We’ve seen the paper “De-anonymising Social Networks” which argues that so-called “anonymised” data can actually be used to identify people. The Register reports that GPS comes under the microscope courtesy of Philippe Golle and Kurt Partridge of the Paolo Alto Research Center and is found wanting as far as protecting user identity is concerned:
What Golle and Partridge found is that attempts to anonymize, or obfuscate, personally identifying information may fall woefully short if a user’s residence and office can be deduced.
“Obfuscation techniques which prevent re-identification based on (approximate) home location alone may not be adequate if the subject’s (approximate) work location is also known,” they write. “In fact, we show that home and work locations, even at a coarse resolution, are often sufficient to uniquely identify a person.”
The paper goes on to explain how this can be done. It doesn’t appear to be rocket science – people well versed in snooping techniques could easily work with the data and get results from it.
El Reg offers a little recent history for newcomers to the privacy debate:
The findings are reminiscent of the wake-up call that resulted in 2006 when AOL released 20 million search queries from 658,000 users. Although the company took care to remove names and other personal information, the disclosure proved a debacle after privacy advocates showed the data could still be used to identify the people making the searches.
Anonymised data? Another argument showing that, with some logic and relatively little effort this “anonymised” data can be converted into personally identifiable information (PII). The argument that “we use anonymised data so you are safe” has been dealt another blow.