Arvind Narayanan and Vitaly Shmatikov
Robust De-anonymization of Large Sparse Datasets
Arvind Narayanan and Vitaly Shmatikov. 2008. (View Paper → )
We present a new class of statistical de-anonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on. Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary's background knowledge.
We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world's largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber's record in the dataset.
Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.
Anonymising data sounds so absolute - like it’s a simple act that once done keeps you safe. This paper taught me that isn’t the case, and more care and attention is required.
Anonymising data is complex and prone to failure if not done with care. Managing user data responsibly, ensuring privacy, and staying ahead of potential risks are key aspects of a product manager's role in today’s data-driven world.
- Basic anonymisation techniques may not be sufficient. Product managers should advocate for advanced techniques, such as differential privacy or k-anonymity, when dealing with sensitive user data.
- Design products with privacy in mind, ensuring users have control over their data and are informed about its usage.
- Product managers must be aware of how data is collected, processed, and stored, particularly in large datasets, to mitigate risks of de-janonymisation.