{"id":1100,"date":"2010-06-16T19:58:50","date_gmt":"2010-06-16T19:58:50","guid":{"rendered":"http:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/"},"modified":"2010-06-16T19:58:50","modified_gmt":"2010-06-16T19:58:50","slug":"facebook-deanonymizacny-utok","status":"publish","type":"post","link":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/","title":{"rendered":"Facebook deanonymiza\u010dn\u00fd \u00fatok"},"content":{"rendered":"

Po pre\u010d\u00edtan\u00ed \u010dl\u00e1nku Feasibility and Real-World Implications of Web Browser
\nHistory Detection<\/a> a A Practical Attack to De-Anonymize Social Network Users<\/a> som sa rozhodol technicky navrhn\u00fa\u0165 a pop\u00edsa\u0165, ako by vyzeral efekt\u00edvny a r\u00fdchly deanonymiza\u010dn\u00fd \u00fatok na Facebook. V pr\u00edpade ak\u00fdchko\u013evek pripomienok, \u010di vylep\u0161en\u00ed ma samozrejme nev\u00e1hajte kontaktova\u0165<\/a>.<\/p>\n

 <\/p>\n

Pr\u00edprava na \u00fatok<\/p>\n

V prvom rade je potrebn\u00e9 z\u00edska\u0165 („zharvestova\u0165“) zoznam v\u0161etk\u00fdch Facebookov\u00fdch skup\u00edn – je ich viac ako\u00a039 mili\u00f3nov o ve\u013ekosti viac ako 7 GB, tak\u017ee to p\u00e1r dni zrejme potrv\u00e1. Podot\u00fdkam, \u017ee ka\u017ed\u00e1 verejn\u00e1 skupina obsahuje zoznam \u013eud\u00ed, ktor\u00ed do nej patria.<\/p>\n

Zoznam t\u00fdchto skup\u00edn je verejne dostupn\u00fd:<\/p>\n

http:\/\/www.facebook.com\/directory\/groups\/<\/a><\/p>\n

podobne ako je dostupn\u00fd zoznam v\u0161etk\u00fdch pou\u017e\u00edvate\u013eov Facebooku:<\/p>\n

http:\/\/www.facebook.com\/directory\/people\/<\/a><\/p>\n

Downloadovac\u00ed skript by ich mal ulo\u017ei\u0165 v nasleduj\u00facom form\u00e1te:<\/p>\n

– ka\u017ed\u00e1 skupina bude samostatn\u00fd plaintextov\u00fd s\u00fabor, ktor\u00fd bude ma\u0165 \u010d\u00edseln\u00fd n\u00e1zov (pr\u00edslu\u0161n\u00fd GID\u00a0skupiny) a bude obsahova\u0165 zoznam v\u0161etk\u00fdch svojich \u010dlenov (na ka\u017ed\u00fd jeden riadok pripadne krstn\u00e9 meno a priezvisko dan\u00e9ho \u010dlena, pr\u00edpadne jeho \u010fal\u0161ie men\u00e1)<\/p>\n

– nako\u013eko t\u00fdch skup\u00edn bude zrejme ve\u013ea (39 mili\u00f3nov s\u00faborov v jednom adres\u00e1ri je predsa pr\u00edli\u0161 ve\u013ea), m\u00f4\u017ee sa pou\u017ei\u0165 \u010fal\u0161ia adres\u00e1rov\u00e1 \u0161trukt\u00fara, kde 1. n\u00e1zov adres\u00e1ra m\u00f4\u017eu predstavova\u0165 napr. posledn\u00e9 4 \u010d\u00edslice GIDu, 2. n\u00e1zov podadres\u00e1ra bud\u00fa predstavova\u0165 \u010fal\u0161ie 4 \u010d\u00edslice\u00a0GIDu at\u010f. Tak\u017ee napr\u00edklad s\u00fabor s GID 2227862516 bude ulo\u017een\u00fd v adres\u00e1rovej \u0161trukt\u00fare:<\/p>\n

