Appreciate the link! Not sure why, but the paper made infinitely more sense to me than the article. This kinda feels like a "Quantum computing will break encryption" moment for internet culture....
Appreciate the link! Not sure why, but the paper made infinitely more sense to me than the article.
This kinda feels like a "Quantum computing will break encryption" moment for internet culture. Like the abstract notes, no one thought de-anonymization was impossible just time consuming. And now that suddenly isn't true.
The comparison to breaking encryption holds when you start thinking about the fallout:
There's a large corpus of data that can be processed retroactively now (the entire internet)
Fixing this would be a herculean effort (comprehensive privacy laws?!)
Not surprising that it works, I agree, but it’s gonna be a lot easier for anyone and everyone to implement now that there’s a paper explaining the nuances of how, and the results to expect when...
Not surprising that it works, I agree, but it’s gonna be a lot easier for anyone and everyone to implement now that there’s a paper explaining the nuances of how, and the results to expect when it’s working.
As a 14 year old girl living in Florida who enjoys turntablism and hastening the evolution of mole people, it is a worrying eventuality. Deanonymization isn't exactly new, but we have seen...
As a 14 year old girl living in Florida who enjoys turntablism and hastening the evolution of mole people, it is a worrying eventuality.
Deanonymization isn't exactly new, but we have seen better/easier tools get adopted by scammers and bad actors pretty quickly. I think there are interesting possibilities for defensive use but I don't have a lot of hope for it to be widespread, and a lot of the harm that can be done from mass surveillance doesn't need to care about any given individual.
I got a basic version of it just by asking Gemini 3 if is was familiar with the process described in the article. It said it could replicate it, but that it never would because of its ethical...
I got a basic version of it just by asking Gemini 3 if is was familiar with the process described in the article. It said it could replicate it, but that it never would because of its ethical guidelines. It then offered to analyze my profile to provide feedback on how to protect myself. I then put in "my" profile, and got data within moments. I'm sure that professionals could do better than my basic effort, but it wasn't a challenge at all to get an outline. It makes me all the more glad that I specifically overwrote, purged, and deleted my Reddit profile.
I'd be curious to litmus test this claim on myself, but I'm unsure how. I've gone through some considerable effort to separate my online identity from my real one, and (I feel) I've done a fairly...
I'd be curious to litmus test this claim on myself, but I'm unsure how. I've gone through some considerable effort to separate my online identity from my real one, and (I feel) I've done a fairly good job. But I wonder how good I've really done.
For what it’s worth - and this is NOT an attack, but just for context - I just did it in about ~30 seconds manually, no LLM needed. Clicked on your profile, checked your submitted topics, one of...
For what it’s worth - and this is NOT an attack, but just for context - I just did it in about ~30 seconds manually, no LLM needed. Clicked on your profile, checked your submitted topics, one of them (something you’ve made) was a link to github, your real name is on there.
I think more than anything that goes to show just how hard it is to keep your online identity separate from your real life if it’s not something that you’re devoting constant attention to.
When I set up my tildes profile, I intended to not use my generally common username and keep things somewhat difficult to link to my other online identities. But then I posted something that I...
When I set up my tildes profile, I intended to not use my generally common username and keep things somewhat difficult to link to my other online identities.
But then I posted something that I know provides a link. TBH, don't really care 😂
I'll send you a private message. I checked, and having seen what it came up with, I'm not comfortable posting it in the thread. It's not naming you as a singular person, but there's a remarkable...
I'll send you a private message. I checked, and having seen what it came up with, I'm not comfortable posting it in the thread. It's not naming you as a singular person, but there's a remarkable amount of aggregated detail.
Just using gpt-5-mini from duckduckgo's AI offering, and it immediately picked up the link to your github account (you have posted your projects there), which includes what I assume is your real name.
Just using gpt-5-mini from duckduckgo's AI offering, and it immediately picked up the link to your github account (you have posted your projects there), which includes what I assume is your real name.
So far it seems people have only found the pseudonym I've tied to my username. I'd be curious to see if anyone could get my first name. But I suppose that's also not in the spirit of this site and...
So far it seems people have only found the pseudonym I've tied to my username. I'd be curious to see if anyone could get my first name. But I suppose that's also not in the spirit of this site and what it's about.
I do my best to use different usernames across platforms, but it sounds like this approach works by picking up on consistencies in personal details, connections and interests scattered here and...
I do my best to use different usernames across platforms, but it sounds like this approach works by picking up on consistencies in personal details, connections and interests scattered here and there across the whole internet.
It's easy enough to say that you should just never share any kind of personal information online, but humans are social animals and it's in our nature to empathise and share anecdotes. If this is the new status quo that we have to bear in mind when posting anything online, it makes me wonder what sort of chilling effect it might have on online discussions in forums like ~talk.
You could add a bit of noise? It seems to rely on specific details for some of its matching, and by changing a few details or adding superfluous incorrect information that differs in different...
You could add a bit of noise? It seems to rely on specific details for some of its matching, and by changing a few details or adding superfluous incorrect information that differs in different areas your story and message can be transmitted while masking your identity.
I try to do this a little bit, but maybe I will do that more often now.
