LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is k-anonymity, and what are its critical limitations?

K-anonymity ensures each record is indistinguishable from at least k−1 others, so no individual can be uniquely picked out of a group of k — but it's vulnerable to background-knowledge and homogeneity attacks.

Records generalized so each quasi-identifier combination is shared by >=2 people.

* A 2-anonymous table: each record matches at least one other. — HTriedman (WMF), CC BY-SA 4.0, via Wikimedia Commons. *

You achieve it by generalizing/suppressing quasi-identifiers (age, ZIP, gender) until every combination is shared by at least k people. It underpins real compliance approaches like HIPAA Safe Harbor (healthcare) and FERPA (education records).

The two classic weaknesses:

  • Homogeneity attack: if all k records in a group share the same sensitive value (e.g. all have the same diagnosis), you learn that value even without isolating the individual. (This is what l-diversity tries to fix.)
  • Background-knowledge attack: an adversary uses external information to eliminate possibilities and narrow the group back down to one person.

Tip: k-anonymity hides who you are in a crowd, but not necessarily what is true about the crowd — that gap is its Achilles' heel.

Go deeper:

  • doc k-anonymity (Wikipedia) — quasi-identifier generalization plus the homogeneity and background-knowledge attacks.

From Quiz: PRIVACY / Cryptographic Privacy & Big Data — Zero-Knowledge Proofs, MPC, Homomorphic Encryption & Anonymization | Updated: Jul 05, 2026