Yet Another Report Showing 'Anonymous' Data Not At All Anonymous

from the what-privacy dept

As companies expand the amount of data hoovered up via their subscribers, a common refrain to try and ease public worry is that consumers shouldn't worry because this data is "anonymized." However, time and time again studies have highlighted how it's not particularly difficult to tie these data sets to consumer identities -- usually with only the use of a few additional contextual clues. It doesn't really matter whether we're talking about cellular location data, GPS data, taxi data or NSA metadata, the basic fact is these anonymous data sets aren't really anonymous.

The latest in a long stream of such studies comes from MIT, where researchers explored (the actual study is paywalled) whether they could glean unique identities from "anonymous" user data using a handful of contextual clues. Studying the purportedly anonymous credit card transactions of 1.1 million users at 10,000 retail locations over a period of three months, the researchers found they could identify 90% of the users' names by using four additional data points like the dates and locations of four purchases. Using three clues, including more specific points like the exact price of a purchase, allowed the identifying of 94% of the consumers. Intentionally trying to make the data points less precise didn't help protect consumer privacy much:
"The MIT researchers also looked at whether they could preserve anonymity in large data sets by intentionally making the data less precise, in order to examine whether preserving privacy would still enable useful analysis. But the researchers found that even if the data set was characterised as each purchase having taken place in the span of a week at one of the 150 stores in the same general area, four purchases would still be enough to identify more than 70 percent of users."
Note they're not saying they can ascertain your personal identity from this data alone, but they (or a hacker that nabs this data) can identify you if they have just a smattering of other contextual clues as to who you are. In an age when cellular companies track and sell your daily location down to the minute, and your automobile, insurance companies and toll payment systems are all gathering even more precise data, that's not going to be a particularly difficult task. The gist of the study isn't going to be a shock to most of you: privacy in the modern age -- unless you're willing to go to extreme lengths -- is an illusion.
"We are showing that the privacy we are told that we have isn't real," study co-author Alex "Sandy" Pentland of MIT said in an email...The study shows that when we think we have privacy when our data is collected, it's really just an "illusion", said Eugene Spafford, director of Purdue University's Centre for Education and Research in Information Assurance and Security. Spafford, who wasn't part of the study, said it makes "one wonder what our expectation of privacy should be anymore."
That said, it's very important to remember that we can probably trust that companies rushing head first toward vast new revenue generation opportunities are spending the time and resources necessary to ensure consumer privacy is at the very top of their list of priorities.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anonymous, anonymous data, data


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 18 Feb 2015 @ 2:51pm

    Privacy is dead

    I hate to say it, in fact I like privacy, but there's no way it can survive in our modern, high tech world. At best we can have an illusion, but short of going far from anyone else, there's no private space left.
    And this scares me.

    link to this | view in thread ]

  2. icon
    John Fenderson (profile), 18 Feb 2015 @ 2:56pm

    Re: Privacy is dead

    "Privacy by default" is dead, and has been for many years now. What this means is that privacy is only dead for those who are not making a constant effort to maintain their privacy.

    That's depressing, but it's not as bad as saying "privacy is impossible". You can maintain your privacy, but it will be an ongoing effort and means that there are a large number of luxuries that you won't be able to use.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 18 Feb 2015 @ 3:04pm

    Re: Re: Privacy is dead

    Yes, exactly this.
    To maintain my privacy, I
    1) Don't have a cell phone
    2) Have a "dumb" car
    3) don't use toll roads
    4) don't rely on my car for all travel
    5) hold money in more than one bank
    6) shop at multiple grocery stores for the same items

    I'm under no illusion that I can't be fingerprinted, but anyone doing the fingerprinting is only going to get a part of the story; nobody's going to have access to everything.

    And privacy is always a trade-off. The only way to get pure privacy is for nobody to know you exist.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 18 Feb 2015 @ 3:15pm

    Just a reminder

    Google and Apple constantly monitor your location and report it to their servers.

    http://lifehacker.com/psa-your-phone-logs-everywhere-you-go-heres-how-to-t-1486085759

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 18 Feb 2015 @ 3:23pm

    Re: Just a reminder

    If you have an Android without Google apps there is an alternative.

    http://0p.no/2015/01/10/nogapps2.html

    link to this | view in thread ]

  6. icon
    ysth (profile), 18 Feb 2015 @ 3:34pm

    sarcastic last sentence

    becomes true when ended ", to the extent that is mandated by market pressure."

    It's up to us to provide the market pressure.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 18 Feb 2015 @ 3:48pm

    Another thing ive been meaning to mention, thee are a few companies who let you apply for jobs online, some of them even allow you to attach files like resume's.........so they ask you fill in personal data, even let you upload your resume's with all that personal data in it, in all this, you would think that a the very minimum you'd see a "httpS".......nope, not a single one, i havent seen any of the sites ive tried using what i thought would be a minimum of common sense and at least not ask for this personal information over clear text.......its infuriating, when desperate for a job and knowing enough to know that to do so is as if i give my consent, when infact its because thre was no choice in the matter..

    Obviously this is a specific case, but when you can start adding up the specific cases into one humangous pile then i hope folks can appreciate why folks can get frustrated over this

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 18 Feb 2015 @ 3:59pm

    Re: Privacy is dead

    No, i'd have to respectfully disagree with you there, i mean your right, "in todays world", but in no way does technology require invasions of PERSONAL data in order to TECHNICALLY operate...........it is a pollution ADDED onto technology CONCIOUSLY after the fact

    Its not that in todays world privacy cant survive, its, in todays world certain entities are fighting to MAKE SURE, it doesnt survive

    A subtle distinction, that i probably should'nt have brought up, as i realise i dont particularly disagree with what you said........i guess its more of an addittion then a disagreement.........forgive my lazines to start again and rephrase my approach

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 18 Feb 2015 @ 4:22pm

    Re: Re: Re: Privacy is dead

    The "Jack Reacher" method is better :)

    link to this | view in thread ]

  10. icon
    Derek Kerton (profile), 18 Feb 2015 @ 7:02pm

    Re: Re: Re: Privacy is dead

    You still have problems with any kind of:
    - credit card use
    - closed circuit security cams
    - facial recognition
    - license plate readers
    - traffic cams, red light cams
    - other people taking photos, social media, tagging you

    link to this | view in thread ]

  11. icon
    Ninja (profile), 19 Feb 2015 @ 1:36am

    That said, it's very important to remember that we can probably trust that companies rushing head first toward vast new revenue generation opportunities are spending the time and resources necessary to ensure consumer privacy is at the very top of their list of priorities.

    I'm giving this part a funny vote, I laughed loudly now ;)

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 19 Feb 2015 @ 3:27am

    Re:

    Right there with ya

    link to this | view in thread ]

  13. identicon
    Yes, I know I'm commenting anonymously, 19 Feb 2015 @ 3:57am

    In short: either the data has value but is not anonymous or the data is anonymous to the point of being unsellable.

    If a company wants to `share' data with third parties, expect it to stay tracable to you.

    link to this | view in thread ]

  14. icon
    John Fenderson (profile), 19 Feb 2015 @ 8:52am

    Re: Re: Re: Privacy is dead

    "And privacy is always a trade-off."

    This is also a key point. Privacy is a form of security, and all security involves a tradeoff of some sort.

    Personally, I make a constant effort to maintain privacy, but recognize and accept that a tradeoff is involved. I'm not an absolutist -- there are times when I give up privacy to gain some benefit. The important thing in my view is that I try to make this a conscious, informed choice every time.

    link to this | view in thread ]

  15. identicon
    Steven, 21 Feb 2015 @ 1:59pm

    Expectation of Privacy

    Laws are not geared toward trying to protect privacy, local and federal government likes to invade privacy, and corporate self regulation isn't for protecting privacy--quite the opposite. Courts can use the daily worsening "expectation of privacy" to justify itself, they always reference the based on current expectations a person cannot have had an expectation of privacy. That whole concept just feeds on itself. I don't think it is a valid way to deal with privacy related court cases. Just because everyone spies on us, doesn't mean we cannot have valid privacy expectations despite the unlikelihood they will ever be met again.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.