Next: Location tracking
Up: Wifi tracknets
Previous: MAC address
Live bookmarking is a new popular method for displaying web feeds as bookmarks.
Its popularity surged when it was introduced in Mozilla Firefox 1.0 back in
2004 and can now be found in several other popular web browsers such as Apple's
Safari and Internet Explorer 7. Live bookmarks subscribe to user-defined RSS
feeds and are periodically updated so as to display the latest articles. The
ability to customize feeds along with the inherent periodicity of the updates
make Live Bookmarks susceptible to eavesdropper profiling. In particular, as
users subscribe to more RSS feeds they inadvertently create distinct profiles
that can be used to track them. Given the wide range of tools available for parsing
RSS feeds, it is trivial for a tracker to parse the feeds so as to extract user
personalization in addition to RSS subscription information.
Worse, by using traffic analysis to identify such communications based on their periodicity
and creating a signature based on packet size distributions, an attacker
could possibly track users over encrypted WLANs,
however, we have not investigated this scenario further.
Tracknet bots would collect and parse all requests to RSS feeds. The information
derived from the feed is then associated to an individual node. The node is
temporarily identified by IP and MAC address for the current session. Any other
information that is collected from the particular node is collected in a
tracking tuple that correlates all other pertinent fields that aid in the
identification of the node. In order to reduce the number of identification
false positives we correlate the RSS fingerprint with the base station ESSID.
Distinct fingerprints that appear at the same location (e.g. home or
workplace) might point to a distinct identify with a higher level of
confidence.
Next: Location tracking
Up: Wifi tracknets
Previous: MAC address