LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is re-identification (de-anonymization), and what are the four steps of a re-identification attack?

Re-identification matches anonymized data against external data or background knowledge to recover real identities — in four steps.

Serpentine four-step flow: obtain anonymized data, find auxiliary data, link on quasi-IDs, reveal identity.

* The generic re-identification pipeline — auxiliary data plus linkage are the heart of the attack. *

Re-identification (a.k.a. de-anonymization) is the process of taking "anonymous" records and successfully tying them back to specific people. The generic attack pipeline:

  1. Obtain anonymized data — access the target dataset that lacks direct identifiers.
  2. Identify auxiliary data — find external sources with overlapping attributes (voter rolls, IMDb, social media, public records).
  3. Link records — match records across datasets using the shared quasi-identifiers.
  4. Reveal identity — successfully associate the anonymous records with real individuals.

Steps 2–3 are the heart of it: the attacker supplies external knowledge the data publisher didn't account for.

Tip: Anonymity is never a property of your dataset alone — it's a property of your dataset plus every other dataset in the world.

Go deeper:

From Quiz: PRIVACY / Re-identification Attacks & Privacy Defenses | Updated: Jul 05, 2026