Live bookmarks - RSS

Live bookmarking is a new popular method for displaying web feeds as bookmarks. Its popularity surged when it was introduced in Mozilla Firefox 1.0 back in 2004 and can now be found in several other popular web browsers such as Apple's Safari and Internet Explorer 7. Live bookmarks subscribe to user-defined RSS feeds and are periodically updated so as to display the latest articles. The ability to customize feeds along with the inherent periodicity of the updates make Live Bookmarks susceptible to eavesdropper profiling. In particular, as users subscribe to more RSS feeds they inadvertently create distinct profiles that can be used to track them. Given the wide range of tools available for parsing RSS feeds, it is trivial for a tracker to parse the feeds so as to extract user personalization in addition to RSS subscription information. Worse, by using traffic analysis to identify such communications based on their periodicity and creating a signature based on packet size distributions, an attacker could possibly track users over encrypted WLANs, however, we have not investigated this scenario further.

Tracknet bots would collect and parse all requests to RSS feeds. The information derived from the feed is then associated to an individual node. The node is temporarily identified by IP and MAC address for the current session. Any other information that is collected from the particular node is collected in a tracking tuple that correlates all other pertinent fields that aid in the identification of the node. In order to reduce the number of identification false positives we correlate the RSS fingerprint with the base station ESSID. Distinct fingerprints that appear at the same location (e.g. home or workplace) might point to a distinct identify with a higher level of confidence.