As the team explained in a presentation at DEFCON in 2017, de-anonymizing huge databases of browser history was spectacularly easy. Here’s how it worked. Sometimes there were direct clues to the person’s identity in the URLs themselves. Like anyone who visited Xing.com, the German equivalent of LinkedIn. If you click on your profile picture on the Xing website, you are sent through to a page with an address that will be something like the following: www.xing.com/profile/Hannah_Fry?sc_omxb_p
