There's No Such Thing As An Anonymized Dataset

from the statistical-analysis dept

Slashdot reports that a pair of computer scientists have figured out how to de-anonymize the "anonymous" data set that Netflix released as part of its million-dollar contest to improve its recommendation algorithm. The researchers found that the set of less-popular movies a user has rated tends to uniquely identify that user. By comparing movie ratings on IMDB with the ratings in the Netflix data set, the researchers were often able to uniquely pair a particular IMDB user with a corresponding Netflix user. And that meant the researcher would instantly have access to all of the user's Netflix ratings, which Netflix users presumably expected to remain private. While movie ratings might seem innocuous at first glance, the authors point out that one's movie ratings can often reveal potentially embarrassing personal details, including a user's views on politics, religion, and homosexuality. This isn't the first time a company has released "anonymous" data regarding its users that turned out not to be so anonymous. Last year, AOL got in a lot of hot water when it released a data set of search queries that turned out to be quite easy to link back to the users conducting the searches. The lesson here is that companies should be very reluctant to release private customer data, even if they believe they have "anonymized" it. Anonymization is surprisingly difficult, and you can never be sure you've done it successfully; it's always possible that someone will find a way to link records back to the people they represent. Wherever possible, companies needing to release data should either aggregate it in a way that avoids revealing information about individuals, or they should carefully limit who has access to the data sets, to avoid having the data sets become publicly available. Simply stripping out the "username" field doesn't cut it.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    vin, Nov 30th, 2007 @ 3:37pm

    oh for shame. someone might be able to tell that someone relatively unique to me has rented a movie, if they put a ton of work into it and I have already signalled my lack of concern by essentially broadcasting this on imdb

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Hallie, Nov 30th, 2007 @ 3:47pm

    Sorry, you've lost me on this one. If I've read this correctly, the data set was NOT "de-anonymized", only a sub-set of it was. What percentage of the whole is it? I looked through their paper, but it doesn't seem to be mentioned anywhere. And the only ones who can be identified are people who made a public profile on IMDb who presumably don't mind being identified.

    I also don't agree with some of the conclusions to which the researchers jumped. For example, for one individual, they state "He did not like “Super Size Me” at all; perhaps this implies something about his physical size?" Or perhaps it implies that he thought the movie wasn't well-made, or that the story was cliched? They also state "Strong guesses about his religious views can be made based on his ratings on “Jesus of Nazareth” and “The Gospel of John”." If all they're going on is a numerical rating without any written opinion about either movie, the only conclusion they could reasonably make would be what he thought about the movies as movies.

    Sure seems to be a lot of noise without much substance.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Jim Harper, Nov 30th, 2007 @ 3:48pm

    Erm, great insight, vin. Anyone in the TechDirt commmunity - what is that, TechDirters? - know about synthesized data. I wrote about it some here, but don't have a lot of knowledge.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Matt O, Nov 30th, 2007 @ 7:34pm

    the Sci-Fi Tempest in a teapot

    While I agree that the theory is indeed pretty serious, the actual application here is pretty sketchy. You have to have both a Netflix account and an IMDB account in this scenario and use similar information in both of them.

    What's interesting about this to me is that this social hack is identical to breaking substitution cyphers - go with the most obvious data first (okay, so in code, you pick the Most frequent letters and combos and bang away on them for awhile and with Netflix you pick the Least Likely movies to repeat, but the *concept* is identical) and just bang away until you're pretty sure you have a match.

    I'd be interested to learn some of the math theory behind the matching algorithm even though I'm far from a mathematician.

    Also, can't I, as a netflix user just claim that the match is incorrect? I mean, if I'm given the chance to respond. I know that what we're talking about here is reputation, so accusation is enough, but still - I agree that this is tempest in a teapot, at least a little bit.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Ferin, Dec 3rd, 2007 @ 5:15am

    Not really de anonymized...

    Freom what I'd read on the slashdot posting, all the researchers had done was find a subset of imdb users who'd made reviews on both imdb and netflix with similar timing and content. While I'm sure you could positively ID a few of these people from this, it's not a very strong ID, and at best all you;ve done is link an imdb screen name up with some data from netflix. Doesn't seem particularly chilling to me.

    Am I getting this one wrong?

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Derek Kerton (profile), Dec 3rd, 2007 @ 4:35pm

    It Is A Problem

    This actually is a privacy problem for Netflix and its users. The problem is because what people choose to say and rate on IMDB (publicly) may not totally correspond to what they RENT or rate on Netflix (privately) -- yet the overlap can uniquely identify them.

    For example, say IMDB user Johnny8332 rents and highly rates a Lithuanian comedy and a Chinese drama film on both IMDB and Netflix. Let's assume Johnny is the only guy who saw and rated both films highly at both sites. Now we can link his Netflix behavior to his IMDB name.

    Next, Johnny doesn't want to tell anyone in the world that he's a closet homosexual and is extremely right wing (I don't get it, but it seems to happen, and Johnny's got every right to be a right-wing homosexual.) It's Johnny's prerogative to keep that personal info private.

    That's why when Johnny rents and enjoys "My Own Private Idaho", "FahrenHYPE 911", "Michael Moore Hates America", and some gay porn from Netflix, he also chooses not to go onto IMDB and rate them 8/10.

    But the researcher in the story has shown that he can identify and match Johnny8332's public IMDB persona with Johnny's private persona and private choices. This is a risk to Johnny's privacy. It can now be made public through his IMDB ID that he's a right wing homosexual.

    It's a lot like many of you who rent the porn in hotels, and as you check out the desk clerk attaching a 4" round pin on your suit lapel that says "I watched porn last night". It's your choice to watch porn at the hotel, but it's probably not a detail you would choose to publicly disclose.

    Netflix has unwittingly allowed itself to expose people in that way.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Celes, Dec 3rd, 2007 @ 6:45pm

    Re: It Is A Problem

    As for the hotel bit, I don't know about all video providers for hotels, but the provider my hotel uses does not disclose the title or type of movie watched, only the price (which tends, of course, to be higher for porn but this is not true in all cases), so it's impossible for the desk clerk to know what you were watching. Caveat: If you purchase the all-day porn package, it costs way more than anything else offered, so if your clerk is one of the few who actually pays attention to that sort of thing, yeah, they'll know.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Michael, Jun 5th, 2008 @ 8:45pm

    Re: It Is A Problem

    You might want to learn your left from your right.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Jeremy, May 12th, 2010 @ 12:12pm

    Census data is supposed to be "anonymized"

    Just thought I'd throw that into the mix.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    G-Minor, May 4th, 2011 @ 3:34am

    The BIG PITURE...whether its Netflix, Google / Android, RIM, Sony, Apple WE ARE BEING watched and tracked. These companies should be totally honest and up front with what they do with our personal data. NOT GIVING / SELLING it for a profit without notification or permission. How about notifying that individual first and ask them if they would like to make a profit by aggreeing to their info being sold. This way if a personal data gets realesed, he or she can sue that company and or get a 95% of the profits from every company that his his / her information at their ready to display or target. I'd sue for "defimation of character" and stolen identity.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This