This chapter will give you a quick breakdown of the main threats you will learn in more detail as you work through our course. Let’s gets started on the threats deanonymization and unicalization pose for users.
Deanonymization
Deanonymizationdescribes the process of identifying a person on the web or his authentic location of Internet connection.
The term “deanonymization” is inextricably linked with “anonymity”. Anonymity enables you to visit sites, perform certain actions on web resources, for instance, leave messages without allowing for the possibility of linking your actions with your real identity or location of your Internet connection.
Many users see anonymity as covering one’s real IP address, but that would be a very simplistic definition. First, a perpetrator can perform a JavaScript-based attack and, exploiting vulnerabilities in the web browser, gain access to your device. After getting control over your device, the perpetrator will try to identify the owner by analyzing the visited sites, real IP address, documents and information in instant messaging applications. Second, he will use the website to check if you have accounts on the social networks you are authorized with. If you are authorized with Facebook and submitted your real data, the owner of the site can access it unbeknownst to you.
Discovering a user’s identity or his location by the IP address or mac-address refers to “passive deanonymization” – when no attacks are launched against user; the attacks against user, for instance, through a website employing malicious JavaScript or fishing, refer to active deanonymization.
It is important to understand that IP address is not directly linked to a user. IP address belongs to the Internet access point. For instance, if you connect to a wireless router, you receive the IP address of this router. All the rest of the users who connect to this router will receive the same IP address.
An IP address check can reveal only the Internet provider and general location, while scanning can reveal the router’s model. The Internet service provider that connected the Internet cable to this router knows who signed up for the service contract and where this router is located. In the event of a request made by the appropriate authorities, the Internet provider is obliged to pass on this information. The Internet service provider’s logs and those of your router can be also analyzed – we are going to cover all these themes in the chapter devoted to deanonymization.
The perpetrator can break into a wireless router and then intercept the traffic with the intention of finding any information that may lead to identifying the user, for instance, social network accounts, or he can try to infect the computer through DNS spoofing or joining packets. All these methods can be referred to active deanonymization.
Hiding your IP address is important not only for anonymity but also for security purposes. By scanning your IP address, the malicious outsider can break into your router or modem – if you connect to the Internet using a Wi-Fi hotspot, or hack your computer directly – if it is connected via wired connection. Similar incidents occur all too often to ignore this kind of threat.
Unicalization
Unicalizationrefers to the search and collection of unique identifiers of the browser to form a unique fingerprint using which this browser can always be recognized, regardless of the IP address or data submitted by a user. Unicalization, as a rule, doesn’t serve to identify a user, but is used for recognizing him or her in any situation.
Unicalization of website users is enabled by browser’s unique fingerprints such as Canvas fingerprint, WebGL fingerprint, ClientRect Fingerprint, AudioContext Fingerprint, etc., as well as by cookies. To leave a unique fingerprint, it is sufficient to visit a website just once. Even if you return to the website from a different IP address, submit other authorization data, the site will still recognize you. If this website is connected to some anti-fraud or marketing system that collects users’ fingerprints, the other participants of the system can get access to the information about you too.
HWID is a unique hardware identifier that represents a single, unique user’s device. It can be obtained only upon the installation of a program to your computer which will collect the data for composing a unique hardware ID. A unique hardware identifier is generated from the unique serials of your computer’s components. The serials of motherboard, hard disk are assigned by the manufacturer, so changing them would prove hard enough. Even your monitor or keyboard has unique serials.
Even if you delete the program, reinstall the system and the program, it will recognize you by the unique identifiers of your hardware or HWID. Various hardware identifiers and HWID are used mainly for licensing software and by anti-fraud systems of applications.
Unicalization of browsers is mainly used to guard against fraudsters, but it can also be employed for detection and even deanonymization purposes.
Suppose you have just visited a website where you submitted your data, for instance, an online store. This store previously installed an anti-fraud system designed for protection against fraudsters. The anti-fraud system received a unique fingerprint of your browser and the personal information you submitted when you made your order. Upon accessing this data, it can recognize you on any site you opened and where its scripts are located.
As you work through our course, you will find more about unicalization and how to securely protect yourself from this threat.