Facebook-groups\/2516\/2786\/2227862516<\/code> v plaintext form\u00e1te:<\/p>\n

Meno1 Priezvisko1<\/code><\/p>\n

Meno2\u00a0Priezvisko2 Druh\u00e9Priezvisko2<\/code><\/p>\n

..<\/code><\/p>\n

Aby na\u0161a deanonymiza\u010dn\u00e1 slu\u017eba bola v\u017edy aktu\u00e1lna, tak uveden\u00e9 „harvestovanie“ nov\u00fdch \u010dlenov a nov\u00fdch skup\u00edn je samozrejme potrebn\u00e9 sp\u00fa\u0161ta\u0165 pravidelne (napr\u00edklad raz za de\u0148), aby sme mali v\u017edy aktu\u00e1lne skupiny s aktu\u00e1lnymi \u010dlenmi.<\/p>\n

Samotn\u00e1 deanonymiz\u00e1cia je potom u\u017e trivi\u00e1lna, deanonymiza\u010dn\u00e1 slu\u017eba cez CSS history hack zist\u00ed, \u017ee pou\u017e\u00edvate\u013e patr\u00ed do skup\u00edn GID1, GID2, GID3, GID4, skript vyh\u013ead\u00e1 takto z\u00edskan\u00e9 plaintextov\u00e9 s\u00fabory GID1, GID2, GID3 a GID4, urob\u00ed ich jednoduch\u00fd prienik (t.j. zist\u00ed riadky, ktor\u00e9 su v ka\u017edom tom s\u00fabore rovnak\u00e9 jednoducho pomocou „uniq -d“ alebo „grep -f“) a v\u00fdstupom je v lep\u0161om pr\u00edpade (ak z toho vypadne len jeden riadok) samotn\u00fd deanonymizovan\u00fd Facebook pou\u017e\u00edvate\u013e, v hor\u0161om pr\u00edpade (ak z toho vypadne viacero riadkov) zoznam v\u0161etk\u00fdch \u013eud\u00ed, ktor\u00ed patria do v\u0161etk\u00fdch uveden\u00fdch skupin (a dan\u00fd Facebook pou\u017e\u00edvate\u013e sa v nej bude ur\u010dite nach\u00e1dza\u0165).<\/p>\n

 <\/p>\n

\u00datok cez CSS\u00a0history hack<\/p>\n

CSS history hack predstavuje sp\u00f4sob ako vo v\u0161etk\u00fdch s\u00fa\u010dasn\u00fdch prehliada\u010doch odhali\u0165 enumerovan\u00edm, ktor\u00e9 presne URL (GET\u00a0\u017eiadosti) boli v minulosti dan\u00fdm prehliada\u010dom nav\u0161t\u00edven\u00e9. Podot\u00fdkam, \u017ee ide o \u0161tandardn\u00fa funkcionalitu v\u0161etk\u00fdch s\u00fa\u010dasn\u00fdch prehliada\u010dov a pok\u00fdm nepou\u017e\u00edvate „PrivacyBrowsing“ alebo „safehistory“ plugin alebo si pravidelne nepremaz\u00e1vate hist\u00f3riu v prehliada\u010di, tak ste automaticky zranite\u013en\u00fd na uveden\u00fd \u00fatok.<\/p>\n

Nako\u013eko pridanie do Facebookovej skupiny je realizovan\u00e9 pomocou GET \u017eiadosti, kde v parametri gid je uveden\u00e9 \u010d\u00edslo samotnej Facebookovej skupiny, pou\u017eit\u00edm CSS history hacku enumerovan\u00edm v\u0161etk\u00fdch na\u0161ich z\u00edskan\u00fdch skup\u00edn v prvom kroku, je mo\u017en\u00e9 detekova\u0165, \u010di pou\u017e\u00edvate\u013e patr\u00ed do danej skupiny alebo nie. Nako\u013eko uveden\u00fdch skup\u00edn je viac ako 40 mili\u00f3nov, je nutn\u00e9 uveden\u00fa f\u00e1zu \u0161peci\u00e1lne optimalizova\u0165<\/a> a pou\u017e\u00edva\u0165 viac\u00farov\u0148ov\u00e9 porovn\u00e1vanie<\/a>.<\/p>\n

Je dole\u017eit\u00e9 zd\u00f4razni\u0165, \u017ee je mo\u017en\u00e9 enumerova\u0165 nielen http:\/\/ adresy, ale aj https:\/\/, ftp:\/\/, \u010di file:\/\/\/<\/p>\n

