[*QUOTE*]
CRYPTO-GRAM
January 15, 2008
by Bruce Schneier
Founder and CTO
BT Counterpane
http://www.schneier.com http://www.counterpane.comA free monthly newsletter providing summaries, analyses, insights,
and commentaries on security: computer and otherwise.
[...]
** *** ***** ******* *********** *************
In this issue:
Anonymity and the Netflix Dataset News
"Where Should Airport Security Begin?"
Airport Security Study
Schneier/BT Counterpane News
My Open Wireless Network
Comments from Readers
** *** ***** ******* *********** *************
Anonymity and the Netflix DatasetLast year, Netflix published 10 million movie rankings by 500,000
customers, as part of a challenge for people to come up with better
recommendation systems than the one the company was using. The data
was anonymized by removing personal details and replacing names with
random numbers, to protect the privacy of the recommenders.
Arvind Narayanan and Vitaly Shmatikov, researchers at the University
of Texas at Austin, de-anonymized some of the Netflix data by
comparing rankings and timestamps with public information in the
Internet Movie Database, or IMDb.
Their research illustrates some inherent security problems with
anonymous data, but first it's important to explain what they did and
did not do.
They did *not* reverse the anonymity of the entire Netflix dataset.
What they did was reverse the anonymity of the Netflix dataset for
those sampled users who also entered some movie rankings, under their
own names, in the IMDb. (While IMDb's records are public, crawling
the site to get them is against the IMDb's terms of service, so the
researchers used a representative few to prove their algorithm.)
The point of the research was to demonstrate how little information
is required to de-anonymize information in the Netflix dataset.
[*/QUOTE*]
mehr:
For back issues, or to subscribe, visit
http://www.schneier.com/crypto-gram.htmlYou can read this issue on the web at
http://www.schneier.com/crypto-gram-0801.htmlThese same essays appear in the "Schneier on Security" blog:
http://www.schneier.com/blogPflichtlektüre!
ama