CRW

Home Wiki

De-anonymization

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Stub
This article is a stub. The wiki community is still building it out.
Contents4
  1. How it works
  2. How data is anonymized
  3. Why it is a problem
  4. Examples

Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Issues may include:

  • This article needs to be expanded to provide meaningful information
  • This article requires additional verifiable evidence to demonstrate systemic impact
  • More documentation is needed to establish how this reflects broader consumer protection concerns
  • The connection between individual incidents and company-wide practices needs to be better established
  • The article is simply too short, and lacks sufficient content

How you can help:

  • Add documented examples with verifiable sources
  • Provide evidence of similar incidents affecting other consumers
  • Include relevant company policies or communications that demonstrate systemic practices
  • Link to credible reporting that covers these issues
  • Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

De-anonymization is the process or final state of revealing the true identity of an anonymous or pseudonymous person. All data linked to the anonymous or pseudonymous entity can then be connected to the true identity.

How it works

The core of de-anonymization involves making inferences to connect different types of obfuscated data, sometimes even across platforms.

How data is anonymized

Before de-anonymization happens, it needs to be anonymized. Anonymization, in practice, also involves around collecting user data that is said to be "aggregated/de-identified basis" which involves the usage of k-anonymity. There are also forms of data collection that also used in different methods such as t-closeness, l-diversity, and differential privacy, however there are other forms of data collection that is also used, which have yet to be disclosed to the customers.

Why it is a problem

Many privacy policies describe the disclosure of anonymized data to third parties in an effort to "limit unwarranted data collection". However, de-anonymization circumvents these privacy measures, allowing these third parties to engage in practices such as data sales or targeted advertising as normal. This is however, an issue when it comes to privacy, as an adversary (e.g telemarketer) will be able to conduct an research on those records in order to attempt to reveal the data that is aggregated.[1]

Examples

[1]

  1. Narayanan & Shmatikov, Arvind & Vitaly (November 11, 2006). How To Break Anonymity of the Netflix Prize Dataset. United States, Taxes, Austin.: The University of Texas at Austin.
Filed under