Deanonymiza\u010dn\u00e1 slu\u017eba v prvom rade mus\u00ed detekova\u0165 verziu prehliada\u010da samotnej obete (\u010do dok\u00e1\u017ee ur\u00fdchli\u0165 a optimalizova\u0165 samotn\u00fd \u00fatok cez CSS\u00a0hack) a tie\u017e odhali\u0165, \u010di dan\u00fd pou\u017e\u00edvate\u013e m\u00e1 v prehliada\u010di zapnut\u00fd javascript alebo naopak vypnut\u00fd.<\/p>\n

V pr\u00edpade vypnut\u00e9ho javascriptu, je mo\u017en\u00e9 realizova\u0165 len CSS-only hack:<\/p>\n

<style>
\n#foo: visited { background : url (\/? yes -foo );}
\n#bar: link { background : url (\/?no -bar );}
\n<\/style >
\n<a id=\"foo\" href =\" http :\/\/ foo.org\" ><\/a>
\n<a id=\"bar\" href =\" http :\/\/ bar.biz\" ><\/a><\/code><\/p>\n

V\u00fdhoda uveden\u00e9ho \u00fatoku spo\u010d\u00edva v tom, \u017ee funguje aj pre prehliada\u010de, ktor\u00e9 maj\u00fa javascript vypnut\u00fd (napr\u00edklad cez noscript plugin), nev\u00fdhoda je, \u017ee uveden\u00fd \u00fatok ide pou\u017ei\u0165 iba na enumerovanie relat\u00edvne mal\u00e9ho mno\u017estva liniek (do 50000), nako\u013eko pri v\u00e4\u010d\u0161om mno\u017estve liniek toti\u017e prudko kles\u00e1 r\u00fdchlos\u0165 detekcie (vzh\u013eadom na ve\u013ek\u00e9 mno\u017estvo DOM\u00a0elementov vnoren\u00fdch v danej str\u00e1nke). Zapnut\u00e1 gzip kompresia ale ve\u013ekos\u0165 celkov\u00e9ho pren\u00e1\u0161an\u00e9ho HTML m\u00f4\u017ee zna\u010dne zmen\u0161i\u0165.<\/p>\n

V pr\u00edpade, \u017ee je javascript v prehliada\u010di zapnut\u00fd, je mo\u017en\u00e9 realizova\u0165 podstatne flexibilnej\u0161\u00ed CSS hack v javascripte:<\/p>\n

<script >
\nvar r1 = ' a { color : green ;}';
\nvar r2 = ' a:visited { color : red; }';
\ndocument.styleSheets[0].insertRule (r1,0);
\ndocument.styleSheets[0].insertRule (r2,1);
\nvar a_el = document.createElement('a');
\na_el.href = \"http:\/\/foo.org\";
\nvar a_style = document.defaultView.getComputedStyle(a_el, \"\");<\/p>\n

if (a_style.getPropertyValue (\"color\") == 'red ' ) {
\n\/\/ link was visited }
\n<\/script><\/code><\/p>\n

<\/a>Na rozdiel od CSS-only hacku, ktor\u00fd je \u0165a\u017eko optimalizovate\u013en\u00fd, je tu pekn\u00fd priestor pre \u00farychlenie (r\u00f4zne prehliada\u010de toti\u017e pou\u017e\u00edvaj\u00fa in\u00e9 intern\u00e9 reprezent\u00e1cie vypo\u010d\u00edtan\u00fdch CSS hodn\u00f4t, napr\u00edklad \u010derven\u00e1 farba m\u00f4\u017ee byt interne reprezentovan\u00e1 ako „red“, „#ff0000“, „f00“ alebo „rgb(255,0,0)“ a pre jeden konkretn\u00fd prehliada\u010d, ktor\u00fd pou\u017e\u00edva pr\u00e1ve jednu interpret\u00e1ciu je zbyto\u010dn\u00e9 porovn\u00e1va\u0165 v\u0161etky tieto hodnoty, \u010fal\u0161ia optimaliz\u00e1cia je znovupou\u017eitie DOM elementov, kde je to len mo\u017en\u00e9, \u010do najviac vyh\u00fdbanie sa volaniu javascript funkci\u00ed at\u010f).<\/p>\n

