We show that large language models can be used to perform at-scale deanonymization. With full Internet access, our agent can re-identify Hacker News users and Anthropic Interviewer participants at high precision, given pseudonymous online profiles and conversations alone, matching what would take hours for a dedicated human investigator. We then design attacks for the closed-world setting. Given two databases of pseudonymous individuals, each containing unstructured text written by or about that individual, we implement a scalable attack pipeline that uses LLMs to: (1) extract identity-relevant features, (2) search for candidate matches via semantic embeddings, and (3) reason over top candidates to verify matches and reduce false positives. Compared to classical deanonymization work (e.g., on the Netflix prize) that required structured data, our approach works directly on raw user content across arbitrary platforms. We construct three datasets with known ground-truth data to evaluate our attacks. The first links Hacker News to LinkedIn profiles, using cross-platform references that appear in the profiles. Our second dataset matches users across Reddit movie discussion communities; and the third splits a single user's Reddit history in time to create two pseudonymous profiles to be matched. In each setting, LLM-based methods substantially outperform classical baselines, achieving up to 68% recall at 90% precision compared to near 0% for the best non-LLM method. Our results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered.

This is bad, and I’ve already given up on being anonymous on the internet.

But maybe we get to have some fun and doxx the baddies too?

  • Llituro [he/him, they/them]@hexbear.netEnglish
    32·
    1 month ago

    you should assume that to sufficiently motivated megacorps, palantir, and the u.s. federal government, your best attempts at online anonymity can probably be circumvented by one failure point or another. i’ve taken relative pains to separate my username from my real life, and i know it’s still not really meaningfully anonymous if the right company wants to figure it out. if they want ya, they got ya. everyone should post accordingly.

  • BountifulEggnog [it/its, she/her]@hexbear.netEnglish
    15·
    1 month ago

    I wondered about this and had an idea for a (similar but worse) pipeline, very interesting paper.

    Wonder when this will be on github and every nerd has a copy running on their computer.

    • BountifulEggnog [it/its, she/her]@hexbear.netEnglish
      10·
      1 month ago

      The paper has several different datasets and explains how they got them, but for their test data they already knew the link existed. I think this one is probably the most relevant for actual attacks. They split accounts, giving a one year gap in their post history to simulate an abandoned account etc and added some fake profiles that didn’t have a match.

      If you mean running this yourself, you can’t, they didn’t post prompts or anything. Just an overview of their pipeline. Sorry at first I thought you meant how could they validate that the users were the same person.

      • TankieTanuki [he/him]@hexbear.netEnglish
        11·
        1 month ago

        Oh I see, they stripped the usernames and matched the comments. I thought they were claiming to have matched usernames to legal identities.

        • BountifulEggnog [it/its, she/her]@hexbear.netEnglish
          12·
          1 month ago

          They did that too, with hackernews and linkedin accounts, as well as some anthropic interviewees. I’m less sure how impressive that is, because the accounts were linked by the owner. So they obviously don’t care about opsec, so they’re probably less careful then they otherwise would be. The paper isn’t a super hard read if you’re interested. Guess we’ll all have to see how well this works in practice.

  • quarrk [he/him]@hexbear.netEnglish
    10·
    1 month ago

    Even if it’s possible, don’t make it easy. Too many people post here hyper specific details like “my grandfather with <rareDisease> has an adopted daughter from Bangladesh who became a rural doctor”

    Don’t make things too personal here, even if most of us are friendly