Quiz Entry - updated: 2026.07.05
What are the typical five steps of a de-anonymization attack?
Collect the anonymized target dataset, gather auxiliary public data, identify distinguishing patterns/quasi-identifiers, match patterns across datasets, then validate the re-identification.
- Collect the anonymized target dataset.
- Gather auxiliary data from public sources (other leaks, public profiles, voter rolls, etc.).
- Identify distinguishing patterns / quasi-identifiers present in both.
- Match patterns across datasets to link records.
- Validate re-identification to confirm the linkage is correct.
The underlying principle: de-anonymization is fundamentally a linkage attack — the anonymized data is matched against an external "auxiliary" dataset via shared quasi-identifiers. The more auxiliary data exists in the world, the weaker any anonymization becomes.
Tip: This is why "anonymized" is a risk level, not a binary state — it depends on what auxiliary data an adversary can obtain, now or in the future.
Go deeper:
Data re-identification (Wikipedia) — linkage attacks and famous real-world re-identification cases.