New Cache Side Channel Attack Could De-Anonymize Targeted Online Users


A group of academics at the New Jersey Institute of Technology (NJIT) has warned of a new technique that can be used to bypass anonymity protections and identify a unique website visitor.

“An attacker who has full or partial control over a website can learn whether a specific target (ie, a unique individual) is browsing the website,” the researchers said. said. “The attacker only knows this target through a public identifier, such as an email address or a Twitter handle.”

The cache-based target de-anonymization attack is a cross-site leak where the adversary uses a service such as Google Drive, Dropbox or YouTube to privately share a resource (e.g. an image, video or a YouTube playlist) with the target followed by embedding the shared resource in the attack website.

This can be achieved, for example, by privately sharing the resource with the target using the victim’s email address or correct username associated with the service and then inserting the leaking resource using a