Privacy is the great utopia of a society based on the technology, every action we make leaves a track that could be used to reveal our identity, track our profile and monitor our habits. We have discussed several times about the difficulty to preserve or anonymity online, even a new study explains that three small credit card transactions could reveal our identity.
The study published in the journal Science confirms that by analyzing just three pieces of information per person, that could be three minor transactions for a pizza, a coffè and a bottle of water, it possible de-anonymize cardholders.
“Just knowing an individual’s location on four occasions was enough to fingerprint 90% of the spenders. And knowing the amount spent on those occasions—the equivalent of a few receipts from someone’s trash—made it possible to de-anonymize nearly everyone and trace their entire transaction history with just three pieces of information per person.” reads the study.
The findings confirm that a small set of credit card metadata could allow an attacker to uniquely identify an individual.
“The fact that a few data points are enough to uniquely identify an individual was true in credit card metadata,” explained Yves-Alexandre de Montjoye, which is a co-author of the study’.
Montjoye was known to the scientific community for a study conducted in 2013 that analyzed fifteen months of human mobility data for 1.5 million individuals to demonstrate that human mobility traces are highly unique.
The research on mobility showed that four data points, for example geographic location and time, were enough to identify a person from lard data set of mobile phone records in 95 percent of the time.
This time, the team of researchers has analyzed credit card transactions provided by an unnamed major bank, the data are related to transactions of 1.1 million people in some 10,000 stores over a three-month period.
The researchers were evaluating how much data they needed to identify a person’s transactions from a larger data set of transaction metadata that of course not include personal information (i.e. names, addresses, email addresses and other info). They didn’t try to actually identify a specific individual, but instead to quantify the mount of data necessary to link transactions to a person.
“We did not try to find a specific person on purpose,” Montjoye said.
The experts verified that by knowing an individual’s location and four transactions was enough to fingerprint 90% of the spenders, and just adding price information (i.e. purchase receipts) allowed them to identify a specific individual with just three transactions.
Researchers could also identify individuals from “one receipt, one Instagram photo of you having coffee with friends, and one tweet about the phone you just bought,” they explained. “The fundamental scientific question is one of our human behavior,” de Montjoye said. “It’s really how our behavior compares with that of others and eventually makes us unique and identifiable.”
The researchers didn’t try to actually identify particular individuals, but instead to figure out on average how much data would be needed to narrow transactions down to a person.
In the last years, we are a long debated on the right to anonymity and about mass surveillance operated by governments that in some cases defended their operations sustaining that they were collecting only metadata.
This research demonstrates that removing names and email addresses from the records is not enough to protect how anonymity, and Intelligence Agencies know this!
“What our study shows is that this is not enough to prevent identification,” he said.
The only way to protect user’s identity from prying eyes is to adopt data that must be “provably” anonymous, and make it impossible to de-anonymize individuals.
Verifying which conditions could ensure that data could not be linked to a user’s identity is very difficult as explained by de Montjoye, people should be aware of the potential risks of identification.
“One way to protect against correlation attacks is to blur the data by binning certain variables. For example, rather than revealing the exact day or price of a transaction, the public version of the data set might reveal only the week in which it occurred or a price range within which it fell. Binning did not thwart de Montjoye‘s correlation attack; instead, it only increased the amount of information needed to de-anonymize each person to the equivalent of a dozen receipts.”
“I don’t think it’s ever going to be 100 percent safe, but there are steps that can be taken,” Montjoye said.
(Security Affairs – anonymity, privacy)