Near-Optimal Fingerprinting with Constraints

TL;DR

This paper investigates the problem of optimally selecting user attributes as fingerprints under size constraints, demonstrating that current privacy measures are often insufficient to prevent re-identification risks.

Contribution

It introduces optimal fingerprinting algorithms under attribute constraints and evaluates their effectiveness on real datasets, highlighting privacy vulnerabilities.

Findings

Current privacy restrictions often fail to prevent re-identification.

Optimal algorithms improve fingerprinting effectiveness within constraints.

Privacy risks remain significant despite attribute size limits.

Abstract

Several recent studies have demonstrated that people show large behavioural uniqueness. This has serious privacy implications as most individuals become increasingly re-identifiable in large datasets or can be tracked while they are browsing the web using only a couple of their attributes, called as their fingerprints. Often, the success of these attacks depend on explicit constraints on the number of attributes learnable about individuals, i.e., the size of their fingerprints. These constraints can be budget as well as technical constraints imposed by the data holder. For instance, Apple restricts the number of applications that can be called by another application on iOS in order to mitigate the potential privacy threats of leaking the list of installed applications on a device. In this work, we address the problem of identifying the attributes (e.g., smartphone applications) that can serve as a fingerprint of users given constraints on the size of the fingerprint. We give the best fingerprinting algorithms in general, and evaluate their effectiveness on several real-world datasets. Our results show that current privacy guards limiting the number of attributes that can be queried about individuals is insufficient to mitigate their potential privacy risks in many practical cases.