The State of Your Online Anonymity

Have you ever gotten a quick bite at Shake Shack, posted it to Instagram, hopped in a cab (or Uber) and then made an online purchase?  If you have, then you could probably be identified fairly easily from that information alone.  All it takes is a few bits of data and a mildly competent first year data science student, at minimum.  Dates of birth, genders, and zip codes are usually enough to suffice.

The Guardian had a feature recently that shows just how challenging it is to remain completely anonymous in such a connected society.  According to Latanya Sweeney, former chief technology officer (CTO) at the Federal Trade Commission, “data that may look anonymous is not necessarily anonymous.”  With just four data points of locations and times, stored in a mobile phone database, approximately 95% of 1.5 million people in a study could be identified.

Metadata from a person’s Twitter account, such as the time of a tweet or the number of followers, can even be leveraged to identify a user.  Even if you think you’re anonymous online, that most likely is not the case.  These little pieces of information that accompany your online activity provide helpful means of stripping privacy away.  Re-identifying someone from supposedly de-identified data is easier than ever.

Rules like GDPR are a “step in the right direction,” says Yves-Alexandre de Montjoye, a computational privacy researcher.  Anna Johnston of Salinger Privacy believes privacy regulations of the past have burdened the consumer with more of the responsibility than they were able to handle.  More should be placed on businesses, governments, and those who process and store personal data.

Some organizations have also taken steps to afford their users greater transparency with their data.  A startup bank in the UK, Monzo, has shown rather refreshing forthrightness with its customers.  Whereas most entities, being risk-averse, will wait until they have as much information as possible before alerting people, Monzo practically provides play-by-play analysis.  When Mastercard experienced a recent outage, Monzo tweeted: “The Mastercard network had a partial outage starting at 6:05pm that caused some payments to decline. We are seeing card payments succeed as of 7:40pm, Mastercard have told us that the issue has been resolved. Thank you so much for your patience ❤.”

Sometimes the bank will share a blog post as well, as they did during a data breach of Ticketmaster.  Coupled with their detailed updates to keep users informed, Monzo wanted “to share what happened, and what we did to protect our customers behind the scenes.”  This particular post saw incredibly positive response, revealing that the startup just might on to something.

More established institutions, of course, might be slower to adapt to new methods.  However, if these young disruptors have success, we could see a new way of doing business and interacting with customers.  And, as people struggle to keep some semblance of privacy, any effort from the custodians of their data is a welcome assist.