Researchers Can ID Anonymous Twitterers 108
narramissic writes "In a paper set to be delivered at an upcoming security conference, University of Texas at Austin researchers showed how they were able to identify people who were on public social networks such as Twitter and Flickr by mapping out the connections surrounding their network of friends. From the ITworld article: 'Web site operators often share data about users with partners and advertisers after stripping it of any personally identifiable information such as names, addresses or birth dates. Arvind Narayanan and fellow researcher Vitaly Shmatikov found that by analyzing these 'anonymized' data sets, they could identify Flickr users who were also on Twitter about two-thirds of the time, depending on how much information they have to work with.'"
Who promised? (Score:5, Insightful)
Re: (Score:1, Funny)
or me?
Re:Who promised? (Score:4, Funny)
Clearly, you're both me.
Re: (Score:2, Informative)
Re: (Score:1)
David who? Smarty pants....
Maybe David the Goliath.
Re: (Score:1, Funny)
Fine, who am I?
But I know what dude I am. I'm the dude playin' the dude, disguised as another dude.
Re: (Score:1)
Re:Who promised? (Score:5, Informative)
Who ever promised this data would be anonymous? Do you really expect privacy when posting personal stuff on line, even if you don't sign your name in advance?
1) People still assume that if don't sign their name on the internet then its anonymous. People need to be educated otherwise. Articles like this help.
2) While a lot of people are still grappling with #1 above, there are a lot of more sophisticated people who need to learn that even if they ARE behind 7 proxies, using tor, ssh, on a hacked wifi they are accessing via a pringles can-tenna from across state or even national lines... and then use that super anonymous connection to participate anonymously in 'social networking' sites like twitter, facebook, etc... even if they never reveal a single personal detail about themselves, their place within the social network itself can be reliably used to unmask them once they've had their anonymous account linked to real friends.
People REALLY need to be educated about this.
Re: (Score:2, Insightful)
So, to be anonymous, I need to get behind 7 proxies, use tor and ssh on a hacked wifi that I'm accessing via a pringles can-tenn from across state or national lines and make sure that all of the social network connections I have are to similarly protected people (behind 7 proxies, use tor and ssh on a hacked wifi that they are accessing via a pringles can-tenn from across state or national lines).
;)
That said, I agree. =D
Re: (Score:1, Interesting)
Have a worm infect and propagate via weak passworded/WEP routers.
Re: (Score:2, Insightful)
So, to be anonymous, I need to get behind 7 proxies, use tor and ssh on a hacked wifi...
RTFA - I think you missed the point:
Our de-anonymization algorithm is based purely on the network topology
Re: (Score:2, Insightful)
I think you missed the point actually.
or should I say... wooosh!
maybe try reading past the first 19 words before replying to a post?
Re: (Score:1, Funny)
I read that and thought "19? did he just pull that out of his ass? 1 2 3... 19! He actually counted the number of words in the quoted text!"
Re:Who promised? (Score:5, Interesting)
The important thing is that anyone or anything that links your "real persona" and your "anonymous persona" is a potential threat to your anonymity both through things they willingly or mistakenly do and through things they could be coerced or forced into doing.
It's all too easy to put lots of thought into making it bloody hard to trace your connection but then link your "anonymous persona" to your "real persona" through common friends, accidently logging into a site using the wrong account for the connection you are using, forgetting to flush cookies (and any similar tracing objects) when moving between your "nonanoymous connection" and your "anonymous connection" and so on.
Re: (Score:3, Interesting)
Years back, I used my real name for all of my online activities. After my kids were born, though, I reconsidered using my real name and address. So when I started a blog, I made up an "anonymous" name. I'm under no illusion that it is 100% anonymous, but I do my best to keep my "real name identity" and my "blog identity" separate. I'm go "blog identity" on all of the sites I frequent, but I'm unwilling to disappear as "Jason Levine" and either a) pretend to be a newbie at the site for awhile or b) revea
Re: (Score:1)
Thanks, but we're not really that interested.
