LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How were "anonymized" Netflix viewing records re-identified, and what does the case teach about anonymization?

Researchers matched the anonymized Netflix ratings dataset against public IMDb reviews — a handful of ratings plus approximate dates uniquely identified individuals, showing that removing names is not enough.

In 2006 Netflix released 100 million "anonymized" movie ratings for a public competition (the Netflix Prize). In 2008, Narayanan and Shmatikov demonstrated a linkage attack: by cross-referencing with publicly posted IMDb reviews, they re-identified specific users.

Why so few data points were enough:

  • Movie-rating data is sparse and high-dimensional — almost everyone's exact combination of films, ratings, and dates is unique.
  • Knowing just a few of a person's ratings (e.g., from their public IMDb profile) was enough to pinpoint their entire "anonymous" Netflix history — including films they'd rated privately.

The lesson: "anonymized" does not mean "safe." If rich, distinctive data can be cross-referenced against any external dataset, re-identification is often possible. This is the same linkage principle behind Sweeney's birth-date/ZIP/gender result — and it's why modern privacy leans on techniques like differential privacy rather than naive de-identification.

Tip: When a company says data is "anonymized," ask: what external data could it be linked against, and how unique is each record? Uniqueness is the enemy of anonymity.

Go deeper:

From Quiz: PRIVACY / Introduction to Privacy and Data Protection | Updated: Jul 05, 2026