New Study Shows Anonymous Data Isn't Very Anonymous At All

from the hear-that? dept

We’ve pointed out time and time again that there’s really no such thing as an anonymized dataset. Given the data, it’s almost always easy enough to at least connect some of it back to a real person. It looks like there’s now some research to support that. Steven Hoy points us to a new paper where some researchers wrote an algorithm that takes anonymized data from social networks and connects it back to names and addresses of individuals:

We present a framework for analyzing privacy and anonymity in social networks and develop a new re-identification algorithm targeting anonymized social-network graphs. To demonstrate its effectiveness on real-world networks, we show that a third of the users who can be verified to have accounts on both Twitter, a popular microblogging service, and Flickr, an online photo-sharing site, can be re-identified in the anonymous Twitter graph with only a 12% error rate.

Basically, the researchers are saying that anonymized data isn’t really anonymous — and social networks that insist they’re “safe” because they’ve anonymized the data are being somewhat disingenuous.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “New Study Shows Anonymous Data Isn't Very Anonymous At All”

Subscribe: RSS Leave a comment
TheStuipdOne says:

Isn't that difficult

Take for instance me on this site. While I acknowledge that IP address isn’t anonymous if you just use geographic information from the IP you can get a pretty good idea of who I am.

When I post on this site from work the IP logging would see an IP from corporate headquarters (I think). When I post from home you’d see the IP from my home. Knowing that from my posts what profession I’m in it wouldn’t be too difficult to find a company headquarterd in area A with an office in area B that does the type of work I claim to be doing.

So while this example doesn’t give my name and address it does show more information than I’ve posted to this site to anyone who cares to look

ehrichweiss says:

Re: Isn't that difficult

It’s more than that though.

What they found was that people tend to have the same groups of friends, even when they’re “anonymous”, and that by analyzing the groups of friends on different social sites combined with a few other tell tale signs, you can narrow down who they are 2 out of 3 times.

I should have published on this years ago cause I’ve hunted people down in this manner for ages. It’s not that difficult but it does require patience and some ability to use logic, as well as a keen understanding of human nature. Each piece of information is a new stepping stone to the next and eventually yields the ultimate goal.

AllXClub (user link) says:

Anonymous Data

Your data is safe with us. AllXClub is totally confidential, and private. You can read more about allxclub and how important the confidentiality is at or more not so confidential information about the new mlm allxclub at Why pay to play, when you can play and get paid?

Ray says:


It appears, and I say ‘appears’ advisably since they have not posted the full results, that the more sites you post on that sell your “anonymized” information, then the better the chance that you can be matched up with what you might consider your private data.

Really nothing new about this if that is true, it is a standard spy methodology used to identify what is going on someplace, just get a lot of data points and see what the pattern is. First saw the affects of that back in the late 70’s when the monitoring of CB radios (about half the unit used them) and the telephones gave away the supposedly secret plans for a military training operation that most of us only knew tiny pieces of prior to the exercise. Or in the late 80’s a security test group identified what was going on in a supposedly secret building by using license plates, normal phone listening, and hanging around local businesses people went to for lunch and drinks.

So the next question is, what happens if you use a different IP address (not the same company/town, but a different company which has a different town listed), and a different user name for each social site? I think (but would not bet on it) that it would be much harder to cross-reference without analyzing postings carefully over a long period of time, not impossible since most people have unique habits that act like a signature.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...