Well, then there’s also the people that don’t realize that there are all sorts of programs out there that will try to take that “anonymized” data and then tie it right back to a persons profile.
For example, you can anonymize GPS location data, but just because you strip away identifying information doesn’t mean that you’re truly anonymous. It can still be obvious where you live and where you work. And once you figure out where they live (again based on anonymous data) you can tie that information right back into their profile and continue to track them as if nothing has changed. https://www.popularmechanics.com/technology/security/a15927450/identify-individual-users-with-stravas-heatmap/
Can you explain a bit more about Apple grouping their data into cohorts? I haven’t heard much about this before. For example, how would grouping data into cohorts work with GPS data?
You sound like you know a lot more than everyone else on this subject so I thank you for your responses as a means to educate others.
Just a word of advice, be sure to treat others with respect rather than assuming the worst of their intentions or calling them idiots because they don’t know as much as you.
My response is still relevant to the conversation as we are talking about “anonymized data”. The link in my comment above proves that just because you are told your data has been “anonymized” does not truly mean that it’s impossible to re-attribute it back to an individual.
So if you trust that Apple has great techniques for data anonymization, that’s awesome, feel free to expand on that and explain why. Just don’t go around telling others that simply having any sort of anonymization technique makes it so you don’t have to worry.
I’ve been reading through the links you posted as well as looking through other sources. I agree Apple is definitely taking more care with how they anonymize data compared to companies such as Netflix or Strava.
In Netflix’s case they released a bunch of “anonymized data” but in just over 2 weeks some researchers were able to de-anonymize some of the data back to particular users:
https://www.cs.utexas.edu/~shmat/netflix-faq.html
I’ve already linked Strava’s mistake with their anonymization of data in my above comment.
and tell me again why Apple isn’t serious about privacy,
I think you must have me confused with someone else, up to this point in our discussion I never said that. I do believe that Apple is serious about privacy, but that doesn’t mean they are immune to mistakes. I’m sure Netflix and Strava thought the same thing.
My whole point is that you can’t trust that it’s impossible to de-anonymize data simply because some organization removes all of what they believe to be identifying data.
GPS data is a fairly obvious one which is why I brought it up. Just because you remove all identifying info about a GPS trace doesn’t stop someone (or some program) from re-attributing that data based on the start/stop locations of those tracks.
I appreciate that Apple is taking steps and using “local differential privacy” to try to mitigate stuff like this as much as possible. However, even they admit in that document that you linked that this only makes it difficult to determine rather than making it impossible:
“Local differential privacy guarantees that it is difficult to determine whether a certain
user contributed to the computation of an aggregate by adding slightly biased noise
to the data that is shared with Apple.”
https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf
That DigitalTrends article you linked was okay, but it was written in 2018 before Mysks’s tests.
As for your TechRadar link to Apple’s use of E2EE, that’s great, I’m glad they are using E2EE, but that’s not really relevant to our discussion about anonymizing data and risks running afoul of the #3 point you made for why you are frustrated with the majority of users in this post.
I understand it can be frustrating when people bring up random points like that, I’m assuming your comment for #3 was directed at other users on this post rather than myself. But feel free to call me out if I go too far off on a tangent.
I have tried to stick to my main point which is: just because data has been “anonymized” doesn’t mean it’s impossible to de-anonymize that data.
It’s been a while since I’ve looked up information on this subject, so thank you for contributing to this discussion.
Removed by mod
Well, then there’s also the people that don’t realize that there are all sorts of programs out there that will try to take that “anonymized” data and then tie it right back to a persons profile.
For example, you can anonymize GPS location data, but just because you strip away identifying information doesn’t mean that you’re truly anonymous. It can still be obvious where you live and where you work. And once you figure out where they live (again based on anonymous data) you can tie that information right back into their profile and continue to track them as if nothing has changed. https://www.popularmechanics.com/technology/security/a15927450/identify-individual-users-with-stravas-heatmap/
That won’t work on Apples data - they group all the data into cohorts, so the anonymising isn’t reversible.