Optimalizovan\u00e1 verzia CSS javascript hacku dok\u00e1\u017ee za jednu sekundu enumerova\u0165 a\u017e 30000 liniek (!), teda okam\u017eite overi\u0165, \u010di boli u\u017e nav\u0161t\u00edven\u00e9 alebo nie. V\u00a0na\u0161om pr\u00edpade to znamen\u00e1, \u017ee je mo\u017en\u00e9 behom jednej sekundy enumerova\u0165 30000 Facebookov\u00fdch skup\u00edn a teda zisti\u0165, \u010di do nich dan\u00fd Facebookov\u00fd pou\u017e\u00edvate\u013e patr\u00ed alebo nie.<\/p>\n

 <\/p>\n

<\/a>Viac\u00farov\u0148ov\u00e9 porovn\u00e1vanie<\/p>\n

V pr\u00edpade, \u017ee by sme sa rozhodli pou\u017ei\u0165 CSS\u00a0hack a na jedenkr\u00e1t „omatchova\u0165“ do ktor\u00fdch z viac ako\u00a039 mili\u00f3nov Facebookov\u00fdch skup\u00edn dan\u00fd pou\u017e\u00edvate\u013e patr\u00ed, tak m\u00e1me probl\u00e9m – dan\u00e9\u00a0HTML deanonymiza\u010dnej slu\u017eby (v pr\u00edpade CSS\u00a0only hack) m\u00e1 cez 0.5 GB a enumerovanie v\u0161etk\u00fdch t\u00fdchto skup\u00edn by v \u00faplne ide\u00e1lne pr\u00edpade (30000 za sekundu) trvalo viac ako 22 min\u00fat (prakticky podstatne dlh\u0161ie). \u010co je v na\u0161om pr\u00edpade takmer nepou\u017eite\u013en\u00e9.<\/p>\n

Podstatne elegantnej\u0161ie, neporovnate\u013ene r\u00fdchlej\u0161ie a menej n\u00e1ro\u010dne na zdroje je tzv. viac\u00farov\u0148ov\u00e9 porovn\u00e1vanie, napr\u00edklad:<\/p>\n

1. Vytvor\u00edme zoznam 300 najpopul\u00e1rnej\u0161\u00edch Facebookov\u00fdch skup\u00edn pre ka\u017ed\u00fa krajinu sveta.<\/p>\n

2.\u00a0Obet\u00ed v prvej \u00farovni predhod\u00edme 300 liniek najpopul\u00e1rnej\u0161\u00edch Faceboovkov\u00fdch skup\u00edn ka\u017ed\u00e9ho \u0161t\u00e1tu, dohromady pre v\u0161etky \u0161t\u00e1ty (dajme tomu, \u017ee ich je 100), je to 30000\u00a0liniek, ktor\u00e9 sa u klienta vysk\u00fa\u0161aju behom jednej sekundy. Na z\u00e1klade toho, ktor\u00e9 sa pre dan\u00fd \u0161t\u00e1t najviac „namatchuj\u00fa“ dok\u00e1\u017eeme jednoducho identifikova\u0165 do ktorej krajiny dan\u00fd pou\u017e\u00edvate\u013e patr\u00ed (pom\u00f4c\u0165 si samozrejme m\u00f4\u017eeme aj pomocou\u00a0GeoIP nako\u013eko vieme jeho IP\u00a0adresu)<\/p>\n

3. Inteligentn\u00fd AJAX na strane obete zist\u00ed, ktor\u00e9 v\u0161etky z t\u00fdch liniek boli re\u00e1lne nav\u0161t\u00edven\u00e9 a t\u00fato inform\u00e1ciu po\u0161le na server denanonymiza\u010dnej slu\u017eby. Ten na z\u00e1klade toho vyhodnot\u00ed, do ktorej krajiny alebo regi\u00f3nu dan\u00fd pou\u017e\u00edvate\u013e patr\u00ed a po\u0161le „na vysk\u00fa\u0161anie“ druh\u00fa v\u00e1rku u\u017e \u0161pecifickej\u0161\u00edch URL\u00a0liniek\u00a0– tam napr\u00edklad m\u00f4\u017ee by\u0165 zoznam politick\u00fdch skup\u00edn v danej krajine alebo zoznam skup\u00edn popul\u00e1rnych os\u00f4b, \u010di hudobn\u00fdch interpretov v danej krajine, \u010di zoznam skup\u00edn ob\u013e\u00faben\u00fdch opera\u010dn\u00fdch syst\u00e9mov.<\/p>\n

