Unfortunately, this is not really the case. If not careful enough, each and every one of us can be identified through a process called de-anonymization. So, what exactly is de-anonymization, and how can you protect yourself from it?
What Is De-Anonymization?
In simple terms, de-anonymization (also known as data re-identification) is a process that involves cross-referencing anonymized data with publicly-available information in an effort to reveal an individual’s identity.
The term anonymized data is used to describe any data about a person that does not reveal their personal information. So, for example, if you use a paid fitness app, the company behind it knows your name, address, and credit card number. This company may or may not sell your data to third parties, but if it does, it is obliged under the law to anonymize it. The third party that ends up buying this data thus may know a thing or two about your interests and location, but does not have access to information pertaining to your identity.
What are some good examples of de-anonymization? Arguably the best one involves the popular streaming platform Netflix and dates back to 2006. Back then, researchers at the University of Texas de-anonymized a large number of Netflix users by cross-referencing their movie ratings with the reviews left on the Internet Movie Database (IMDb).
Netflix removed reviewers’ personal details, such as names, and replaced them with random numbers, but that didn’t help because the researchers cross-referenced the entire Netflix dataset with IMDb ratings. By comparing Netflix rankings and time stamps with public information on IMDb (many IMDb users use their real names to leave reviews), they were able to de-anonymize some Netflix users.
If two researchers were able to do this for the sake of a scientific study, it’s not difficult to imagine what a competent threat actor could do, provided they obtain access to insufficiently anonymized data. For example, they could use stolen personal information for coercion and extortion, or even sell it on the dark web.
How to Prevent De-Anonymization
It probably wouldn’t be fair to say that cybercriminals always stay one step ahead of security experts, but they do consistently come up with new and creative ways to exploit vulnerabilities in systems we use daily. In other words, anonymization tools that work today may not be effective tomorrow, which is why it is critical to make a conscious effort to protect your privacy.
Ditching Chrome or Edge for a more secure and private browser would be a good start, and using good anti-malware protection is a must. But no software will protect you if you don’t make it a habit to exercise caution, and pay attention to how much information about yourself you reveal online.
Nobody has the time to read through pages and pages of a privacy policy before downloading an app to their smartphone or computer, but there’s no harm in doing a bit of research before using an app, and it is important to avoid products that are known to collect far more data than they should.
Stay Proactive to Protect Your Personal Data
Data is the gold of the 21st century, and companies are using increasingly invasive techniques to collect it. Simply put, in order to protect your personal information, you need to stay proactive.
The best way to do this is to cultivate basic but efficient privacy habits, and minimize what you share online with both corporations and other people.
