What is a linkage attack, and what are its sub-types?
A linkage attack cross-references anonymized data with public records (voter rolls, property records, social media) by matching quasi-identifiers — and comes in exact, robust, and profiling flavors.
Linkage attacks are the classic threat. The attacker takes the QIDs in your "anonymous" dataset (birth date/age, gender, ZIP, race/ethnicity, occupation) and matches them to an external source that contains the same attributes plus direct identifiers — re-attaching names.
Three sub-types by sophistication:
- Exact matching — link records with identical attribute values across datasets.
- Robust matching — link even when values differ slightly due to noise or inconsistencies.
- Profiling attacks — extract behavioral patterns to link records across different time periods.
The classic figure: birthdate + gender + ZIP uniquely identifies 87% of the U.S. population when linked with voter registration data.
Tip: Robust and profiling matching are why "we added a little noise" or "the data is from a different year" don't save you — modern linkage tolerates fuzz.