31 July 2008 | 8,325 views

Site Guesses Your Gender via Browsing History

Check For Vulnerabilities with Acunetix

This is a pretty old issue, but this is an interesting new implementation of an old idea. Using your browser history and by matching your browsing habits the site attempts to guess your gender with a weighting system according to the gender demographics for a list of fairly popular sites.

It’s not super accurate unless you are really stereotypical in your Internet usage habits, and it won’t work if you don’t accept any cookies and flush everything regularly.

One of the problems that’s plagued netizens since the inception of the world wide web that their browsers have a habit of leaking every site they’ve visited in the recent past. A quick stop at Blowupdolls.com, Mysecretbusinessproject.net or any other site is available to any webmaster with rudimentary coding skills.

Now the Mike on Ads blog has harnessed this privacy shortcoming into a tool that tries to predict whether the visitor is male or female. It uses a small piece of Javascript, that siphons a browser’s URL history and then analyzes the sites visited to guess whether the user is a guy or gal.

It’s a pretty neat idea, I like the innovative thoughts involved and I really do wonder how else this could be used.

It could be the next way of harvesting data online, imagine if any of the huge sites like Slashdot, Digg or the likes of Cnet started doing this how much data they could harvest!

It’s unclear how accurate the tool is at guessing a visitor’s sex, although it did pronounce there was a 74 percent chance your reporter was male. More importantly, the tool is a reminder of just how easy it is for webmasters to track the browsing history of their visitors. Even when you turn off Javascript, they have other tricks up their sleeves that are much harder to foil, says Jeremiah Grossman, the CTO of WhiteHat Security, who brought the tool to our attention.

It guessed me as 52% male….so does that mean I’m 48% woman? That’s a little scary.

Like it says in the article though, combine this with some geolocation + some other tricks…and that’s a whole lot of information about a passing surfer.

It’s perfectly viable that sites are already doing this, and no-one would even know.

Time for some NoScript?

*EDIT* – I found some code here that does this kind of history checking.

Source: The Register



Recent in Exploits/Vulnerabilities:
- Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint
- Everything You Need To Know About POODLE SSLv3 Vulnerability
- OpenVPN Vulnerable To Shellshock Exploit

Related Posts:
- Sandboxie – Sandbox Your Browser / Software / Programs In Windows
- Google Safe Browsing Extension for Firefox & Netcraft Toolbar – Anti-Phishing
- KrbGuess – Guess/Enumerate Kerberos User Accounts

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,875 views
- AJAX: Is your application secure enough? - 119,152 views
- eEye Launches 0-Day Exploit Tracker - 85,075 views

Low-cost VPS Hosting

18 Responses to “Site Guesses Your Gender via Browsing History”

  1. JD 31 July 2008 at 11:54 am Permalink

    Here’s a link to the script: http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-estimate-gender/

    Try your luck if you like. I happen to think that it’s based way to much on gender stereotypes. Mine came out at 54% likelihood female, 46% likelihood male. I was glad that my browsing seemed to be androgynous– if sites start contouring their content to gender, it won’t have much luck with me and I can just ignore it, as usual.

    The No Script idea was definitely a good one, though. It’s bad enough being brainwashed by tv commercials…I’d rather not have sites covered with content that has been “customized” by my browsing history!! It’s kind of scary that people are going this far to gather information on their users…very 1984…

  2. zupakomputer 31 July 2008 at 1:17 pm Permalink

    I agree (about the 1984 feel of it). It’s not so much that they are gathering stats; we all know the internet was put together by (amoung others) the US military in the first place – it’s the way they think about using the information they gather, and how they are ok to categorise people into behavioural patterns that way. It’s ugly and soul less, and a disgrace to the real human race.
    People never think about the obvious indications of what is wrong with ‘this picture': who decided that boys play with robots and girls play with dolls for example, and why is anyone stupid enough to just accept that ‘has to be true’.

    Additionally these kinds of information harvesters make it all the easier to exploit things like personal accounts. Why should that be allowed to happen, just so talentless people with no practical skills can make money by pushing their unwanted adverts; and they’re using up internet bandwidth and creating loads of extra server traffic and power usage. It’s bad enough that transmitting power over centralised grids to begin with loses 2/3 of what was generated at the plants.

  3. Morgan Storey 31 July 2008 at 3:07 pm Permalink

    YAY I am ambiguous. 50-50… Maybe cause I browse with no-script. I wonder how long till they are using it make other suppositions; sexual preference, ethnicity, age etc can all be guessed by browsing habits. Very scary. But I bet a heap of marketers just got excited.

  4. Navin 31 July 2008 at 3:47 pm Permalink

    Morgan said “I wonder how long till they are using it make other suppositions; sexual preference, ethnicity, age etc can all be guessed by browsing habits.”

    Isn’t tht what tht new UK advertising system Phorm is suppozed to do?? It collects user data and suggests ads meant for the specific person. So if I wanna get my wife a necklace as a surprise B’day gift, and I search about necklaces on the web, the next time my wife goes online, she sees ads all abt necklaces…..and poof there goes my big surprise!! And don’t even get me started on the *privacy* tht phorm violates!! And no matter how many supporters of phorm come and tell me tht phorm only scans pages for keywords and doesn’t maintain personal data, the very fact tht phorm by default is on with an option to turn off, instead of it being the other way around makes it feel very very phony to me!!

    BTW me gets the same result as you Morgan…..three cheers for NoScript!!

  5. zupakomputer 31 July 2008 at 4:54 pm Permalink

    Yeah, now they can waste their lives even moreso by making graphs and other visual aids up to assist in describing the effectiveness of why anyone would want to target anyone else, in the vague hope they might buy something off them.

