One More Time With Feeling: 'Anonymized' User Data Not Really Anonymous

from the we-can-see-you dept

As companies and governments increasingly hoover up our personal data, a common refrain to keep people from worrying is the claim that nothing can go wrong -- because the data itself is "anonymized" -- or stripped of personal detail. But time and time again, we've noted how this really is cold comfort; given it takes only a little effort to pretty quickly identify a person based on access to other data sets. As cellular carriers in particular begin to collect every shred of browsing and location data, identifying "anonymized" data using just a little additional context has become arguably trivial.

Researchers from Stanford and Princeton universities plan to make this point once again via a new study being presented at the World Wide Web Conference in Perth, Australia this upcoming April. According to this new study, browsing habits can be easily linked to social media profiles to quickly identify users. In fact, using data from roughly 400 volunteers, the researchers found that they could identify the person behind an "anonymized" data set 70% of the time just by comparing their browsing data to their social media activity:

"The programs were able to find patterns among the different groups of data and use those patterns to identify users. The researchers note that the method is not perfect, and it requires a social media feed that includes a number of links to outside sites. However, they said that "given a history with 30 links originating from Twitter, we can deduce the corresponding Twitter profile more than 50 percent of the time."

The researchers had even greater success in an experiment they ran involving 374 volunteers who submitted web browsing information. The researchers were able to identify more than 70 percent of those users by comparing their web browsing data to hundreds of millions of public social media feeds.

Of course, with the sophistication of online tracking and behavior ad technology, this shouldn't be particularly surprising. Numerous researchers likewise have noted it's relatively simple to build systems that identify users with just a little additional context. That, of course, raises questions about how much protection "anonymizing" data actually has in both business practice, and should this data be hacked and released in the wild:

"Yves-Alexandre de Montjoye, an assistant professor at Imperial College London, said the research shows how "easy it is to build a full-scale 'de-anonymizationer' that needs nothing more than what's available to anyone who knows how to code." "All the evidence we have seen piling up over the years showing the strong limits of data anonymization, including this study, really emphasizes the need to rethink our approach to privacy and data protection in the age of big data," said de Montjoye.

And this doesn't even factor in how new technologies -- like Verizon's manipulation of user data packets -- allow companies to build sophisticated new profiles based on the combination of browsing data, location data, and modifying packet headers. The FCC's recently-passed broadband privacy rules were designed in part to acknowledge these new efforts, by allowing user data collection -- but only if this data was "not reasonably linkable" to individual users. But once you realize that all data -- "anonymized" or not -- is linkable to individual users, such a distinction becomes wholly irrelevant.

One of the study's authors, Princeton researcher Arvind Narayanan, has been warning that anonymous data isn't really anonymous for the better part of the last decade, yet it's not entirely clear when we intend to actually hear -- and understand -- his message.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anonymized data, anonymous, privacy

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    discordian_eris (profile), 26 Jan 2017 @ 3:56pm


    The Western world is at the point now where data acquisition meets or exceeds that behind the Great Firewall of China. The only difference is that it is not the government doing the spying, it is business. Thanks to the third party doctrine and the All Writs act, the governments here in the US have access to all of it. And almost always without the need for something as onerous as a warrant or even probable cause.

    Obama refused to crack down on these activities adequately and has handed Trump tools and weapons that no president should have. I'd say that it is up to Congress now to do their jobs, but since they work for the corporations, and not the people, that isn't going to happen.

    While I think that Obama did a number of good things, I sure wish that he had had the balls to actually heed the warnings that he was given. Like LBJ, (in regards to Vietnam), Obama was too worried about being called a pussy to do that right things about T.W.A.T. Now we all, Americans and the entire world, are going to be forced to deal with the consequences of his inaction.

    I sure hope like hell that in 2020 Americans remember this kind of crap and put someone in the White House who isn't too cowardly or psychotic to do the right thing for the country. It's time we voted in people who KNOW that they work for the best interests of the people, not the best interests of the government, or the corporations.

    reply to this | link to this | view in thread ]

  2. icon
    madasahatter (profile), 26 Jan 2017 @ 4:24pm

    Oh Well

    I am not surprised. The basic flaw is the anonymized data hides personal preferences and habits. It does not. Everyone tends to have well defined usage patterns on the web. Correlating this patterns between various services can will effectively deanonymize data. The points of correlation the more accurate the identification.

    reply to this | link to this | view in thread ]

  3. identicon
    Unanimous Cow Herd, 26 Jan 2017 @ 8:11pm

    About time

    Good to have you back.

    reply to this | link to this | view in thread ]

  4. identicon
    Typical Business Executive, 26 Jan 2017 @ 8:46pm

    Everybody knows that in order to look people up in a database you start with their last name. And you start that search with the first letter of their last name. So, by removing the first letter of the last name from the data we have made it impossible to link any of the data to any particular person because we have made it impossible to look them up! Thus, we have achieved perfectly anonymized data.

