Forgot your password?
typodupeerror
Privacy Your Rights Online

Anonymous Cowards, Deanonymized 159

Posted by Unknown Lamer
from the we-know-who-you-are dept.
mbstone writes "Arvind Narayana writes: What if authors can be identified based on nothing but a comparison of the content they publish to other web content they have previously authored? Naryanan has a new paper to be presented at the 33rd IEEE Symposium on Security & Privacy. Just as individual telegraphers could be identified by other telegraphers from their 'fists,' Naryanan posits that an author's habitual choices of words, such as, for example, the frequency with which the author uses 'since' as opposed to 'because,' can be processed through an algorithm to identify the author's writing. Fortunately, and for now, manually altering one's writing style is effective as a countermeasure." In this exploration the algorithm's first choice was correct 20% of the time, with the poster being in the top 20 guesses 35% of the time. Not amazing, but: "We find that we can improve precision from 20% to over 80% with only a halving of recall. In plain English, what these numbers mean is: the algorithm does not always attempt to identify an author, but when it does, it finds the right author 80% of the time. Overall, it identifies 10% (half of 20%) of authors correctly, i.e., 10,000 out of the 100,000 authors in our dataset. Strong as these numbers are, it is important to keep in mind that in a real-life deanonymization attack on a specific target, it is likely that confidence can be greatly improved through methods discussed above — topic, manual inspection, etc."
This discussion has been archived. No new comments can be posted.

Anonymous Cowards, Deanonymized

Comments Filter:
  • First (Score:5, Funny)

    by Bicx (1042846) on Tuesday February 21, 2012 @08:06AM (#39109365)
    First! Analyze this anon comment, suckers!
    • Re:First (Score:5, Funny)

      by Macthorpe (960048) on Tuesday February 21, 2012 @08:09AM (#39109385) Journal

      Got you! Using the power of de-anonymisation, I have discovered there you are none other than...

      Bicx! [slashdot.org]

      This stuff really works.

      • by Anonymous Coward

        Still, without other forms of authentication, it's just an educated guess.

        Take a community like Slashdot, for example - I see somebody write an interesting or witty phrase, and add that phrase to my vocabulary, repeating it in another discussion later. Does that make me that person? Now imagine 20 or more people doing the same.

        -- Ethanol-fueled

        • Re:First (Score:5, Funny)

          by Anonymous Coward on Tuesday February 21, 2012 @08:16AM (#39109453)
          "Now imagine 20 or more people doing the same."

          Then I wouldn't want to do any different.

          -- Ethanol-fueled
        • Re:First (Score:5, Interesting)

          by hairyfeet (841228) <.bassbeast1968. .at. .gmail.com.> on Tuesday February 21, 2012 @08:47AM (#39109795) Journal

          Yes but just like speech patterns folks got a habit of using similar phrases which I'm sure this picks up. For example I use folks where some would use people or persons, or if I think something is lame I often say it "Sucks the big wet titty" and often make reference to the south and southerners since that is my area. I'm sure if it went through every post of every place where I have the same UID (which is most of the places I hang out) it could then very easily either find my real name (Thanks to Yahoo comments using real first names and not UIDs) and any other places where I use a different UID quite trivially.

          In the end we humans are creatures of habit, we easily fall into patterns and routines and if its one thing computers excel at its pattern matching so frankly this doesn't surprise me at all and given a little time to tweak it I wouldn't be surprised if they have 95%+ accuracy if given a large enough data set of a suspected poster. So you might pick up ONE of my phrases, hell maybe even two, but I seriously doubt you'd pick up enough of my mannerisms that this thing would mistake Ethanol Fueled for Hairyfeet or vice versa.

          • Bah!

            Who needs software when we've got at least two dudes here who can identify hundreds of folks known as the Great Bonchime, or something like that....

            cheers,

          • Re:First (Score:5, Interesting)

            by lightknight (213164) on Tuesday February 21, 2012 @09:23AM (#39110161) Homepage

            And easily-defeated. One of the projects of my senior class at university was the building of software to defeat that kind of detection. It was crafted primarily so dissidents in foreign countries could speak without fear, by analyzing the author's writing patterns, and offering solutions to shift the writing to a different style.

          • Now I have to find a reason to say "Sucks the big wet titty."

        • I, for one, welcome our 20 anonymous overlords...
        • Re:First (Score:4, Funny)

          by TheLink (130905) on Tuesday February 21, 2012 @09:50AM (#39110491) Journal
          Imagine thousands of accounts doing the same thing then slashdot = stagnated.

          Anyway why do you cower? what are you afraid of?

          Wait a minute... ;)
          • by Dogtanian (588974)

            Imagine thousands of accounts doing the same thing then slashdot = stagnated. Anyway why do you cower? what are you afraid of? Wait a minute... ;)

            Of course, that raises the question of whether the multiple "Michael Kristopeit" accounts are actually someone called Michael Kristopeit, whether they're pretending to be someone else with that name, or whether the name was randomly chosen and any resemblance to any real "Michael Kristopeits" is purely coincidental. :-)

    • by Zaldarr (2469168)
      Sure Bicx.
    • Re:First (Score:5, Interesting)

      by FriendlyLurker (50431) on Tuesday February 21, 2012 @08:11AM (#39109413)
      This just begs a "reanonymize" browser plugin to alter one's writing style...
      • Re:First (Score:4, Interesting)

        by hairyfeet (841228) <.bassbeast1968. .at. .gmail.com.> on Tuesday February 21, 2012 @08:51AM (#39109833) Journal
        But wouldn't that just butcher the flow? I mean a trivial way to do it would be to run it through a translator, say take your English, convert it to German, then have it converted back to English, and you'd have this Chingrish kinda speech that was kinda sorta similar to what you said but not. Would you really want your ideas that mangled? Hell why even post at all if nobody is gonna understand you clearly?
        • Hell why even post at all if nobody is gonna understand you clearly?

          Well, this seems to work for about 1/2 the comments on slashdot! :D

          • by TheLink (130905)
            Even when the post is coherent and clear, half the time the people replying don't seem to be able to read and understand it correctly either :).
        • by zAPPzAPP (1207370)

          It would butcher some flows and really help others.
          We will all meet in the boring, anonymous middle of mediocre writing.

        • Gem from a lost soul in my childhood:

          ""What was it when for you said there was maybe like a lot of there but there wasn't and you knew it?"

          • by hairyfeet (841228)
            Aww hell that ain't nuthin, come down to the delta bottoms sometime and you'll find you'll probably need a translator to understand your fellow Americans, hell I've lived here all my life and even I need a translator when I get around Yazoo MS. There you'll find that ALL adjectives are replaceable with "Iz/Be/Been" so you get sentences like "I iz be fixin ta get around ta doin what you axked, but I be busy, probably tamarraw" would be considered a perfectly acceptable and actually more understandable than m
            • At least you're coherent!

              Sounds also like the Jamaican dialect among the seasonal workers in my area. I'll sign off with:

              "Me ha' go' way now co' me ha' simtn' fi' fix eh moi sumtn' fin yaum."
              (aka "Catch ya later, I have to go fix a bunch of $hit and I'm fscking hungry." in /. lingo.)

              • by hairyfeet (841228)
                While it has some similarities to Jamaican migrant workers its a LOT more slang heavy. in fact what really makes it a bitch is depending on the region you may have as many as FOUR different kinds of slang mixed in! You'll have black slang, poor white trash slang, and in MS you'll often get Creole slang mixed in there as well. I'd give you a sample but i'm afraid i wasn't joking, I actually DO have to have a translator if I stop around Yazoo, its too slang heavy. At least with the migrant workers its usually
      • by mwvdlee (775178)

        This conscionable pleads a "reanonymize" glancer connect-betwixt towards metamorphose anybody's transcribing idiosyncrasy...

        There, RTFY (Reanonymized That For You)

      • by saboola (655522)
        I been have use reanonymize awhile plugins. fantastic It's!
      • Anonymous is way ahead of you, to anonymize their writing style they all speak in memes :-P

        "Afro-men at the habbo pool"

        "Angry dad, when we done goofed"

      • This just begs a "reanonymize" browser plugin to alter one's writing style...

        All one gots'ta do be to run some sample uh speech drough de Dialectizer, conveniently located at http://www.rinkworks.com/dialect/dialectt.cgi [rinkworks.com], so cut me some slack, Jack.

        One wouldn't realize dis, but ah' have some university educashun and am highly fluent in de Enlgish language.

        Now ah' can sound likes I'm de average slashdot eyeballer. Ah be baaad...

    • by Sulphur (1548251)

      First!

      Analyze this anon comment, suckers!

      Kristopeit, is that you?

  • better way. (Score:5, Interesting)

    by Anonymous Coward on Tuesday February 21, 2012 @08:20AM (#39109497)

    This is, of course, not really new.

    A couple of years ago, there was some news (cannot find the link now) that some researchers tried this with a more statistical approach. As an implementation they used a compression algorithm.

