I thought you needed to de-correlate the anonymous data sets. Say that the database entries of a medical record are nym, age, location, type_of_disease. For e.g. Mickey, 43, Madison area, chance_for_don't_insure_him_disease. Now, it doesn't matter they may not find your actual name or address-they can correlate across databases to put up a red flag when someone matching the remaining fields except for the first one(nym)requests a health insurance policy. Note: The nym can be anything-in the above case it is just a nickname. Sarad. --- On Fri, 11/6/09, Shawn K. Quinn <skquinn@speakeasy.net> wrote:
I should have asked this years ago when there was more
this list (and I was using a different nym[1]) ... but years ago there was not such established proof of data correlation in "anonymized" data sets (netflix, "anonymized" medical data, etc.) [...] These actions are probably not robust. My
common profiles below the noise threshold that a
From: Shawn K. Quinn <skquinn@speakeasy.net> Subject: Re: managing and protecting nyms... To: "John Case" <case@sdf.lonestar.org> Cc: cypherpunks@al-qaeda.net Date: Friday, November 6, 2009, 6:45 AM On Thu, 2009-11-05 at 23:05 +0000, John Case wrote: traffic/users on thought is that it can lower my particular aggregator
might have.
What do _you_ do to sanitize/de-correlate your nyms ?
I don't. I only use a nym for things that need to appear to have been done by a third party, or for other reasons should not be traceable back to Shawn K. Quinn.
Someone who I am currently not on speaking terms with once "clarified" his/her position by stating her online and in-person personas were different; his/her online persona made it appear he/she was more approachable than he/she actually was. I simply don't play that game.
I do follow cypherpunk topics, I use PGP/GnuPG, Tor, Mixmaster, Freenet, GNUnet, etc. from time to time, but for the most part, I'm not nearly as paranoid as I used to be. For better or for worse. Hell, I quit channeling my Google queries through Tor some time ago (I still only accept session cookies from Google, and that's only to make the services work that require a Google account).
-- Shawn K. Quinn <skquinn@speakeasy.net>