Skip to content

Your Online Identity Is Not As Anonymous As You Think!

In their paper “De-Anonymising Social Networks“, Arvind Narayanan and Dr Vitaly Shmatikov from the University Of Texas at Austin present a method by which supposedly “anonymous” data can be turned back into identifiable names and addresses.  This is a very disturbing development.

The BBC carries a report on the paper here.  If you want to look at the whole paper then you can find it here.

Do you still believe that the claims of companies like Phorm when they say nothing identifiable is recorded by their (still to be proven legal) DPI product “Webwise” ?  I never have.  This confirms my beliefs and affirms my position as an opponent of Phorm and any peddler of DPI technology to snoop on ISP customers.

The paper’s conclusion is quite scary.  I’ve tried to snip a few bits out for brevity.

The main lesson of this paper is that anonymity is not sufficient for privacy when dealing with social networks. We developed a generic re-identification algorithm and showed that it can successfully de-anonymize several thousand users in the anonymous graph of a popular microblogging service (Twitter), using a completely different social network (Flickr) as the source of auxiliary information.

Our experiments underestimate the extent of the privacy risks of anonymized social networks…  we expect that our algorithm can achieve an even greater re-identification rate on larger networks.

We demonstrated feasibility of successful re-identification based solely on the network topology… In reality, anonymized graphs are usually released with at least some attributes in their nodes and edges, making de-anonymization even easier.

Furthermore, any of the thousands of third-party application developers, the dozens of advertising companies, governments who have access to telephone call logs have access to auxiliary information which is much richer than what we used in our experiments. At the same time, an ever growing number of third parties get access to sensitive social-network data in anonymized form.

These two trends appear to be headed for a collision resulting in major privacy breaches, and any potential solution would appear to necessitate a fundamental shift in business models and practices and clearer privacy laws on the subject of Personally Identifiable Information.

Published inInternetprivacy


  1. Sue

    If this is true then why don’t they just catch people like paedophiles and terrorists and bring their sites down instead of penalising the rest of us for them breaking the law?

  2. Jamie Jamie

    That’s because the hardcore child porn rings are run on secure, encrypted networks, as Cory Doctorow explains here. Anything that is encrypted (which goes through websites starting https://) isn’t easily broken unless you’re law enforcement and have a shedload of hardware to do just that. I’d expect that terrorist groups would use similar technology.

    The fact that hardcore child porn rings are run on secure, encrypted networks isn’t something this “government” wants the general public to know, simply because it exposes their “we must protect the children” justification for things they do as a scam. The more that people know child porn networks are often encrypted the more they will start asking “Why are you looking to snoop on everyone?”.

    Use of Deep Packet Inspection technology will enable the “government” to snoop on every internet connection in the UK and, contrary to the claims of others and as this paper now proves, use it to identify names and addresses. And just as the Left like to slur those who disagree with some of their initiatives as “racist”, so the slur “paedophile” will become more prevalent as people start holding this “government” to account.

Comments are closed.