    I had a try with this on a forum. Somebody posted a long story anonymously, but I suspected the author. I gathered 10 posts from 5 authors, including the suspect. Then I cut the amount of text to equal length. Subsequently I added the anonymous text to each of the 10 samples and bzipped the resulting text.

    The resulting zipped file was shortest in the case where I added the unknown text to the samples from the suspected author. The bzip algorithm apparently decided there was more similarity between the posts.

    Although this was by no means a real scientific test, I turned out to be correct and was rather pleased with the result. Seems to me such an approach could also be useful for things. Why login on /. when it can just figure out who you are based on what you have just written?

    To maintain anonimity you would just have to insert random shit into your posts.

    Bonus points for the slashdotter who can deduce my identity based on the non-randomness of this post.

  • by bigsexyjoe (581721) on Tuesday February 21, 2012 @08:22AM (#39109529)

    If it can identity you based on your idiosyncrasies, I suppose that means writers could use software based on these techniques to identity the idiosyncrasies in their own writing. From there, they can learn new ways to express themselves and write in a more colorful and varied manner.

    Heck, it can even be a tool that teaches you to think in a more varied manner.

    • If it can identify the idiosyncrasies in your writing, it can identify them in others'. I wonder if it can alter your "anonymous" controversial rant to look like that other.

    • by rednip (186217)
      I've seen it in my own writings on this forum, as of late. Currently I'm actually trying to 'stay away from' using such words as 'such' (damn!). I also try to reconsider transitions like 'also' and 'however', but obviously it doesn't always work out well. In particular, such notable words are especially awkward when used twice in a single paragraph, as well as a 'double qualifier'. Single quotes can also be to 'notable', as I tend to over use them as well and I've been told of my 'addiction' to commas,
    • If it's all automated, writers don't need to learn new ways to express themselves. Software can do that for them!

    • by rarrar (671411) on Tuesday February 21, 2012 @09:54AM (#39110557)
      Schools already use programs like "White Smoke" and http://www.whitesmoke.com/ [whitesmoke.com] and "Style Writer" http://www.stylewriter-usa.com/ [stylewriter-usa.com] to identify grammar errors and stylistic errors, and suggest corrections. These programs are able to identify active and passive voice, clarity and readability of writing, ambiguous words, gender specific words, cliches, and more. I'm not sure the use of such software is such a great idea. I guess it's OK as long as a teacher reviews the results. Then again, if the teacher doesn't do as good a job as the program does...
      • Thanks for pointers to those programs (I'll try the free stylewriter soon) - I've wondered about programs like that ever since I tried my hand at sentence generators back in high school.

        Have you tried these products and/or do you work in or have you benefited from that area of software development? (it's been too long - how do I PM you on slashdot??)

        8-PP

  • ....work on those in government creating fake identities for spying and provoking things that help them justify their pointless jobs.

    Looking at the percentages... Hmmmmm...

  • How many times is this going to be 'discovered' and featured on the front page of Slashdot? It's old news. We get it. No need to publish another story on the topic, there's been one a quarter or so for years.

  • by ardiri (245358) on Tuesday February 21, 2012 @08:45AM (#39109775) Homepage

    if your stupid enough to not change your posting style when trolling, your own bad.

  • is not the best way to keep a stable system / bandwidth, recently
  • Even going back to the day when forums on the internet were email lists, there would always be some immature person who was a regular who switched aliases.

    It would be so obvious from their pattern of writing that their new alias would seem as effective as a disguise as merely putting dark glasses on.

  • ... use a thesaurus.
  • I don't always attempt to identify an author, but when I do, I find the right author 80% of the time.

  • by ewrong (1053160) on Tuesday February 21, 2012 @09:32AM (#39110267)
    Je pense que cela peut être facilement évité.
  • This is why (Score:4, Funny)

    by Higgins_Boson (2569429) on Tuesday February 21, 2012 @10:06AM (#39110713)
    This is why I practice non-redundancy. Redundancy is too redundant, so constantly repeating words and/or redundant phrases becomes a redundant factor in helping people to determine who you are on the internet when you post as an anonymous coward redundantly.

    Remember, kids, practice redundant privacy measures to ensure you will never be exposed.
  • Sometimes I wish I had multiple personality disorder YOU'LL NEVER EXPOSE ME YOU BASTAGES
  • ...are those with multiple personalities immune to this sort of detection? :P
  • by Oswald McWeany (2428506) on Tuesday February 21, 2012 @10:49AM (#39111475)

    Damn! I'll have to stop using floxinoxinihilipilification so much in my anonymous posts or people will know it's me!

