Abstract
Several active attacks on user privacy in the World Wide Web using cookies or active elements (Java, Javascript, ActiveX) are known. One goal is to identify a user in consecutive Internet session to track and to profile him (such a profile can be extended by personal information if available).
In this paper, a passive attack is presented that uses information of a different network layer in the first place. It is exposed how expressive the data of the HyperText Transfer Protocol (HTTP) can be with respect to identify computers (and therefore their users). An algorithm to reidentify computers using dynamically assigned IP addresses with a certain degree of assurance is introduced. Thereafter simple countermeasures are demonstrated.
The motivation for this attack is to show the capability of passive privacy attacks using Web server log files and to propagate the use of anonymising techniques for Web users.
The author would like to thank the Department of Communication Systems under supervision of Prof. Dr.-Ing. Firoz Kaderali, the colleagues at the department, and especially Prof. Dr. rer. nat. Werner Poguntke for the support in his research.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Fielding, R., Gettys, J., et al, J.M.: Hypertext transfer protocol-http/1.1 (1999)
Gold, J., Ethier, D.: One perspective on collecting data on the web. CMC-Computer-Mediated Communication Magazine 9 (1997)
Shen, A.: Request for participation and comment from the electronic privacy information center (epic). (1999)
McGregor, G.: The ppp internet protocol control protocol (ipcp) (1992)
Salton, G.: Automatic Text Processing: The Transformation, Analysis, and Retrieval of Information by Computer. Addison-Wesley (1989)
Salton, G.: Automatic Information Organization and Retrieval. McGraw-Hill (1968)
Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. In Rivest, R., ed.: Communication of the ACM. Volume 2. (1981) 84–88
Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity-a proposal for terminology. International Workshop on Design Issues in Anonymity and Unobservability LNCS 2009 (2000) 1–9
Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free mix routes and how to overcome them. International Workshop on Design Issues in Anonymity and Unobservability LNCS 2009 (2000) 30–45
: Anonymizer. (http://www.anonymizer.com/)
: Rewebber. (http://www.rewebber.com/)
Demuth, T., Rieke, A.: On securing the anonymity of content providers in the world wide web. Proceedings of SPIE 3657 (1999) 494–502
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Demuth, T. (2003). A Passive Attack on the Privacy of Web Users Using Standard Log Information. In: Dingledine, R., Syverson, P. (eds) Privacy Enhancing Technologies. PET 2002. Lecture Notes in Computer Science, vol 2482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36467-6_14
Download citation
DOI: https://doi.org/10.1007/3-540-36467-6_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00565-0
Online ISBN: 978-3-540-36467-2
eBook Packages: Springer Book Archive