Is Anonymous Data Really Anonymous?

It could be but that's not always the case...

anonymous data

You may have heard or even know of companies that sell their users’ data to third parties. In most cases, these are anonymized data but sometimes, that anonymized data could be used to identify individual users. And that, my friend, is a reason for concern.

In this article, we’ll take a look at how de-anonymization works and how it can put your personal information at risk. Let’s start by explaining the anonymized data, and we’ll take it from there.

Anonymized data explained

Organizations from all over the world anonymize or de-identify data about their users, including their behavior and interests by removing information that could be linked back to an individual. The data that gets removed in this process includes names, addresses, job title, financial information such as credit card details, and all other details that could link back to the user. Once this process is completed, the data is ready to be offered to third parties for a fee.

A special kind of anonymized data is called aggregate data, which is when your data is combined with that of other people and presented as an overall statistic. In that sense, aggregate data is considered to be better for individual privacy than anonymized data.

Legally, there is nothing wrong with this practice, and even the EU’s relatively strict GDPR law permits this.

Everything is fine in the eyes of the law, but is it fine?

De-anonymization

A third party that bought the anonymized data can’t identify individual users, right? Or…

There is a process called de-anonymization, which is also known as re-identification, that involves cross-referencing anonymous data with publicly available information, such as census results.

For instance, in the U.S. – a few data points such as a ZIP code, gender, and date of birth are enough to identify most people uniquely.

Think that’s bogus; how about this – in 2006, anonymous movie ratings of 500,000 Netflix users were cross-referenced with public IMDB.com ratings. There were users who appeared in both datasets, with an 84% chance of identifying individuals that way. Like that’s not enough, this figure jumped to 99% if the data included an approximate time a user left a movie rating.

And let’s not forget the dataset of 120 million unidentified households that was sold by data broker Experian. It features 248 pieces of information per household, and from what we can tell — most of these users could be identified.

How can you be more anonymous?

First, let us make this clear – it is impossible to be 100% anonymous unless you don’t want to relocate to a place far off the grid. Online, it’s pretty much impossible as there will always be some traces left behind.

You can do some things, including using a VPN — which is what this website is all about. But there are things to consider as well, though you may have to change some habits. Like, stop using Google, Facebook and other social media websites. Or at the very least, think before sharing stuff.

For instance, if you review some restaurant – Google will know you were there at some point. Or if you share a photo on Facebook from an airport, the social networking giant will know where you’ve been.

The key learning moment here is that you should avoid sharing personal information as much as possible.

Also, you should read the privacy policies of the services you’re using and act accordingly — i.e. if you’re not willing to see your data being sold to third parties, you shouldn’t use the service.

And finally, it’s worth repeating, use a VPN whenever you can. Plus, make sure to check out our article: 11 Tips To Be More Anonymous Online.