    They’ll probably create a whole new department just to produce booklets on the subject, none of which will actually convey any usable information, and all of which will feature the same photos as all the other companies use, all lit and composited in the same way.
    But despite the dept. being new, any applicants for the jobs will have been expected to have worked in a similar place for at least three years.

    And oddly, all the tangible wares you might be able to buy off them are all produced in sweatshops then end up on landfills later.

  6. JD 1 August 2008 at 5:00 am Permalink

    zupakomputer, I agree with what you had to say in your previous post:

    “…who decided that boys play with robots and girls play with dolls for example, and why is anyone stupid enough to just accept that

  7. Morgan Storey 1 August 2008 at 8:28 am Permalink

    @zukakomputer: well said. In a previous life I was training to be in advertising/marketing, I wasn’t bad at it, but I hated the culture.

    @Navin: that phorm sounds similar to what google have been doing for a while. I don’t nessesarily disagree with what they do though, especially after reading Google: the inside story. I trust them even more now than I did before Sergey and Larry are geeks and didn’t even want to make money to start with, but they needed a way to survive.

  8. gul 1 August 2008 at 8:56 am Permalink

    Funny, I’m 50/50 too… Maybe cause I have no history ;)
    All that stuff, remind me, long time ago when gmail was at the beginning, and one day I found that in the left panel, there was ads. And they were related to my emails. It was funny cause, when I noticed, I was talking about mental illness with a friend of mine. I let your imagination guest what were google advises :)

    Anyway, NoScript seems to be a really good idea, but, who’s gonna use it ? You, me and lot of security addicts. And what will happen for the so feared ‘users’ ? A lot more data collected, less privacy, and more targeted phishing / spamming. Not really cool to know that, and a lot of web browsing best practices to teach to familly and friends. Kinda sad in my opinion.

  9. Navin 1 August 2008 at 12:57 pm Permalink

    Correct gul….. some of us are so used to chatting online with like minded uber-nerdy security addicts that we forget the bigger picture. A recent study showed that less than 50 % of net users have updated their browsers since IE5/6 and Firefox 1.X.

    And unfortunately these are the people who fall for most phishing attacks…..they don’t even know their data is at risk.

    Something I’d done a few years ago to show my friends a bit abt online security….A simple phishing script sent to 9 of my best friends….. and guess what? 6 of them handed their passwords to the script!! Of course I din’t use them….. but it built up a gr8 foundation for my online security talk I gave them a week later!! :P

  10. zupakomputer 1 August 2008 at 2:18 pm Permalink

    JD: that is very like something else that has taken over every job and college / higher ed (and more besides) applications in the UK. ‘They’ always hand out question sheets that claim to be about Equal Opportunity Monitoring, and they contain questions on race, religion, nationality, gender, disabilities, and recently they’ve begun to add sexual preferences too.

    It’s extremely disturbing, because they are asking for that information from everyone – while claiming none of that information matters! So why do they ask for it.

    Why do they need stats on all those kinds of things, if those things do not matter to them.

    It’s also very disturbing that they claim it is anonymous! It’s not – you have to hand it in alongside your name-and address (and all your other CV details etc) form, or in person. So anyone that wanted to see what was in the forms can just read it there and then when you hand it in, or they can file it along with your applications.

    I used to just fill them out routinely, like everyone else; you’re instructed at school etc that it’s “normal”, but recently I have just been ignoring them entirely. Some people deliberately fill them out wrong – I think I might start doing that too. Put in ‘black male lesbian hare-krishna asian’ for example – they can’t say anything because they aren’t meant to be reading it!

  11. zupakomputer 1 August 2008 at 5:53 pm Permalink

    hmmmmmmm. When I eventually found the site with the script – it comes up as an ‘unresponsive script’ for me and doesn’t work anyway.

    Doesn’t anyone find it extremely fake-coincidence that the URL/URI is mikeonads? = my gonads, and it’s about gender identification….

  12. Navin 2 August 2008 at 10:28 am Permalink

    Din’t notice tht…guess us 50-50 guys have gotten our gonads all mixed up!! Should’ve paid more attention during Bio class ;)

  13. Morgan Storey 2 August 2008 at 12:35 pm Permalink

    @zukacomputer: hahahah, like what experts-exchange used to be before they got the hyphen…

  14. Navin 2 August 2008 at 1:24 pm Permalink

    @ morgan
    Oh yeah…there was this joke bout psychotherapists as well tht went on similar lines….. don’t think I need to say it out loud but i hope U’ll get it.. Psycho-The-Rapist!! ;)

  15. Morgan Storey 4 August 2008 at 4:48 am Permalink

    Navin: My missus and I have pretty similar sense of humour on our honeymoon on a day trip out in the Whitsundays we were heading into an Island and the captain said “The island only has simple pit toilets, and if you fall in we will leave you there and you will have to carry on undeterred” Her and cracked up, but everyone else didn’t get it or thought it was too juvenille.

  16. d347hm4n 4 August 2008 at 12:42 pm Permalink

    works quite well I’m 98% male which is reassuring >.<

  17. gul 4 August 2008 at 1:23 pm Permalink

    You have to accept the woman in you.

    Honestly, 2% shall not be too difficult ;)

  18. Navin 4 August 2008 at 2:07 pm Permalink

    So wht exactly does 2% mean?? You go to a race car derby, start munching on nachos/chips until the chequered flag and fart proudly rite from the word “go”, but you carry some SPF-30 sunblock, just in case?