violation of anonymity, consisting in the publication of personal data (real
name, place of residence or work, etc.) of the user in the Internet. There are
several types of deanonymization, classified according to the method and
objectives of their implementation:
– the participant consciously communicates personal information;
– the participant for some reason unconsciously disclose personal information
– the disclosure of the personal data of the participant by another person with
unscrupulous intentions (persecution, vandalism);
educational purposes – the disclosure of personal data, carried out for moral
beating and educating.
deimmunization can be distinguished based on authoritative sources – when
deanonymizing information is published in an authoritative and trustworthy
Profiling occurs when most of the traffic goes to the
Internet for a long time through one node. Then it becomes possible to refer
the activity seen to one alias. The output node may not know your IP-address,
but will know what you are doing.
DNS-leaks occurs when an application can send its DNS
queries using the ISP’s DNS servers, as when people using local proxy (SOCKS 4
or 5) try to send traffic to the Tor network of various applications that will
resolve DNS names.
The most popular identifier in the network. Getting
IP-address first and sometimes one of the most important step in
deanonymization. It can provide real address on the user and help to find out
who lives in the apartment or house.
Most of the
browsers store different information about the user as IP address, browser
history, screen size, time zone, installed applications (plugins), operating
system type. All this together is called a “browser fingerprint”.
Some tracking systems can make the browser to provide the
server different data, including the so-called user agent. All this can create
a unique identifier by which it can be found among many others already in the
Web bugs are different tracking systems and programs, that
are hidden and used to collect the information about visitors and save it on a
Cookies are text files with any values ??stored by the
application (often – the browser) for various tasks, for example,
authentication. It often happens that the client first visited the resource
from an open session, the browser saved cookies, and then the client connected
from an anonymous session, then the server can match cookies and calculate the
Moreover, there are so-called 3rd-party cookies, which are
stored with us, for example, after viewing an advertising banner from another
site (3rd-party). And the site-owner of this banner can track us on all
resources, where his banners are placed.
MitM-attacks are intended to listen and modifying traffic on
the output node. There is an option to modify the output node of digital
signatures, GPG- or SSL-prints, hash-sums of downloaded files.
more information for the server, including explicitly identifying it. Moreover,
it will help an attacker to successfully attack with all the ensuing
connection via anonymous and open channel
When different people are using same channel and you will
turn off the internet on this channel, then both client connections with the
same resource will terminate. On this fact, the server can calculate and match
two concurrently completed connections and find out the real address.
HTTP header, that helps to determine where the traffic comes
from. After you click on some link in the internet a link, it will send
information, so the website to which this link leads, will be able to find out
which page referred to it.
activity in anonymous session
It mostly occurs when a person from an anonymous session goes
to his page in the social network. Internet provider cannot verify the session,
but social network, although it does not see the real IP-address of the client,
precisely knows, who is on the page.
Usually MAC address of the network interface becomes known
to the Wi-Fi access point when the client connects to it.