Quiz Entry - updated: 2026.06.07
Why is selecting quasi-identifiers during anonymization so fragile?
Because you can't anticipate every external dataset an attacker might use — what counts as a quasi-identifier keeps changing.
The fundamental challenge: it's impossible to anticipate every external dataset an attacker might leverage. Three faces of this fragility:
- Unknown unknowns — an attribute you didn't flag as a quasi-identifier can become identifying once combined with an unanticipated external source.
- Expanding data landscape — new public datasets emerge constantly (social media, IoT devices, public cameras), creating fresh linkage opportunities that didn't exist at publication time.
- Context dependency — what is a quasi-identifier shifts with the attacker's background knowledge and available resources.
So a dataset judged "safe" at the time of publication can become re-identifiable later simply because the world's data grew. Anonymity decays.
Tip: You're not just defending against the auxiliary data that exists at publication — you're betting against all the data that will exist. That bet often loses.