1

I've come across this paper about "De-anonymizing Social Networks". The goal is to use Flickr network to de-anonymise Twitter's anonymous network, but the experiment section doesn't seem to be right.

At section 6 Experiment, the author crawled the API of Twitter and Flickr that exposes the mandatory username and optional names and location. He then goes onto explaining how to deanonymise.

My concern is, surely those graph he used in his experiment are not anonymous, they clearly have a mandatory username and (sometimes) names to go with it. Wouldn't it be wise to anonymise the identifiers or maybe my definition of anonymous social network is skewed. It seems to me, that he used a public graph (Flickr) to identify users on another public graph (Twitter), which seems wrong. Can someone offer me any insight to this?

Community
  • 1
user153882
  • 753
  • 1
  • 5
  • 13

2 Answers2

0

Well, technically speaking, it is possible to make a truly anonymous social network. But why the mainstream ones are so intrusive? Because they want to sell you as a customer and/,or visitor to their advertisers and here goes the "publicly available reason" for deanonymising users: they say "we want to make money" and it's a part of the truth and a top part of the iceberg. The bottom part below the waterline is that to say "go away and stop breaking the human rights and your Constitution" to criminals in uniform, to publish it as wide as possible and not keep silent smile - it requires guts and the conscious mind, a very rare combination of quality nowadays, sadly. Ed Snowden's reports about PRISM only confirms this point of view, adding specific company names to that crowd of coward criminals... Now there's an attempt to make the anonymous social network with blockchain - it's called Steemit, take a look there, all open source. Also take a look at ZeroNet collaboration in website publishing, it is described in the documentation. And remember: no tool can protect you from yourself, so be confidential in your mind first hand

Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11
0

Thanks for the previous answer, but it does not answer what I had in mind, I emailed one of the author, Arvind Narayanan, and this is what he had to say:

TLDR: Scientific necessity, otherwise there would be no way to check if the result given was correct

In our study, just as in many or most deanonymization studies, one pretends that the data have been deidentified in order to evaluate the accuracy of the deanonymization algorithm. Neither Flickr nor Twitter released 'anonymized' data, and we do not claim to have uncovered a privacy problem on these specific sites.

This is unsatisfying in a sense, but it is a scientific necessity --- if we'd started from graphs that had no names attached to the nodes, we'd have no way to demonstrate that our algorithm is able to link nodes between the two graphs correctly.

My follow-up paper here describes an actual attack successfully carried out in practice, and may be more in line with what you were expecting.

Cheers --arvind

Community
  • 1
user153882
  • 753
  • 1
  • 5
  • 13