Researchers Can ID Anonymous Twitterers

narramissic writes "In a paper set to be delivered at an upcoming security conference, University of Texas at Austin researchers showed how they were able to identify people who were on public social networks such as Twitter and Flickr by mapping out the connections surrounding their network of friends. From the ITworld article: 'Web site operators often share data about users with partners and advertisers after stripping it of any personally identifiable information such as names, addresses or birth dates. Arvind Narayanan and fellow researcher Vitaly Shmatikov found that by analyzing these 'anonymized' data sets, they could identify Flickr users who were also on Twitter about two-thirds of the time, depending on how much information they have to work with.'"

Who promised?

[plover]

Who ever promised this data would be anonymous? Do you really expect privacy when posting personal stuff on line, even if you don't sign your name in advance?

Re:Who promised?

[CannonballHead]

So, to be anonymous, I need to get behind 7 proxies, use tor and ssh on a hacked wifi that I'm accessing via a pringles can-tenn from across state or national lines and make sure that all of the social network connections I have are to similarly protected people (behind 7 proxies, use tor and ssh on a hacked wifi that they are accessing via a pringles can-tenn from across state or national lines).

;)

That said, I agree. =D

Twits

[brkello]

Slashdotters care about privacy. People on these social networking sites want their lives to be on show for everyone. I don't think people who twit every 5 minutes where they are and what they are doing are really to concerned about their privacy.

Re:Twits

[LandDolphin]

This.

However, I don't think a lot of people fully understand the negative side of placing your life online for all to see. They fail to realize that placing their discussion about smoking pot (or other dubious activity) on twitter might one day cause them a job.

Re:Who promised?

[Rorschach1]

Then again, some of us are very well aware of it and just don't care so much. If I want to post thoughts to a blog that I don't want linked back to me (and I've done so in the past), I'll set up something entirely separate, with a name I've never used before, linked to a new gmail account.

Anyone with half a brain can figure out exactly who I am, where I live, and what I do for a living, starting from this post, in about 20 seconds. Medical conditions and sexual preference might take a little more work, but I'm sure some of it is out there.

Frankly, I don't care. I'm self-employed and don't worry about what an employer might think of me. My friends and family seem to like me well enough despite already knowing that stuff. So long as it's not information that's going to result in identity theft (account numbers and such), there's not much that's worth the effort to conceal.

Re:Who promised?

[Webious]

So, to be anonymous, I need to get behind 7 proxies, use tor and ssh on a hacked wifi...

RTFA - I think you missed the point:

Our de-anonymization algorithm is based purely on the network topology

Re:Who promised?

[davester666]

"all of the social network connections I have are to similarly protected people"

No, for you to remain anonymous, you must disavow all knowledge of anybody in your social network, for all 'accounts' or whatever, for all postings that you want to not be readily linked back to you. And they must not have any links to these accounts either (so the easiest way is to not tell them about these 'anonymous' accounts).

Re:Who promised?

[Anonymous Coward]

I think you missed the point actually.

or should I say... wooosh!

maybe try reading past the first 19 words before replying to a post?

Social network can-o-worms

[xixax]

Are there really any surprises here? Social networks behave a lot like the Internet, with many routes pointing to your front door.

For example, use whatever falese names you want. Your email address makes a dandy primary key squirreled away in all your friends mailboxes, just waiting for Facebook to Hoover it up and join the dots.

Your privacy and anonymity is defined by the aggregate social stupidity of your friends.

Xix.

Please read our FAQ

[arvindn]

We have an FAQ about this paper [utexas.edu]. It answers many of the misconceptions expressed in the comments here. In particular, our algorithm applies to much more than public social networks like twitter and flickr. A variety of networks including the phone call network are being shared behind your back in anonymous form, and our de-anonymization techniques apply just as much. You'll probably agree that people expect more privacy there. See my blog [33bits.org] for a variety of demonstrations and thought-experiments of de-anonymization.

Re:Who promised?

[ssintercept]

how 'bout not using twitter, myspace, facebook, etc??

don't you use those services to be noticed?

Re:Who promised?

[ssintercept]

whoosh yourself- as per the above article "researchers showed how they were able to identify people who were on public social networks such as Twitter".

so the first step on concealing your identity is to not use the public social networks.

Please do not go and work for google

[tqft]

http://www.guardian.co.uk/technology/2009/mar/26/seth-finkelstein-google-advertising [guardian.co.uk]
"Google recently took another step along the path of surveillance as a service, launching what it called "interest-based advertising", and which everyone else calls "behavioural targeting". These are systems that collect extensive personal data, for marketing purposes. To best understand the issues,"

http://sethf.com/infothought/blog/archives/001422.html [sethf.com]

I once upon a time worked for a statistics agency and even without names and addresses it is surprisingly easy to identify people in anonymous data, even anonymised unit record data can be deconstructed to some degree. Depending on what you want to achieve don't even need to identify them.

Marrying up these datasets and ideas would be gruesome.

Re:Who promised?

[Runaway1956]

Heh. To right. When I got TOR up and running, I was tempted to sign into a couple places, to look at my - uhh - "internet profile" being presented by browser, etc. Was reaching for the "submit" button, when I realized, "Hey, this is STOOOO-PID!" I'm no longer anonymous once I sign in ANYWHERE!

Re:Who promised?

[Anonymous Coward]

Exactly. This is what I do.

If you have a 'real' account and an 'anonymous' account, why do you need to have links to your friends with your anonymous account anyway, when you can just use your real account?

If you really need to have links to your friends from your anonymous account, then just have them create anonymous accounts too, and have links to those rather than their real account.