What is re-identification (de-anonymization), and what are the four steps of a re-identification attack?
Re-identification matches anonymized data against external data or background knowledge to recover real identities — in four steps.
* The generic re-identification pipeline — auxiliary data plus linkage are the heart of the attack. *
Re-identification (a.k.a. de-anonymization) is the process of taking "anonymous" records and successfully tying them back to specific people. The generic attack pipeline:
- Obtain anonymized data — access the target dataset that lacks direct identifiers.
- Identify auxiliary data — find external sources with overlapping attributes (voter rolls, IMDb, social media, public records).
- Link records — match records across datasets using the shared quasi-identifiers.
- Reveal identity — successfully associate the anonymous records with real individuals.
Steps 2–3 are the heart of it: the attacker supplies external knowledge the data publisher didn't account for.
Tip: Anonymity is never a property of your dataset alone — it's a property of your dataset plus every other dataset in the world.
Go deeper:
Data re-identification (Wikipedia) — matching anonymized data to external sources, with documented cases.