    Using the logic proposed in the article- can we assume that all the anonymous cowards using "the other f word" are all Samuel L Jackson?

  • by Megane (129182)

    Just as individual telegraphers could be identified by other telegraphers from their 'fists,'

    ...anonymous posters can be identified by their Frists? [google.com]

  • Tell us something new. This is how they caught Kaczinsky the Unibomber. Analysis of word choice word frequency sentence structure can and will identify you And? Identifying a single person from their many anonymous messages online leads you to back to anonymous.

    Aside from that it's easy enough to alter your writing to fool the analysis if you want to. Please tell us something new that every single person on Slashdot doesn't already know.

  • around 2,000 users

    #1. the smaller the town , the pettier the politics

    #2. there is one user we keep banning, and they keep coming back under a new name, and you can always tell with 100% accuracy that it is the same person, based on sentence cadence and agenda, and overall personality and attitude

    • by Lehk228 (705449)
      If their postings are not illegal I suggest you implement a shadowban system, shadow-banned users can still see their own posts, and mods can still see their posts, but users and guests cannot.
      • i thought that was called the rubber room

        it's funny to watch users who are not aware of this maneuver yet screaming about why people are not replying to them

        alas, not possible under the current system (ning)

  • by QuasiSteve (2042606) on Tuesday February 21, 2012 @12:09PM (#39112811)

    I've mentioned this before, but it's worth repeating as more and more services no longer use their own identity systems, relying instead on Gravatar, or doing away with their own comments system by relying on Disqus (which uses Gravatar).

    In the case of sites using Gravatar incorrectly*, which is pretty much all of them, 'anonymous' posts still have their Gravatar ID attached - which is just an MD5 of the person's e-mail address. All you then need to do is find that same MD5 on another site where the author opted not to post anonymously.

    The main reason this ties into the story at hand is in getting reference material together. With e.g. Disqus, you can be reasonably assured (unless account sharing occurs) that the anonymous post with MD5 X on site A is authored by the same person as that of the anonymous post with MD5 X on site B, and you can include both in the pool of reference material.
    ( This also means there are issues with anonymity even if the author always posts 'anonymous'. )

    * The worst part of this is the website owners. Aside from letting anonymous posts still grab their results from Gravatar (even if you don't have a Gravatar 'account', the e-mail address you use will be the MD5 in the HTML), some sites implement Gravatar as an afterthought. You could have been posting to a site for years behind a pseudonym, knowing that you're reasonably anonymous - and then find your pseudonym, and all the posts made, linked to other posts at other sites because the website owner decided to use Gravatar to display users' avatars of choice, using the e-mail address in their account.

    Gravatar is a useful service, especially in that the website can save some bandwidth, and the users who do want it can just update a single avatar and have that immediately be used on any site that uses the service.

    But I implore webmasters to consider seriously the ramifications of using Gravatar or Disqus, and at least:
    1. Disallow Gravatar on posts, profiles, etc. that were created before your implementation of Gravatar.
    2. Create an opt-in system for the use of Gravater, per-profile.
    3. Disable the Gravatar code when the post author has indicated that they want to post anonymously.
    4. If implementing Disqus, make clear that its service may not adhere to your site's own privacy policies, and posting anonymously is a faÃade.

    Much the same applies to other login, profile, and comment consolidation/aggregation/syndication systems (such as facebook's), but especially in the case of Gravatar, which requires no user interaction such as a login or existing valid login state), it is all too easy to think only of the benefits.

  • by Kuukai (865890) on Tuesday February 21, 2012 @02:07PM (#39114429) Journal
    Go all T.S. Elliot on their asses and build your posts entirely out of things other people have said. First post overlord gritsneal!
  • by Lillesvin (797939) on Tuesday February 21, 2012 @07:55PM (#39118861) Homepage
    Stylometry on Wikipedia [wikipedia.org]. Some linguists have been doing it for years and in some cases with more success, but apparently it's only newsworthy when someone outside of linguistics writes about it. (Why yes, I'm a linguist. How did you know?)
  • It's a fascinating algorithm.. and I betcha it works.. just the consistent mis-spelling of woords, and capitalization Errors , plus idiosyncratic placements, of the commas.. would likely bring the "suspect" to light.. unless of course, the errors were .. intentional !
  • The author (Arvind Narayanan) writes a paper and then creates a story on /. linking to his paper.

Algol-60 surely must be regarded as the most important programming language yet developed. -- T. Cheatham

Working...