New Geo-Inference Attack Uses Browser Cache to Identify Your Location

Illustration for article titled New Geo-Inference Attack Uses Browser Cache to Identify Your Location

Who knows where you are? According to a team of researchers from the National University of Singapore many websites could—using what they call a “geo-inference attack” to identify your location

Advertisement

In what the researchers describe as a “new attack” with a “big impact” to the Daily Dot, such attacks can mine your browser cache to identify your country, city or even street address. Many sites identify your location—if you allow them too—in order to improve service: so, for example, Google can work out whether to serve your google.com or google.co.uk.

The information gathered to do that can be stored in your browser’s cache—but there, it’s susceptible to third-party website running special scripts, the researchers find. Depending on the sites you use, attackers could find more or less information: Cragslist can reveal your city, for instance, while Google Maps can give away your street address.

Advertisement

The researchers claim that 62 percent of the Alexa top 100 websites in the US, Australia, Japan, Singapore, and the UK all leak location data—to some extent—via the cache. The problem affects Chrome, Firefox, Internet Explorer and Opera.

Using private browsing does help—because the cache is deleted after a session—but leaves you open to attack whilst you’re using sites, while the researchers suggest the latest versions of Tor can be used to avoid the problem. But for anyone not using the service, the best bet is simply delete your cache regularly. The question is: can you bring yourself to do that? [ Daily Dot]

Image by stevenharman under Creative Commons license

Geo Inference

Advertisement

Share This Story

Get our newsletter

DISCUSSION

This attack is only particularly useful if the person visiting the site is using a VPN or some other method of hiding their IP address from the server, because knowing their IP address generally gives away most of this information regardless (type what is my ip in duck duck go). So this really only exposes a select group of people... those using a VPN and not TOR.

For those who don’t want to read the article to understand how it works the TLDR; is. The attack is to make requests to known resources and time their load. If it loads faster it was cached, and if it was cached it is likely because you were / are there.

The thing is, this “attack” is not something most people would want to fix because the cost of doing so is longer load times on web pages.

As a web developer to prevent the attacks you would need to disable cache on your scripts and images. But you wouldn’t want to do that because it is much faster to return a 304 than it is to send the whole file each time (also less of a problem on your server).