LOGBOOK

HELP

Quiz Entry - updated: 2026.06.30

Why does traditional anonymization (just removing names) fail to protect privacy?

Stripping names doesn't make data anonymous — leftover attributes can be re-linked to other datasets to re-identify people, and you must trust the company to anonymize correctly in the first place.

Three weaknesses sink naive anonymization:

  • Trust issues — anonymization happens on the company's servers, so you must trust them to actually strip identifying information properly.
  • Linkage attacks — "anonymous" data can be cross-referenced with other datasets to recover real identities, defeating the whole point.
  • Not really anonymous — even without names, combinations of ordinary attributes can uniquely pinpoint individuals.

The classic evidence: research found that roughly 87% of Americans can be uniquely identified from just three data points — ZIP code, birth date, and gender. Latanya Sweeney famously used exactly this to re-identify the Massachusetts governor's "anonymized" medical records.

Tip: This is why differential privacy exists. DP gives a provable guarantee that holds even against an attacker who already has side data to link against — the exact scenario where anonymization collapses.

From Quiz: PRIVACY / Privacy in AI & ML — Differential Privacy, Synthetic Data & LLM Security | Updated: Jun 30, 2026