Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Anonymous Cowards, Deanonymized 159

mbstone writes "Arvind Narayana writes: What if authors can be identified based on nothing but a comparison of the content they publish to other web content they have previously authored? Naryanan has a new paper to be presented at the 33rd IEEE Symposium on Security & Privacy. Just as individual telegraphers could be identified by other telegraphers from their 'fists,' Naryanan posits that an author's habitual choices of words, such as, for example, the frequency with which the author uses 'since' as opposed to 'because,' can be processed through an algorithm to identify the author's writing. Fortunately, and for now, manually altering one's writing style is effective as a countermeasure." In this exploration the algorithm's first choice was correct 20% of the time, with the poster being in the top 20 guesses 35% of the time. Not amazing, but: "We find that we can improve precision from 20% to over 80% with only a halving of recall. In plain English, what these numbers mean is: the algorithm does not always attempt to identify an author, but when it does, it finds the right author 80% of the time. Overall, it identifies 10% (half of 20%) of authors correctly, i.e., 10,000 out of the 100,000 authors in our dataset. Strong as these numbers are, it is important to keep in mind that in a real-life deanonymization attack on a specific target, it is likely that confidence can be greatly improved through methods discussed above — topic, manual inspection, etc."
This discussion has been archived. No new comments can be posted.

Anonymous Cowards, Deanonymized

Comments Filter:
  • First (Score:5, Funny)

    by Bicx ( 1042846 ) on Tuesday February 21, 2012 @08:06AM (#39109365)
    First! Analyze this anon comment, suckers!
  • better way. (Score:5, Interesting)

    by Anonymous Coward on Tuesday February 21, 2012 @08:20AM (#39109497)

    This is, of course, not really new.

    A couple of years ago, there was some news (cannot find the link now) that some researchers tried this with a more statistical approach. As an implementation they used a compression algorithm.

    I had a try with this on a forum. Somebody posted a long story anonymously, but I suspected the author. I gathered 10 posts from 5 authors, including the suspect. Then I cut the amount of text to equal length. Subsequently I added the anonymous text to each of the 10 samples and bzipped the resulting text.

    The resulting zipped file was shortest in the case where I added the unknown text to the samples from the suspected author. The bzip algorithm apparently decided there was more similarity between the posts.

    Although this was by no means a real scientific test, I turned out to be correct and was rather pleased with the result. Seems to me such an approach could also be useful for things. Why login on /. when it can just figure out who you are based on what you have just written?

    To maintain anonimity you would just have to insert random shit into your posts.

    Bonus points for the slashdotter who can deduce my identity based on the non-randomness of this post.

  • by bigsexyjoe ( 581721 ) on Tuesday February 21, 2012 @08:22AM (#39109529)

    If it can identity you based on your idiosyncrasies, I suppose that means writers could use software based on these techniques to identity the idiosyncrasies in their own writing. From there, they can learn new ways to express themselves and write in a more colorful and varied manner.

    Heck, it can even be a tool that teaches you to think in a more varied manner.

    • If it can identify the idiosyncrasies in your writing, it can identify them in others'. I wonder if it can alter your "anonymous" controversial rant to look like that other.

    • by rednip ( 186217 )
      I've seen it in my own writings on this forum, as of late. Currently I'm actually trying to 'stay away from' using such words as 'such' (damn!). I also try to reconsider transitions like 'also' and 'however', but obviously it doesn't always work out well. In particular, such notable words are especially awkward when used twice in a single paragraph, as well as a 'double qualifier'. Single quotes can also be to 'notable', as I tend to over use them as well and I've been told of my 'addiction' to commas,
    • If it's all automated, writers don't need to learn new ways to express themselves. Software can do that for them!

    • by rarrar ( 671411 ) on Tuesday February 21, 2012 @09:54AM (#39110557)
      Schools already use programs like "White Smoke" and http://www.whitesmoke.com/ [whitesmoke.com] and "Style Writer" http://www.stylewriter-usa.com/ [stylewriter-usa.com] to identify grammar errors and stylistic errors, and suggest corrections. These programs are able to identify active and passive voice, clarity and readability of writing, ambiguous words, gender specific words, cliches, and more. I'm not sure the use of such software is such a great idea. I guess it's OK as long as a teacher reviews the results. Then again, if the teacher doesn't do as good a job as the program does...
      • Thanks for pointers to those programs (I'll try the free stylewriter soon) - I've wondered about programs like that ever since I tried my hand at sentence generators back in high school.

        Have you tried these products and/or do you work in or have you benefited from that area of software development? (it's been too long - how do I PM you on slashdot??)

        8-PP

  • ....work on those in government creating fake identities for spying and provoking things that help them justify their pointless jobs.

    Looking at the percentages... Hmmmmm...

  • How many times is this going to be 'discovered' and featured on the front page of Slashdot? It's old news. We get it. No need to publish another story on the topic, there's been one a quarter or so for years.

  • by ardiri ( 245358 ) on Tuesday February 21, 2012 @08:45AM (#39109775) Homepage

    if your stupid enough to not change your posting style when trolling, your own bad.

  • is not the best way to keep a stable system / bandwidth, recently
  • Even going back to the day when forums on the internet were email lists, there would always be some immature person who was a regular who switched aliases.

    It would be so obvious from their pattern of writing that their new alias would seem as effective as a disguise as merely putting dark glasses on.

  • ... use a thesaurus.
  • I don't always attempt to identify an author, but when I do, I find the right author 80% of the time.