4. V pr\u00edpade mal\u00fdch kraj\u00edn (ako napr\u00edklad Slovensko), kde zoznam v\u0161etk\u00fdch Facebookov\u00fdch skup\u00edn m\u00f4\u017ee by\u0165 relat\u00edvne mal\u00fd, je mo\u017en\u00e9 v druhej v\u00e1rke posla\u0165 zoznam v\u0161etk\u00fdch Facebookov\u00fdch skup\u00edn v danej krajine, ktor\u00e9 sa behom p\u00e1r sek\u00fand okam\u017eite vysk\u00fa\u0161aj\u00fa.<\/p>\n

5. Cel\u00fd tento proces je samozrejme mo\u017en\u00e9 opakova\u0165 do \u013eubovo\u013enej \u00farovne, tak aby po\u010det liniek na vysk\u00fa\u0161anie v danej \u00farovni boli relat\u00edvne n\u00edzky (a teda mal\u00fd HTTP\u00a0traffic) a enumerovanie liniek v danej \u00farovni ve\u013emi r\u00fdchle.<\/p>\n

Pri zvolen\u00ed spr\u00e1vnych \u00farovn\u00ed prim\u00e1rnych, sekund\u00e1rnych, \u010di terci\u00e1lnych liniek a vhodn\u00e9ho sp\u00f4sobu „vn\u00e1rania sa“, je mo\u017en\u00e9 pou\u017e\u00edvate\u013ea deanonymizova\u0165 behom p\u00e1r sek\u00fand.<\/p>\n

Osobne vid\u00edm najv\u00e4\u010d\u0161\u00ed probl\u00e9m v tom, ako plne automatizovane ur\u010di\u0165, ktor\u00e9 Facebook skupiny sa t\u00fdkaj\u00fa ktor\u00fdch kraj\u00edn (na detekciu jazyka pod\u013ea textu v skupine je mo\u017en\u00e9 zrejme pou\u017ei\u0165 Google Translate), ako aj navrhn\u00fa\u0165 zoznam vhodn\u00fdch sekund\u00e1rnych liniek (je mo\u017en\u00e9 na to pou\u017ei\u0165 napr\u00edklad r\u00f4zne vyh\u013ead\u00e1va\u010de).<\/p>\n

V ka\u017edom pr\u00edpade uveden\u00fd \u00fatok je mo\u017en\u00e9 technicky realizova\u0165 tak, aby bol dostato\u010dne r\u00fdchly a efekt\u00edvny<\/strong> a to aj v pr\u00edpade obrovsk\u00e9ho mno\u017estva skup\u00edn takej soci\u00e1lnej siete ako je Facebook.<\/p>\n

 <\/p>\n

M\u00e1lo d\u00e1t<\/p>\n

Samozrejme, \u017ee m\u00f4\u017ee nasta\u0165 situ\u00e1cia, \u017ee na \u00faplnu deanonymiz\u00e1ciu budeme ma\u0165 m\u00e1lo d\u00e1t:<\/p>\n

1. Firefox uklad\u00e1 toti\u017e hist\u00f3riu len 90\u00a0dn\u00ed, Safari 20\u00a0dn\u00ed, IE\u00a020\u00a0dn\u00ed, Opera uklad\u00e1 posledn\u00fdch 1000\u00a0nav\u0161t\u00edven\u00fdch URL (v pr\u00edpade Chrome ale napr\u00edklad \u017eiadne expirovanie hist\u00f3rie nefunguje).<\/p>\n

2. Po\u010det skup\u00edn, do ktor\u00fdch dan\u00fd pou\u017e\u00edvate\u013e patr\u00ed m\u00f4\u017ee by\u0165 pr\u00edli\u0161 mal\u00fd na jeho jednozna\u010dn\u00fa identifik\u00e1ciu.<\/p>\n

V tomto pr\u00edpade navrhujem nasleduj\u00face rie\u0161enie, ktor\u00e9 m\u00f4\u017eu v\u00fdrazne zlep\u0161i\u0165 jednozna\u010dn\u00fa identifik\u00e1ciu (a teda pr\u00edpadn\u00fa deanonymiz\u00e1ciu):<\/p>\n

