[Cryptography] De-Anonymizing

[ianG]

On 30/01/2015 19:44 pm, Jerry Leichter wrote:
> On Jan 30, 2015, at 8:11 AM, dan at geer.org wrote:
>> Whether one or another kind of data can or cannot be anonymized is
>> fast becoming irrelevant.  The more things you are or carry that can
>> be a source of good information, the less the blinding of any one of
>> them diminishes the overall probability that you are identifiable....
> Speaking of which:  http://www.nytimes.com/aponline/2015/01/29/science/ap-us-sci-data-privacy.html?ref=aponline&_r=0&pagewanted=all
> "'Anonymized' Credit Card Data Not So Anonymous, Study Shows"
>
> Basically - who needs RFID.  Patterns of what you buy and how you buy it will generally make you easily identifiable in the stream of credit card charges.


Right -- pay with a tracking mechanism, get tracked.

I generally pay with cash at the local supermarket.  But I have one of 
those store tracking things that a mate gave to me.  So his purchasing 
pattern is intermingled with mine.  Which is probably not a lot of 
confusion, can be stripped out if it is known.

Perhaps we could do a mix?  If we each meet once a month, and we throw 
our supermarket tracking things into a basket, mix it up, then everyone 
takes a random one.  Next month, remix.

The tracking would be pretty hard.  And, as the reward is on the volume, 
we'd all share in the combined result.  A bit of a disadvantage if I'm 
the biggest payer, but it's a livable compromise.

Tracking mixes might be rendered useless if we end up with no cash 
systems though, as, the payment card could be used to inform the real 
purchasing buyer.

iang