  • by ewrong ( 1053160 ) on Tuesday February 21, 2012 @09:32AM (#39110267)
    Je pense que cela peut être facilement évité.
  • This is why (Score:4, Funny)

    by Higgins_Boson ( 2569429 ) on Tuesday February 21, 2012 @10:06AM (#39110713)
    This is why I practice non-redundancy. Redundancy is too redundant, so constantly repeating words and/or redundant phrases becomes a redundant factor in helping people to determine who you are on the internet when you post as an anonymous coward redundantly.

    Remember, kids, practice redundant privacy measures to ensure you will never be exposed.
  • Sometimes I wish I had multiple personality disorder YOU'LL NEVER EXPOSE ME YOU BASTAGES
  • ...are those with multiple personalities immune to this sort of detection? :P
  • by Oswald McWeany ( 2428506 ) on Tuesday February 21, 2012 @10:49AM (#39111475)

    Damn! I'll have to stop using floxinoxinihilipilification so much in my anonymous posts or people will know it's me!

    Using the logic proposed in the article- can we assume that all the anonymous cowards using "the other f word" are all Samuel L Jackson?

  • Just as individual telegraphers could be identified by other telegraphers from their 'fists,'

    ...anonymous posters can be identified by their Frists? [google.com]

  • Tell us something new. This is how they caught Kaczinsky the Unibomber. Analysis of word choice word frequency sentence structure can and will identify you And? Identifying a single person from their many anonymous messages online leads you to back to anonymous.

    Aside from that it's easy enough to alter your writing to fool the analysis if you want to. Please tell us something new that every single person on Slashdot doesn't already know.

  • around 2,000 users

    #1. the smaller the town , the pettier the politics

    #2. there is one user we keep banning, and they keep coming back under a new name, and you can always tell with 100% accuracy that it is the same person, based on sentence cadence and agenda, and overall personality and attitude

    • by Lehk228 ( 705449 )
      If their postings are not illegal I suggest you implement a shadowban system, shadow-banned users can still see their own posts, and mods can still see their posts, but users and guests cannot.
      • i thought that was called the rubber room

        it's funny to watch users who are not aware of this maneuver yet screaming about why people are not replying to them

        alas, not possible under the current system (ning)

  • by QuasiSteve ( 2042606 ) on Tuesday February 21, 2012 @12:09PM (#39112811)

    I've mentioned this before, but it's worth repeating as more and more services no longer use their own identity systems, relying instead on Gravatar, or doing away with their own comments system by relying on Disqus (which uses Gravatar).

    In the case of sites using Gravatar incorrectly*, which is pretty much all of them, 'anonymous' posts still have their Gravatar ID attached - which is just an MD5 of the person's e-mail address. All you then need to do is find that same MD5 on another site where the author opted not to post anonymously.

    The main reason this ties into the story at hand is in getting reference material together. With e.g. Disqus, you can be reasonably assured (unless account sharing occurs) that the anonymous post with MD5 X on site A is authored by the same person as that of the anonymous post with MD5 X on site B, and you can include both in the pool of reference material.
    ( This also means there are issues with anonymity even if the author always posts 'anonymous'. )

    * The worst part of this is the website owners. Aside from letting anonymous posts still grab their results from Gravatar (even if you don't have a Gravatar 'account', the e-mail address you use will be the MD5 in the HTML), some sites implement Gravatar as an afterthought. You could have been posting to a site for years behind a pseudonym, knowing that you're reasonably anonymous - and then find your pseudonym, and all the posts made, linked to other posts at other sites because the website owner decided to use Gravatar to display users' avatars of choice, using the e-mail address in their account.

    Gravatar is a useful service, especially in that the website can save some bandwidth, and the users who do want it can just update a single avatar and have that immediately be used on any site that uses the service.

    But I implore webmasters to consider seriously the ramifications of using Gravatar or Disqus, and at least:
    1. Disallow Gravatar on posts, profiles, etc. that were created before your implementation of Gravatar.
    2. Create an opt-in system for the use of Gravater, per-profile.
    3. Disable the Gravatar code when the post author has indicated that they want to post anonymously.
    4. If implementing Disqus, make clear that its service may not adhere to your site's own privacy policies, and posting anonymously is a faÃade.

    Much the same applies to other login, profile, and comment consolidation/aggregation/syndication systems (such as facebook's), but especially in the case of Gravatar, which requires no user interaction such as a login or existing valid login state), it is all too easy to think only of the benefits.

  • by Kuukai ( 865890 ) on Tuesday February 21, 2012 @02:07PM (#39114429) Journal
    Go all T.S. Elliot on their asses and build your posts entirely out of things other people have said. First post overlord gritsneal!
  • by Lillesvin ( 797939 ) on Tuesday February 21, 2012 @07:55PM (#39118861) Homepage
    Stylometry on Wikipedia [wikipedia.org]. Some linguists have been doing it for years and in some cases with more success, but apparently it's only newsworthy when someone outside of linguistics writes about it. (Why yes, I'm a linguist. How did you know?)
  • It's a fascinating algorithm.. and I betcha it works.. just the consistent mis-spelling of woords, and capitalization Errors , plus idiosyncratic placements, of the commas.. would likely bring the "suspect" to light.. unless of course, the errors were .. intentional !
  • The author (Arvind Narayanan) writes a paper and then creates a story on /. linking to his paper.

In case of atomic attack, all work rules will be temporarily suspended.

Working...