1. Facebook gid v GET\u00a0\u017eiadostiach sa vyu\u017e\u00edva nielen pri prihlasovan\u00ed („joinovan\u00ed“) do skupiny, ale aj pri jej manipul\u00e1cii (prid\u00e1vanie pr\u00edspevku apod), \u010do sa d\u00e1 potenci\u00e1lne vyu\u017ei\u0165 pri \u010fal\u0161ej identifik\u00e1cii. Tu samozrejme treba po\u010d\u00edta\u0165 s t\u00fdm, \u017ee pou\u017e\u00edvate\u013e si m\u00f4\u017ee prezera\u0165 aj skupiny, ktor\u00fdch nie je \u010dlenom a teda sa nem\u00f4\u017eu pou\u017ei\u0165 na deanonymiza\u010dn\u00fd \u00fatok.<\/p>\n

2. Cez CSS\u00a0hack je mo\u017en\u00e9 realizova\u0165 paralelne viacero \u00fatokov na r\u00f4zne soci\u00e1lne siete a v\u00fdsledky z nich navz\u00e1jom korelova\u0165, okrem Facebooku, \u00fatok funguje napr\u00edklad aj na LinkedIn, Xing, \u010di in\u00e9. Inform\u00e1cie z nich z\u00edskan\u00e9 je mo\u017en\u00e9 n\u00e1vzajom korelova\u0165 a teda dodato\u010dne spres\u0148ova\u0165 identifik\u00e1ciu ich pou\u017e\u00edvate\u013ea s cie\u013eom ho \u00faplne deanonymizova\u0165.<\/p>\n

Ak napr\u00edklad pomocou Facebook deanonymiza\u010dn\u00e9ho \u00fatoku z\u00edskame 1000\u00a0potenci\u00e1lnych kandid\u00e1tov a pomocou LinkedIn deanonymiza\u010dn\u00e9ho \u00fatoku 500 \u010fal\u0161\u00edch potenci\u00e1lnych kandid\u00e1tov, tak z ich prieniku mo\u017eno vypadne jednozna\u010dn\u00e1 identita (alebo podstatne menej mo\u017enost\u00ed). Je d\u00f4le\u017eite podotkn\u00fa\u0165, \u017ee okrem toho, \u017ee m\u00f4\u017eeme korelova\u0165 v\u00fdsledky viacer\u00fdch soci\u00e1lnych siet\u00ed s cie\u013eom lep\u0161ej identifik\u00e1cie, je mo\u017en\u00e9 vyu\u017ei\u0165 aj \u010fal\u0161ie inform\u00e1cie (enumerova\u0165 nejak\u00e9 popul\u00e1rne blogy, f\u00f3ra apod).<\/p>\n

 <\/p>\n

Rie\u0161enie<\/p>\n

1. Na strane servera (Facebooku) je nutn\u00e9 ak\u00e9ko\u013evek inform\u00e1cie (ako\u00a0ID skupiny), z ktor\u00fdch je mo\u017en\u00e9 sp\u00e4tne deanonymizova\u0165 pou\u017e\u00edvate\u013ea v\u017edy<\/strong> pren\u00e1\u0161a\u0165 jedine cez\u00a0POST\u00a0\u017eiadosti (nie cez GET, ktor\u00e9 sa ukladaj\u00fa do hist\u00f3rie).<\/p>\n

\u010eal\u0161ie \u00fa\u010dinne rie\u0161enie je prid\u00e1va\u0165 do v\u0161etk\u00fdch GET \u017eiadosti \u010fal\u0161\u00ed parameter – anti-CSRF\u00a0n\u00e1hodn\u00fd token, ktor\u00fd sa ned\u00e1 pri enumerovan\u00ed URL determinova\u0165.<\/p>\n

2. Na strane klienta je viacero mo\u017enost\u00ed – bu\u010f pravidelne maza\u0165 hist\u00f3riu prehliada\u010da, pou\u017e\u00edva\u0165 PrivateBrowsing,<\/a> SafeHistory plugin<\/a> alebo si po\u010dka\u0165 na Firefox 4.0, ktor\u00fd by mal znemo\u017e\u0148ova\u0165 enumerovanie nav\u0161t\u00edven\u00fdch liniek cez CSS hack.<\/p>\n","protected":false},"excerpt":{"rendered":"