Re: (Score:2)
Yep. Preferably, you want a "sterile" computer for your anonymous activities; it should c
Re: (Score:3, Insightful)
"all of the social network connections I have are to similarly protected people"
No, for you to remain anonymous, you must disavow all knowledge of anybody in your social network, for all 'accounts' or whatever, for all postings that you want to not be readily linked back to you. And they must not have any links to these accounts either (so the easiest way is to not tell them about these 'anonymous' accounts).
Re: (Score:1, Insightful)
Exactly. This is what I do.
If you have a 'real' account and an 'anonymous' account, why do you need to have links to your friends with your anonymous account anyway, when you can just use your real account?
If you really need to have links to your friends from your anonymous account, then just have them create anonymous accounts too, and have links to those rather than their real account.
Re:Who promised? (Score:5, Insightful)
don't you use those services to be noticed?
Re: (Score:2)
Re: (Score:2, Insightful)
so the first step on concealing your identity is to not use the public social networks.
Re: (Score:2)
so the first step on concealing your identity is to not use the public social networks.
Bingo!!
Re: (Score:2)
how 'bout not using twitter, myspace, facebook, etc??
What do you think /. is?
Re: (Score:2)
Re: (Score:2)
Kryten FTW :)
Good show lad
Re: (Score:1)
No, to be anonymous, you just need to not have any friends.
Re: (Score:2)
- Super-anon guy has Bobby, Jim, and Sandra on his facebook friends and he's got Bobby, Jim, and Jessica on his MySpace
- Logically, Bobby and Jim must know each other, and therefore they both must know Super-anon guy.
- Bobby and Jim have a lot of pictures on Facebook with a guy tagged "A
Re: (Score:2, Interesting)
2) While a lot of people are still grappling with #1 above, there are a lot of more sophisticated people who need to learn that even if they ARE behind 7 proxies, using tor, ssh, on a hacked wifi they are accessing via a pringles can-tenna from across state or even national lines... and then use that super anonymous connection to participate anonymously in 'social networking' sites like twitter, facebook, etc... even if they never reveal a single personal detail about themselves, their place within the soci
Re:Who promised? (Score:4, Insightful)
Then again, some of us are very well aware of it and just don't care so much. If I want to post thoughts to a blog that I don't want linked back to me (and I've done so in the past), I'll set up something entirely separate, with a name I've never used before, linked to a new gmail account.
Anyone with half a brain can figure out exactly who I am, where I live, and what I do for a living, starting from this post, in about 20 seconds. Medical conditions and sexual preference might take a little more work, but I'm sure some of it is out there.
Frankly, I don't care. I'm self-employed and don't worry about what an employer might think of me. My friends and family seem to like me well enough despite already knowing that stuff. So long as it's not information that's going to result in identity theft (account numbers and such), there's not much that's worth the effort to conceal.
Re: (Score:2)
Ditto.
I'm not self-employed, but similar holds true. I'm pretty sure you could identify me from just this online handle, based on posts from this and similar discussion boards.
Fact is, you won't learn much out about me that I wouldn't have told you to your face anyway. I'm on pretty friendly terms with my employer, and am close with my friends, and I doubt anything I've said online would be news to them.
And even if you can find out some more intrusive facts about me (medical history, salary, what have you)
Re: (Score:2)
There are plenty of good reasons that somebody, particularly somebody with limited social power in the real world, might want a separate persona online.
Re: (Score:1)
Anyone with half a brain can figure out exactly who I am, where I live, and what I do for a living, starting from this post, in about 20 seconds. Medical conditions and sexual preference might take a little more work, but I'm sure some of it is out there.
With a handle like yours, they just need to look at the results of your test!
Re: (Score:2)
You're obviously a sadistic masked vigilante with a thing against liberals.
Re:Who promised? (Score:5, Interesting)
I agree, but I think it's an age and culture issue. These issues are new.
In 10 years, no one would expect that a Twitter account couldn't be connected to your FB account any more than they would think you could cheat on your partner by taking your partner-in-crime to a pub you and your date frequent. The principle is no different - if two social spheres overlap, you've given up your relative anonymity.
