Now researchers at the Vienna Institute of Technology, Institut Eurecom and UC Santa Barbara have found a way that malicious websites could find out what groups you belong to, and use that information to identify you. Such websites could use the trick for identity theft or to craft personalized scams.
The researchers found that a malicious site could "capture" a person's social networking groups from his browser with a trick known as history stealing. By cross-referencing these groups, they could reveal someone's social-network profile--and therefore their real-life identity--42 percent of the time. This means that an otherwise anonymous Web user could be identified correctly by a malicious site simply because the user visited that site.
"The browser can ask if these guys are a member of the iPhone group or the PC security group or the XYZ group, and by calculating intersections, we can identify them in many cases," says Gilbert Wondracek, a postdoctoral candidate in computer science at the Vienna Institute of Technology, who led the work.