De-anonymization and Uniqueness
In this chapter, we will briefly go over the main threats that you will learn about in detail as you study our course. We will start with the threats of de-anonymization and user uniqueness.
De-anonymization
De-anonymization is the process of establishing the identity of a user on the network or the actual point of network access.
The concept of de-anonymization is inseparable from the concept of anonymity. Anonymity is the ability to visit websites and perform certain active actions on web resources, such as leaving messages, without the possibility of linking your actions to your real identity or the location of your network access.
Myth
VPN creates complete anonymity on the internet
Reality
VPN is a great way to complicate access to data about a person.
However, complete anonymity is not achieved. There are still ways to determine location. For example, each of us has pre-installed font sets in browsers and on phones. Russians have a similar set. In contrast, in India, fonts in Hindi and additional characters may be added. Thus, even from this information, one can determine which country you live in. After that, the data is enriched, i.e., it is analyzed which websites a person visits, which services they use, and this can reveal a more specific geolocation.
Many equate anonymity with hiding the real IP address, but this is a very simplified approach. Firstly, an attacker can conduct a JavaScript attack and, using vulnerabilities in the web browser, gain access to your device. Then, having control over the device, they will try to identify the owner based on the analysis of visited sites, the real IP address, documents, and information in messengers. Secondly, through a website, it is possible to check for the presence of accounts you have on social networks where you are authorized. If you are logged into Facebook and your real data is indicated there, the website owner can obtain this information without your knowledge.
Passive and Active De-anonymization: Differences and Methods.
Passive de-anonymization is based on collecting information from publicly available sources, such as social networks, public databases, and websites. The attacker collects and analyzes available information about the target to identify their personal data.