That's why Larry Craig tapped his toe in an airport bathroom in a stop-over airport - low likelihood of running into someone who might know him.
Re: (Score:3, Funny)
I thought it was just because he had a "wide stance".
Re: (Score:3, Insightful)
Re: (Score:2)
Your still anonymous if all the profile data is fake. All the data associated with this Slashdot account is completely fictitious and in no way related to accounts hosted elsewhere that have nothing to do with tech blogs. Anytime I am presented with the option, or forced to provide, name and address data anywhere I use completely fictitious information. Everywhere. Also, different every time.
So, if somebody from Slashdot here either liked or hated me and was including me in their online social profiles i
Re: (Score:3, Informative)
Re: (Score:2)
Pretty Damn Sure (tm)
You mean the exit node's, proxy's, internet cafe's, etc. public IP address right? Yeah, I realize that. Any IP address that has been assigned to me by a corporation that ALSO possess my name, address, social security number, telephone number, etc. has never been recorded by the destination. I am sure that plenty of TOR nodes and proxy's have that IP address, but I am reasonably sure o
Re: (Score:2)
Re: (Score:3, Informative)
True, but that is not the same thing as what we are talking about in the article.
If you search my comments and find any postings with my real name, references to my place of work, real people, events, etc. then I do agree you could possibly do research in the real world to identify who I am. Sort of a 20 questions kind of deal.
Remember... that is identify , as in gain a positive identification of my real world identity to the point you could then actually find me. Learning about my likes, dislikes, relig
Re: (Score:2)
Re: (Score:2)
BWAHAHAHAHAHHAHAHAH!
I have never written a piece of poetry in my life! I have recited PLENTY of stuff from Andrew Dice Clay, but never written anything.
You bring up a good point to make though. You have to make sure it is the RIGHT person, just not named the same person....
LOL
Re: (Score:2)
Re: (Score:2)
How so? I am still anonymous as a write this, in that my real identity that is typing this on the keyboard is unknown to both you and Slashdot.
The only way you could pretend to be me is to compromise my account, change the password, and then start making posts with it. That is a whole other security issue that applies regardless of whether you are obfuscating your real identity. I can attempt to regain my account while still having my real identity unknown to Slashdot.
Other than that, you seem to be sayi
The "Sorta-Anonymous" principle. (Score:2)
This & other tricks are possible, yes, but *harder*. I really don't have the creds to pull the tech side of your Point 2, but I have quietly worked to keep the other side down to a whisper, earning strange looks from friends who can't imagine why I Just Don't Wanna Share.
The Mayans got lucky. Their 2012 date is just accidentally shaping up to be the Data Implosion.
~tag: "Let's give everyone what used to be studio grade cameras in their phones, 12 types of mechanisms and reasons to aggregate and pummel c
Re: (Score:2)
hey my internet aliases were damn anonymous, until Mozilla went and ruined it all but as i don't post much that i wouldn't say to peoples faces it doesn't really matter anyway.
Re: (Score:2)
Re:Who promised? (Score:5, Informative)
Re: (Score:1)
Hi. I'm one of the authors.
Wow, clearly you are not bothered about linking your real and Slashdot personas.
I'm certain most /.ers guard their /. persona, given the blunt nature of the comments found here.
OT, has there been any research into looking up a person's sex/ethnicity by analysing his or her /. comments? It is already known that the species problem is hard [unc.edu].
Re: (Score:1, Funny)
they are after me.
Tin foil! (Score:5, Funny)
Re: (Score:2)
Just don't cover the naughty parts.... it.. chafes.....
Or at least on the outside of the underwear.
Twits (Score:5, Insightful)
Re:Twits (Score:5, Insightful)
However, I don't think a lot of people fully understand the negative side of placing your life online for all to see. They fail to realize that placing their discussion about smoking pot (or other dubious activity) on twitter might one day cause them a job.
Re:Twits (Score:5, Funny)
That's right - The Netherlands are hiring again!
Re: (Score:2)
Re: (Score:2)
Taking part in illegal activities is most certainly "dubious". Risking all that one risks to get high off an illegal substance certainly calls ones decision making skills into question.
Re: (Score:2)
Re: (Score:2)
You get X number of people to gather on the steps of the Capitol and Toke up, that's noble and certainly lends itself towards the kind thing that Rosa Parks is linked to. Risking security for a protest of current laws is admirable. But there is nothing to show that any sizable portion of pot smokers are doing anything like that. What is happening far more consistently is that they are hiding their illegal
Re: (Score:2)
It's also why I'm not currently organizing that mass protest event. Someo
Re: (Score:2)
You smoke to relieve your pain caused by your illenss. There is a reason you smoke besides to just get "high". However, I would not say that your case is the norm; you are an exception. There are thounds (possible millions) of people that smoke for med
Re: (Score:2)
Obviously, I know that everyone doesn't do it every 5 minutes. It is just an exaggeration...but despite that, the fact stands that most people on these sites care little about privacy.
I do think Twitter is stupid. It has some very limited useful purposes (like the guy who used Twitter to notify people he was jailed in a foreign country), but f
Re: (Score:1)
Re: (Score:1)
Slashdotters care about privacy. People on these social networking sites want their lives to be on show for everyone. I don't think people who twit every 5 minutes where they are and what they are doing are really to concerned about their privacy.
All we need to do is find a slashdotter who 'tweets' every 5 minutes and you'll implode, a black hole will take your place, and the universe will collapse.
I think I just found a new hobby. Making gross generalizations? No, that's your job- I'll start using twitter.
You mean like willyhill? (Score:5, Informative)
Re: (Score:1)
Willyhill managed to ID fourteen Twitter accounts [slashdot.org]. Or is this something completely different?
I think twitter has really gotten to you.
Social network can-o-worms (Score:5, Insightful)
Are there really any surprises here? Social networks behave a lot like the Internet, with many routes pointing to your front door.
For example, use whatever falese names you want. Your email address makes a dandy primary key squirreled away in all your friends mailboxes, just waiting for Facebook to Hoover it up and join the dots.
Your privacy and anonymity is defined by the aggregate social stupidity of your friends.
Xix.
Re: (Score:2)
Your privacy and anonymity is defined by the aggregate social stupidity of your friends.
Xix.
That has quite a Zen ring to it!
This is new technology to me (Score:4, Funny)
The thing that confuses me is the acronym "FRIEND", I have looked in all my technical references and I can't find that tool.
Please read our FAQ (Score:5, Insightful)
Please do not go and work for google (Score:2, Insightful)
http://www.guardian.co.uk/technology/2009/mar/26/seth-finkelstein-google-advertising [guardian.co.uk]
"Google recently took another step along the path of surveillance as a service, launching what it called "interest-based advertising", and which everyone else calls "behavioural targeting". These are systems that collect extensive personal data, for marketing purposes. To best understand the issues,"
http://sethf.com/infothought/blog/archives/001422.html [sethf.com]
I once upon a time worked for a statistics agency and even without names
Re: (Score:2)
A variety of networks including the phone call network
Old news actually. Techniques for identifying networks of friends and co-workers have been applied to call records for years. And that info is for sale.
A friend of mine in the security biz told me that when Dick Cheney outed Valerie Plame, link analysis probably revealed the identities of several hundred CIA employees.
Re: (Score:2)
Where can I get access to these "anonymized", sensitive data sources?
I can ID anyone using Twitter (Score:3, Funny)
Re: (Score:2)
RT
This is a standard timing attack (Score:2)
The application to twitter anonymous accounts is creative, but otherwise it's a standard timing attack. If user A is active while anonymous data B is passed, user A has a higher chance of having generated data B than the rest of the population.
Looks like there's some number-crunching using timing of past tweets and whatnot to see if the user is likely to be on, too. I like that.
Or it could be I'm completely misreading it.
Anvil of Stars (Score:2)
66% accuracy? (Score:1)
I wonder what the accuracy would be if you just scanned for posts referencing new pictures at flickr?
And Rosa Parks: (Score:2)
It was not a mass protest event. She just had enough that day, and wasn't bowing to an unjust law regardless of the consequence.