Naked and exposed: stop investigating online without managed attribution

Everything you wanted to know about browser fingerprint, managed attribution and non-attribution — but didn’t know who to ask.

People tend to believe that the web provides them with a fair degree of anonymity. We act bolder in online debates than we do in face-to-face conversations, express opinions on social media that we won’t share with real-life friends, and even pick virtual fights with online strangers who don’t share our point of view – knowing full well that they won’t come after us or give us dirty looks in the grocery checkout line.

Because online we are completely safe and anonymous…. right? Turns out, browsers don’t offer us the cloak of invisibility we would like. In fact, it’s easy to gather data on who’s hiding behind an avatar or a fictional online persona. Far from safe and secure behind your monitor, you are browsing the web naked and exposed.

Browsers collect information about users that advertisers buy in order to profile your habits and behaviors and target you with personalized ads. And even if you turn on the “incognito” mode, connect through the VPN, or disable cookies, there are still small but plentiful virtual breadcrumbs that can help identify you and what you are up to.

For online investigators, this is both good news and bad news. You can use the information that browsers leave behind to gain insights on your adversaries’ intentions, affiliations, location, and more. But unfortunately, the same tools and techniques are available to the bad actors, and you can jeopardize your mission if you don’t take precautions.

To keep online investigations secure and completely anonymous, researchers need managed attribution. It’s the way to truly conceal your identity, location, IP address, environment, network, and anything else that might identify you or expose your mission. Without it, you can’t freely traverse the web.

Join our introductory, education webinar on managed attribution. Featuring Matt Ashburn, Head of Strategic Initiatives and a former CIA Cyber Security Officer and National Security CISO at the White House, the webinar will cover everything you wanted to know about managed attribution, but didn’t know who to ask:

• What your browser reveals and how it can undermine your mission;
• Why private browsing still leaves you vulnerable to exploits;
• The difference between non-attribution, managed attribution, and misattribution.

As always, Matt will bring plenty of cautionary examples from his time in the field.

Listen to NeedleStack's What’s in your digital fingerprint where Matt and co-host Jeff Phillips dive into what your investigation habits may reveal to adversaries.