« A question of identity
Ireland to start broad data retention »

Fragile Anonymity

January 15th, 2008 by Lance Cottrell

 Bruce Schneier, in Crypto-Gram: January 15, 2008, writes an excellent article on the ease of re-identifying “anonymized” data. The Census, research results, survey results, and many other databases are released with identifying information removed with the intent to protect the identity of the subjects in the database. It turns out that it is disturbingly easy to attach the real identities again.

- Lance Cottrell

Posted in Online Privacy, Personal Privacy
PermaLink
Digg this Add to del.icio.us Add Redit
This entry was posted on Tuesday, January 15th, 2008 at 1:23 pm and is filed under Online Privacy, Personal Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Fragile Anonymity”

  1. Richard Says:
    January 22nd, 2008 at 9:00 pm

    Hi Lance,

    As an Anonymizer.com Total Net Shield user, I had an interesting experience earlier this month.

    I’ve had a PAYPAL account for several years, but last year, I started getting locked out of my account because (according to the email notice) someone had tried to “compromise my account” with “unauthorized activity.”

    Since I routinely use a strong alphanumeric password on all my accounts, I strongly doubted that someone had guessed BOTH my username and random alphanumeric pass to access my account.

    Long story short, after 5 or 6 lockouts, I accused them of lying to me and they finally admitted that they now LOCK OUT ALL ANONYMIZER IP blocks and addresses.

    But this is where it gets weird!

    I listen to Steve Gibson’s (grc.com) “Security Now” podcasts while jogging, and he had an episode about the new DOUBLECLICK.com redirects that show up on a mouse-over on some of the PAYPAL service links! These are NOT ADVERTISEMENTS but actual PAYPAL services!

    I’ll leave it to you, if interested, to check this out, but it appears that PAYPAL is forcing their customers to route personal information through the notorious DOUBLECLICK.com servers, and I believe the REAL reason that they disallow Anonymizer customers from signing onto Paypal with proxy server, is not the “hackers” that they blamed, but the desire to cross-link ALL PAYPAL CUSTOMERS with ACTUAL names and other personal info.

    Remember: Paypal has each customers credit card numbers, but they ALSO have your VERIFIED BANK ACCOUNT number, they ask for your MOTHER’S MAIDEN NAME, pet name, etc. as “test” questions, as well as the usual home address, home and work phone……and on and on.

    If you want to hear the grc.com discussion, go the podcast #119 at this URL:

    It’s entitled “Paypal and Doubleclick.”

    Incidentally, I haven’t told anyone else about this, and if you want any further info, I’m a customer of Anonymizer. My name and email is real as entered.(lol…..no imagination)

    Richard

  2. lance Says:
    February 2nd, 2008 at 6:56 pm

    I heard the same podcast. While not conclusive proof of bad intention, it certainly appears quite damning. Particularly because there has been no clear and public response from PayPal that I have Seen.

    I can imagine that they would not be fond of anonymous access to their services (for abuse and fraud reasons), but in this case it seems like it may be more about advertising dollars and tracking.

Leave a Reply