Researchers can ID anonymous Twitterers

Web sites that strip personally identifiable information about their users and then share that data may be compromising their users' privacy, according to researchers at the University of Texas at Austin.

They took a close look at the way anonymous data can be analyzed and have come to some troubling conclusions. In a paper set to be delivered at an upcoming security conference, they showed how they were able to map out the connections on public social networks such as Twitter and Flickr. They were then able to identify people who were on both networks by looking at the many connections surrounding their network of friends. The technique isn't 100 percent effective, but it may make some users uncomfortable about whether they should allow their data to be shared in an anonymous format.

[ For more security research see Researchers find ways to sniff keystrokes from thin air and Free tool to capture Conficker scans and probes ]

Web site operators often share data about users with partners and advertisers after stripping it of any personally identifiable information such as names, addresses or birth dates. Arvind Narayanan and fellow researcher Vitaly Shmatikov found that by analyzing these "anonymized" data sets, they could identify Flickr users who were also on Twitter about two-thirds of the time, depending on how much information they have to work with.

"A lot of the time people will share information online and they'll expect that they are anonymous," Narayanan said in an interview. But if their identity can be ascertained on one social network, its possible to find out who they are on some other network, or at least make a "strong guess," he said.

They do this not just by looking at one person's immediate circle of friends, but by analyzing the patterns in the connections between all friends on the social network. "The more of a person's network you can map out, the easier it gets to de-anonymize someone in the future, wherever they might go," he said.

In 2006, hoping to give search researchers a useful tool, AOL released a database of more than 650,000 user search records. Although this data was scrubbed, it didn't take long for the New York Times to identify one user based on her search queries, showing how supposedly anonymous data could be used to identify people.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine