De-anonymization is the biggest privacy threat no one talks about

Anonymous silhouette of a man with crossed arms.

Are you really anonymous on the internet? Despite your best efforts, the ubiquitous artificial intelligence and surveillance systems around you could reveal your identity and activities to anyone with access to this “anonymized” data in a practice known as “de-anonymization.”

Your data is valuable

Most of the services you enjoy but don’t pay for directly on the internet make money by collecting and selling data. This data includes everything you do on the internet, tracked by third-party cookies on several sites. Other types of data such as location data may also be collected, and it doesn’t stop there. Precise information about how you interact with digital systems can all be recorded and analyzed.

This data is “anonymized”, which simply means that the information that directly identifies you has been removed. These are things like your name, your IP address, your physical address and the like. What’s left is everything else, which can be used to create detailed profiles tied to an advertising ID.

Re-identification becomes trivial

A single red wooden figure separated from the other wooden figures.
Andrii Yalanskyi/

The problem with this anonymization process is that it becomes trivial to re-identify the anonymized data by cross-referencing it with publicly available information or with information gathered from multiple websites using the aforementioned tracking cookies. .

There is a whole data brokerage industry that has grown up around creating these marketing profiles that can be sold to anyone willing to pay for it. Data brokers were brilliantly explained by John Oliver in an episode of Last week tonight.

Imagine having a phone book that besides your name, address, and phone number, also tells people your income, health conditions, life stage, and more. Re-identification is so easy that researchers estimate that “99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes”.

De-anonymization and cryptocurrency

Besides the mundane data collection that happens every day, there is a particular type of de-anonymization problem related to block chain technology such as cryptocurrency. A blockchain ledger keeps a perfect record of every transaction that has happened since the blockchain was created.

Crypto Wallets are just collections of numbers without names. and this led to the belief that cryptocurrency is anonymous. The problem is that transactions on the blockchain can be associated with third-party data that anonymizes them. This can include when you exchange cryptocurrency for dollars, when a product you purchased with crypto is shipped to your home address, or anything else where activity or amounts reflected on the blockchain match something that is not anonymous.

This is why there are cryptocurrency mixers and tumblers, which perform random transactions and shuffle the coins in participating wallets, obscuring the trail. Some cryptocurrencies, such as Moneroare designed from the outset to combat this problem.

However, even if you use a strong anonymous coin today, future computer technology could easily decrypt the blockchain, which is indelible. So something you did decades before this point could be discovered in the future, and if it’s already on the blockchain, there’s nothing you can do about it!

What can you do?

The first and most effective thing to do is to change the type of software you use to search or browse the Internet. There are engines (eg. DuckDuckGo) and browsers (e.g. Brave) that specifically block tracking cookies and other tracking methods to prevent data collection.

Apple has a policy that apps should ask whether or not they can track you. For a global solution, you can go to Privacy > Tracking on your iOS device and turn off Allow apps to request tracking.

The only real downside for you as a user is that you will now see random advertisements which may not be relevant to you, but it is a small price to pay for privacy.

You can also be selective about when and how you block tracking. Limit yourself to the things you definitely don’t want people to know about you, but be more lenient about the facts you don’t care about. For example, you can tell iOS apps not to track on a case-by-case basis, depending on the sensitivity of that information. You can also use a privacy browser (inside a virtual machinethrough the Tor networkand with a vpn if you are really concerned) only for sensitive navigation. Thus segmenting your online life into public and private spheres.

If you are really worried about your smartphone or other devices revealing your presence in sensitive places, you also have the option to using a Faraday bagwhich will temporarily block all radio signals from your phone until you remove it.

As for the information that has already been collected, this is a more difficult question. It all depends on where you live. In Europe, for example, the GDPR the legal framework gives citizens a remedy and a “right to be forgotten”, but in the United States this is not the case. The most practical thing you can do is to control and limit future tracking, until existing information about you becomes worthless.

Leave a Reply

Your email address will not be published.