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, 27 Jan 2017 @ 4:49am


    "Everybody knows that in order to look people up in a database you start with their last name. "

    I do not think that everyone knows that tidbit, seems like unreasonably restrictive search criteria. Why is this the case while other identifying tags might provide equivalent results?

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, 27 Jan 2017 @ 6:33am

    Re: Re:


    reply to this | link to this | view in thread ]

  7. icon
    Graham Cobb (profile), 27 Jan 2017 @ 7:10am

    How do we fight this?

    Two possible routes (I am sure there are others):

    1. The law. Allow for data to be marked, by the owner or source, as "anonymised" (whether any technical steps are taken or not) and make it a criminal offence to either (i) attempt to de-anonymise, or (ii) correlate such data with any other data. This should be enough to prevent (for example) insurance companies using such data to set premiums and it might even be enough to prevent major commercial data brokers from using the data (although steps would have to be taken to make sure investigation and penalties are severe enough to prevent data-washing, possibly abroad). Of course, it has no effect on governments, nor on commercial deals where the source is not willing to mark the data as "anonymised".

    2. Publish standards (NIST?) for anonymisation. Maybe not so much specific algorithms as principles. For example, if identifiers are to replaced by meaningless numbers, the identifier-to-number mapping must change more frequently than an adversary is likely to be able to gether enough data to de-anonymise. These would have to be based on research. For example, based on the research in the article, a database of tweets might need to change the mapping of the profile name every 29 tweets, or something. Or a database of ANPR data showing traffic movements might have to change the vehicle pseudo-identity every 1 hour.

    These two steps would also have to be accompanied by greater public awareness of de-anonymisation. The legal route is particularly important in making sure that companies cannot claim something is "anonymised" unless there are ways for the data subjects to actually enforce it.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 27 Jan 2017 @ 8:11am

    It is not just Internet information that is currently being used. Quintiles/IMS gets prescribing information from pharmacists concerning which prescriptions are filled. They then anonymize that information and then resell that information to pharmaceutical companies and anyone else that wants to buy it. Then that information is sent to other companies to append personal information to the records. The hit rate of a match is pretty good, otherwise no one would buy it. Ask Quintiles/IMS about this and you won't get a very clear answer of exactly what they do.

    reply to this | link to this | view in thread ]

  9. identicon
    Anonymous Coward, 27 Jan 2017 @ 8:13am

    Another example is the public information of clinical trials. Personal information is "removed" but it is not hard to run the information supplied on an "anonymized" record and match it up with a person, especially on smaller clinical trials.

    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, 27 Jan 2017 @ 12:03pm

    Differential Privacy

    (Not the best wikipedia article; better to read Dwork's papers & watch her videos on YouTube.)

    Given a number of queries, n, DP fuzzes the dataset in such a way that

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, 27 Jan 2017 @ 12:05pm

    Re: Differential Privacy

    "Given a number of queries, n, DP fuzzes the dataset in such a way that"

    It looks like putting in a "less than" character will end the comment.

    I'm not going to waste any time providing high quality feedback if your web page arbitrarily truncates the comments.

    reply to this | link to this | view in thread ]

  12. icon
    frank87 (profile), 28 Jan 2017 @ 3:04am

    33 bits of entopy

    reply to this | link to this | view in thread ]

  13. icon
    frank87 (profile), 28 Jan 2017 @ 3:06am

    33 bits of entopy

    Is enough to identify a person. That's less than the entropy in this story.

    reply to this | link to this | view in thread ]

  14. icon
    historygeek (profile), 28 Jan 2017 @ 10:35pm

    All of today's major web browsers collect and give out specific information about the computer being used. Not just things like the MAC address which is necessary for the current internet protocols but also what your operating system is. Geographical locators are turned on by default to optimize search results and simplify mapping. And now many websites take a "portrait" of the icons on your desktop and their arrangement as well as a list of all the programs installed on your system. Which is about as unique as a fingerprint. Furthermore a recent study showed that individual computer users could by reliably identified by the patterns formed by the routine movements they used/made with a computer mouser [as shown by the travel of the cursor across the screen]. Unless you are making serious, consistent efforts to hide your online behaviour you are always personally identifiable. This is the standard state of affairs.

    reply to this | link to this | view in thread ]

  15. icon
    historygeek (profile), 28 Jan 2017 @ 10:37pm


    Computer mouser was a typo. Ironically it could be used as a term for the work of the tracking technologies described.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)


Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.