in Geek stuff, PhD thesis, Security, Writing

De-anonymization is an important topic for anyone working with sensitive data, whether in the context of academic research, IT system design, or otherwise.

I remember a talk during a Massey Grand Rounds panel where a medical researcher explained how she could pick herself out from an ‘anonymous’ database of Ontarians, on the basis that her salary was public as an exact dollar figure, only people with her specific job had it, and she was the only woman in that position.

The more general idea is that by putting pieces together you may be able to identify somebody who someone else has made some effort to keep anonymous.

It’s a challenge when doing academic research and writing on social movements, when some subjects choose to be anonymous in publications. That means not just not sharing their name, but not sharing any information that could be used to identify them. That gets hard when you think about adversaries who might have access to other information (in an extreme case, governments with access to masses of information) or even just ordinary people who can combine information from multiple sources logically. The date of an event described in an anonymous quote might tell allow someone to look up where it happened online. Another quote in which a third party’s actions are described could be used to determine that the de-anonymization target wasn’t that person. And so on and on like the logical games on the LSAT or the intricacies of mole hunting.

Lee Ann Fujii wrote smart stuff about this, and about subject protection in research generally.

{ 3 comments… read them below or add one }

. October 25, 2018 at 9:42 pm
. January 9, 2019 at 10:46 pm

Sorry, your data can still be identified even if it’s anonymized

Urban planners and researchers at MIT found that it’s shockingly easy to “reidentify” the anonymous data that people generate all day, every day in cities.

. July 24, 2021 at 4:24 pm

Inside the Industry That Unmasks People at Scale

Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.

Leave a Comment

Previous post:

Next post: