Cybersecurity has long relied on hiding one’s identity as an integral part of protection. Owing to the fact that one’s personal information is the riskiest thing to lose online, cybersecurity generally focused on protecting this information through routing packets or providing false information. However, it seems as though this cannot be practised any longer. The Internet is more predatory than ever in collecting user data through cookies and trackers.

Every click, scroll and hover is recorded and used for advanced data analytics. To combat this, a new kind of cybersecurity has come to the forefront. The primary weapon of this approach is not to hide, but instead to muddy data. In a practice known as obfuscation, data that is given to parties on the Internet is generally artificially modified.

This modification is done in a way that both obscures the identity of the individual and renders the data useless for parties wishing to use it. This practice is known as cybersecurity through obfuscation.

A History Of Obfuscation

Obfuscation was first discovered as a method for identity preservation in 2009 with the launch of browser extension TrackMeNot. Built to prevent tracking from search providers, the extension employs obfuscation as a strategy of security. Upon searching for a particular query, the user’s query is hidden in a group of decoys generated by the extension.

What this meant was that there was an array of programmed queries that the extension fed to the search engine, thus leading to false information being collected. To achieve this, a variety of technological mechanisms, such as dynamical query lists, search awareness and more were employed.

TrackMeNot was the first extension of its kind and raised awareness over the tracking practices of search engines. This created a buzz over ensuring that user data was not used to show results that the user is more likely to click on.

The actual queries are hidden in a cloud of fake queries, thus muddying the user profile and rendering it useless for targeted query placement. This is one of the most common characteristics of solutions that employ obfuscation, and it is effective for its application.

The AdNauseam Revolution

Another browser extension, known as AdNauseum, was also released at around the same time, employing similar strategies for advertisements. As stated by its website:

“In light of the industry’s failure to self-regulate or otherwise address the excesses of network tracking, AdNauseam allows individual users to take matters into their own hands.”

The extension not only blocks ads from being viewed by the user, but also clicks on each and every one of them. This means that the ad network will register the clicks from the extension as a visit. This not only reduces the accuracy of user data collected, but also undermines the effectiveness of the online advertising market.

The most expensive ads for companies to implement are targeted advertisements which are derived by crunching user numbers derived from collected data. These targeted ads offer a much higher chance of success, measured by click-through rates, and are hence considered more effective than generic ads.

AdNauseam clicks through all of the advertisements shown to the user, making it seem as though every ad presented is a ‘success’ or a click. However, the collected data does not represent user intent, diluting the database and the effectiveness of the advertisement.

The popularity of the extension was so high that Google themselves stepped forward to try and ban it. As they are one of the biggest providers of targeted advertising, AdNauseam had cost them billions of dollars across thousands of users. The search engine giant removed the extension from its web store, showing the amount of power it wielded over its users.

This led to the #FreeAdNauseam hashtag trending and being picked up by many news media outlets, forcing Google to put the extension back on their store page.

Obfuscation Today

Today, obfuscation is beginning to be picked up by many browsers as an in-built feature. Opera and Firefox in particular feature potent tracker-blocking features to obfuscate data. Firefox also has a feature for containers, which allows for a single user to have multiple profiles that store different cookies and trackers, thus obscuring the real identity of the user.

In addition to this, they also released a tool called ‘Track THIS‘ recently. This website opens up 100 different tabs at once, with 4 different identities such as influencer, doomsday prepper and filthy rich. As the service opens up so many tabs at once, the user profile for advertisers changes to the chosen identity, thus protecting the user’s real identity.

It is important to take a proactive stance towards obfuscating one’s identity for cybersecurity. Data is the new oil, and protecting yourself from being harvested is a required status quo.