and perform targeted identity alignment. In this paper, we propose an effective identity alignment scheme for accurately identifying targeted users. We develop a data collector to obtain the necessary datasets, an algorithm for identity alignment, and, based on this, construct two types of de-anonymization attacks: the \textit{passive attack}, which analyzes tracker data to align identities, and the \textit{active attack}, which induces users to interact online, leading to higher success rates. Furthermore, we introduce, for the first time, a novel evaluation framework for online tracking-based identity alignment. We investigate the key factors influencing the effectiveness of identity alignment. Additionally, we provide an independent assessment of our generated dataset and present a fully functional system prototype applied to a cryptocurrency use case.
Paper Structure (30 sections, 2 equations, 6 figures, 5 tables, 3 algorithms)

This paper contains 30 sections, 2 equations, 6 figures, 5 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Technical Warm Ups
  3. System Model
  4. Roles, Threat Model, And Goals
  5. Key Modules
  6. Making Datasets
  7. Building Public Dataset
  8. Building Anonymity Dataset
  9. Our Identity Alignment Scheme
  10. Parameter Selection
  11. Identity Alignment
  12. Identity Alignment For Multiple Sources
  13. Identity Alignment For Multiple Devices
  14. Two Attacks
  15. The Passive Attack
  16. ...and 15 more sections

Figures (6)

  • Figure 1: Attack Scenarios
  • Figure 2: Active and passive attacks
  • Figure 3: IASR and ASSR under 30 days time window and different $\Delta t_G$ in data with browsing-to-posting ratio of 10 and $\Delta t$ of 10
  • Figure 4: Distribution of posts published in 24 hours
  • Figure 5: Status without Distinction (browsing vs posting behavior)
  • ...and 1 more figures