Researchers Can ID Anonymous Twitterers 108
narramissic writes "In a paper set to be delivered at an upcoming security conference, University of Texas at Austin researchers showed how they were able to identify people who were on public social networks such as Twitter and Flickr by mapping out the connections surrounding their network of friends. From the ITworld article: 'Web site operators often share data about users with partners and advertisers after stripping it of any personally identifiable information such as names, addresses or birth dates. Arvind Narayanan and fellow researcher Vitaly Shmatikov found that by analyzing these 'anonymized' data sets, they could identify Flickr users who were also on Twitter about two-thirds of the time, depending on how much information they have to work with.'"
Re:Who promised? (Score:1, Interesting)
Have a worm infect and propagate via weak passworded/WEP routers.
Re:Who promised? (Score:2, Interesting)
2) While a lot of people are still grappling with #1 above, there are a lot of more sophisticated people who need to learn that even if they ARE behind 7 proxies, using tor, ssh, on a hacked wifi they are accessing via a pringles can-tenna from across state or even national lines... and then use that super anonymous connection to participate anonymously in 'social networking' sites like twitter, facebook, etc... even if they never reveal a single personal detail about themselves, their place within the social network itself can be reliably used to unmask them once they've had their anonymous account linked to real friends.
People REALLY need to be educated about this.
Or read some spy novels from the cold war. Lots of spies are discovered by figuring out who had access to information and who their associates are.
Re:Who promised? (Score:5, Interesting)
The important thing is that anyone or anything that links your "real persona" and your "anonymous persona" is a potential threat to your anonymity both through things they willingly or mistakenly do and through things they could be coerced or forced into doing.
It's all too easy to put lots of thought into making it bloody hard to trace your connection but then link your "anonymous persona" to your "real persona" through common friends, accidently logging into a site using the wrong account for the connection you are using, forgetting to flush cookies (and any similar tracing objects) when moving between your "nonanoymous connection" and your "anonymous connection" and so on.
Re:Who promised? (Score:5, Interesting)
I agree, but I think it's an age and culture issue. These issues are new.
In 10 years, no one would expect that a Twitter account couldn't be connected to your FB account any more than they would think you could cheat on your partner by taking your partner-in-crime to a pub you and your date frequent. The principle is no different - if two social spheres overlap, you've given up your relative anonymity.
That's why Larry Craig tapped his toe in an airport bathroom in a stop-over airport - low likelihood of running into someone who might know him.
Re:Who promised? (Score:3, Interesting)
Years back, I used my real name for all of my online activities. After my kids were born, though, I reconsidered using my real name and address. So when I started a blog, I made up an "anonymous" name. I'm under no illusion that it is 100% anonymous, but I do my best to keep my "real name identity" and my "blog identity" separate. I'm go "blog identity" on all of the sites I frequent, but I'm unwilling to disappear as "Jason Levine" and either a) pretend to be a newbie at the site for awhile or b) reveal to everyone that "Jason Levine" and "BLOG_ID" are one and the same. While I might make some mistakes that wind up linking the two, I'm not going to come out and do it on purpose. (A really creative type could locate my blog ID though. I'll even give a hint: it's through my wife's blog name.)