I think I have always had this fear that something like this would be possible, so I have generally made my online presence something that I could tolerate being potentially linked back to me. I...
I think I have always had this fear that something like this would be possible, so I have generally made my online presence something that I could tolerate being potentially linked back to me. I had an anonymous Reddit profile for years, until my wife found it and could deduce it was me. So now I am simply not anonymous anymore, and it some ways it is sort of freeing as I don't have to worry about whether what I write could potentially reveal who I was. Easier to just remove that completely. I realize that is of course a very privileged position to have, as I am not belonging to any sort of marginalized group or anything. It is certainly worrying with the potential impact for harmful doxxing these sort of thing could be used for.
And the actual paper
Appreciate the link! Not sure why, but the paper made infinitely more sense to me than the article.
This kinda feels like a "Quantum computing will break encryption" moment for internet culture. Like the abstract notes, no one thought de-anonymization was impossible just time consuming. And now that suddenly isn't true.
The comparison to breaking encryption holds when you start thinking about the fallout:
Thanks - look forward to reading this.
This isn't too surprising, is it? I assume any username that's related to your life is in some way making you more fingerprint-able
Not surprising that it works, I agree, but it’s gonna be a lot easier for anyone and everyone to implement now that there’s a paper explaining the nuances of how, and the results to expect when it’s working.
As a 14 year old girl living in Florida who enjoys turntablism and hastening the evolution of mole people, it is a worrying eventuality.
Deanonymization isn't exactly new, but we have seen better/easier tools get adopted by scammers and bad actors pretty quickly. I think there are interesting possibilities for defensive use but I don't have a lot of hope for it to be widespread, and a lot of the harm that can be done from mass surveillance doesn't need to care about any given individual.
The researchers note in the paper that
I got a basic version of it just by asking Gemini 3 if is was familiar with the process described in the article. It said it could replicate it, but that it never would because of its ethical guidelines. It then offered to analyze my profile to provide feedback on how to protect myself. I then put in "my" profile, and got data within moments. I'm sure that professionals could do better than my basic effort, but it wasn't a challenge at all to get an outline. It makes me all the more glad that I specifically overwrote, purged, and deleted my Reddit profile.
I'd be curious to litmus test this claim on myself, but I'm unsure how. I've gone through some considerable effort to separate my online identity from my real one, and (I feel) I've done a fairly good job. But I wonder how good I've really done.
For what it’s worth - and this is NOT an attack, but just for context - I just did it in about ~30 seconds manually, no LLM needed. Clicked on your profile, checked your submitted topics, one of them (something you’ve made) was a link to github, your real name is on there.
I think more than anything that goes to show just how hard it is to keep your online identity separate from your real life if it’s not something that you’re devoting constant attention to.
My pseudo-real-name is on there, youngster :)
Username: Goose.
In hindsight, a bit on the nose.
Nobody has ever accused me of being subtle. In fact, my D&D party often refers to me as "the big noisy distraction"!
When I set up my tildes profile, I intended to not use my generally common username and keep things somewhat difficult to link to my other online identities.
But then I posted something that I know provides a link. TBH, don't really care 😂
I'll send you a private message. I checked, and having seen what it came up with, I'm not comfortable posting it in the thread. It's not naming you as a singular person, but there's a remarkable amount of aggregated detail.
Just using gpt-5-mini from duckduckgo's AI offering, and it immediately picked up the link to your github account (you have posted your projects there), which includes what I assume is your real name.
The name I use for my "online identity", nowhere near my actual name
Judging from the several comments claiming to have deanonymized you with ease, I’d say @goose is cooked 🥁
So far it seems people have only found the pseudonym I've tied to my username. I'd be curious to see if anyone could get my first name. But I suppose that's also not in the spirit of this site and what it's about.
Oh lmao that’s a great pseudonym. I agree though I wouldn’t want anyone trying to track me down even as an exercise.
I do my best to use different usernames across platforms, but it sounds like this approach works by picking up on consistencies in personal details, connections and interests scattered here and there across the whole internet.
It's easy enough to say that you should just never share any kind of personal information online, but humans are social animals and it's in our nature to empathise and share anecdotes. If this is the new status quo that we have to bear in mind when posting anything online, it makes me wonder what sort of chilling effect it might have on online discussions in forums like ~talk.
You could add a bit of noise? It seems to rely on specific details for some of its matching, and by changing a few details or adding superfluous incorrect information that differs in different areas your story and message can be transmitted while masking your identity.
I try to do this a little bit, but maybe I will do that more often now.
Having now read the paper, I am notably less impressed than I expected to be from the abstract. Has anybody else read it and interested in discussing?
I've long given up on anonymity.
I think I have always had this fear that something like this would be possible, so I have generally made my online presence something that I could tolerate being potentially linked back to me. I had an anonymous Reddit profile for years, until my wife found it and could deduce it was me. So now I am simply not anonymous anymore, and it some ways it is sort of freeing as I don't have to worry about whether what I write could potentially reveal who I was. Easier to just remove that completely. I realize that is of course a very privileged position to have, as I am not belonging to any sort of marginalized group or anything. It is certainly worrying with the potential impact for harmful doxxing these sort of thing could be used for.