Po pre\u010d\u00edtan\u00ed \u010dl\u00e1nku Feasibility and Real-World Implications of Web Browser History Detection a A Practical Attack to De-Anonymize Social Network Users som sa rozhodol technicky navrhn\u00fa\u0165 a pop\u00edsa\u0165, ako by vyzeral efekt\u00edvny a r\u00fdchly deanonymiza\u010dn\u00fd \u00fatok na Facebook. V pr\u00edpade ak\u00fdchko\u013evek pripomienok, \u010di vylep\u0161en\u00ed ma samozrejme nev\u00e1hajte kontaktova\u0165.   Pr\u00edprava na \u00fatok V prvom rade […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[11],"tags":[327,233],"class_list":["post-1100","post","type-post","status-publish","format-standard","hentry","category-unkategorisiert","tag-deanonymizacny-utok-de","tag-facebook-de"],"yoast_head":"\nFacebook deanonymiza\u010dn\u00fd \u00fatok - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Facebook deanonymiza\u010dn\u00fd \u00fatok - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Po pre\u010d\u00edtan\u00ed \u010dl\u00e1nku Feasibility and Real-World Implications of Web Browser History Detection a A Practical Attack to De-Anonymize Social Network Users som sa rozhodol technicky navrhn\u00fa\u0165 a pop\u00edsa\u0165, ako by vyzeral efekt\u00edvny a r\u00fdchly deanonymiza\u010dn\u00fd \u00fatok na Facebook. V pr\u00edpade ak\u00fdchko\u013evek pripomienok, \u010di vylep\u0161en\u00ed ma samozrejme nev\u00e1hajte kontaktova\u0165.   Pr\u00edprava na \u00fatok V prvom rade […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2010-06-16T19:58:50+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"10\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"Facebook deanonymiza\u010dn\u00fd \u00fatok\",\"datePublished\":\"2010-06-16T19:58:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/\"},\"wordCount\":1960,\"commentCount\":0,\"keywords\":[\"deanonymiza\u010dn\u00fd \u00fatok\",\"facebook\"],\"articleSection\":[\"Unkategorisiert\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/\",\"name\":\"Facebook deanonymiza\u010dn\u00fd \u00fatok - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"datePublished\":\"2010-06-16T19:58:50+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/facebook-deanonymizacny-utok\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Facebook deanonymiza\u010dn\u00fd \u00fatok\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\\\/\\\/www.nethemba.com\\\/\"],\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/author\\\/nethemba-admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Facebook deanonymiza\u010dn\u00fd \u00fatok - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/","og_locale":"de_DE","og_type":"article","og_title":"Facebook deanonymiza\u010dn\u00fd \u00fatok - Nethemba","og_description":"Po pre\u010d\u00edtan\u00ed \u010dl\u00e1nku Feasibility and Real-World Implications of Web Browser History Detection a A Practical Attack to De-Anonymize Social Network Users som sa rozhodol technicky navrhn\u00fa\u0165 a pop\u00edsa\u0165, ako by vyzeral efekt\u00edvny a r\u00fdchly deanonymiza\u010dn\u00fd \u00fatok na Facebook. V pr\u00edpade ak\u00fdchko\u013evek pripomienok, \u010di vylep\u0161en\u00ed ma samozrejme nev\u00e1hajte kontaktova\u0165.   Pr\u00edprava na \u00fatok V prvom rade […]","og_url":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2010-06-16T19:58:50+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Verfasst von":"Pavol Lupt\u00e1k","Gesch\u00e4tzte Lesezeit":"10\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"Facebook deanonymiza\u010dn\u00fd \u00fatok","datePublished":"2010-06-16T19:58:50+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/"},"wordCount":1960,"commentCount":0,"keywords":["deanonymiza\u010dn\u00fd \u00fatok","facebook"],"articleSection":["Unkategorisiert"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/","url":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/","name":"Facebook deanonymiza\u010dn\u00fd \u00fatok - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2010-06-16T19:58:50+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/de\/facebook-deanonymizacny-utok\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/de\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"Facebook deanonymiza\u010dn\u00fd \u00fatok"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/de\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts\/1100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/comments?post=1100"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/posts\/1100\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/media?parent=1100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/categories?post=1100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/tags?post=1100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}