Can you explain a bit more about Apple grouping their data into cohorts? I haven’t heard much about this before. For example, how would grouping data into cohorts work with GPS data?
Removed by mod
You sound like you know a lot more than everyone else on this subject so I thank you for your responses as a means to educate others.
Just a word of advice, be sure to treat others with respect rather than assuming the worst of their intentions or calling them idiots because they don’t know as much as you.
My response is still relevant to the conversation as we are talking about “anonymized data”. The link in my comment above proves that just because you are told your data has been “anonymized” does not truly mean that it’s impossible to re-attribute it back to an individual.
So if you trust that Apple has great techniques for data anonymization, that’s awesome, feel free to expand on that and explain why. Just don’t go around telling others that simply having any sort of anonymization technique makes it so you don’t have to worry.
Removed by mod
I’ve been reading through the links you posted as well as looking through other sources. I agree Apple is definitely taking more care with how they anonymize data compared to companies such as Netflix or Strava.
In Netflix’s case they released a bunch of “anonymized data” but in just over 2 weeks some researchers were able to de-anonymize some of the data back to particular users: https://www.cs.utexas.edu/~shmat/netflix-faq.html
I’ve already linked Strava’s mistake with their anonymization of data in my above comment.
I think you must have me confused with someone else, up to this point in our discussion I never said that. I do believe that Apple is serious about privacy, but that doesn’t mean they are immune to mistakes. I’m sure Netflix and Strava thought the same thing.
My whole point is that you can’t trust that it’s impossible to de-anonymize data simply because some organization removes all of what they believe to be identifying data.
GPS data is a fairly obvious one which is why I brought it up. Just because you remove all identifying info about a GPS trace doesn’t stop someone (or some program) from re-attributing that data based on the start/stop locations of those tracks.
I appreciate that Apple is taking steps and using “local differential privacy” to try to mitigate stuff like this as much as possible. However, even they admit in that document that you linked that this only makes it difficult to determine rather than making it impossible:
“Local differential privacy guarantees that it is difficult to determine whether a certain user contributed to the computation of an aggregate by adding slightly biased noise to the data that is shared with Apple.” https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf
Now for some counter evidence and reading:
Here’s a brief article about how Anonymized data isn’t as anonymous as you think: https://techcrunch.com/2019/07/24/researchers-spotlight-the-lie-of-anonymous-data/
And if you just want to skip to it, here’s the link to the study about how anonymized data can be reversed: https://www.nature.com/articles/s41467-019-10933-3/
It would be great if users could just opt-out, however Apple is currently being sued for continuing to collect analytics even on users that have opted out (or at least it appears that way, we’ll have to let the lawsuit play out to see how this goes).
https://youtu.be/8JxvH80Rrcw
https://www.engadget.com/apple-phone-usage-data-not-anonymous-researchers-185334975.html
https://gizmodo.com/apple-iphone-privacy-settings-third-lawsuit-1850000531
That DigitalTrends article you linked was okay, but it was written in 2018 before Mysks’s tests.
As for your TechRadar link to Apple’s use of E2EE, that’s great, I’m glad they are using E2EE, but that’s not really relevant to our discussion about anonymizing data and risks running afoul of the #3 point you made for why you are frustrated with the majority of users in this post.
I understand it can be frustrating when people bring up random points like that, I’m assuming your comment for #3 was directed at other users on this post rather than myself. But feel free to call me out if I go too far off on a tangent.
I have tried to stick to my main point which is: just because data has been “anonymized” doesn’t mean it’s impossible to de-anonymize that data.
It’s been a while since I’ve looked up information on this subject, so thank you for contributing to this discussion.
Here is an alternative Piped link(s): https://piped.video/8JxvH80Rrcw
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
Removed by mod
Removed by mod
Here is an alternative Piped link(s): https://piped.video/8JxvH80Rrcw
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.