Temporal fingerprints: Identity matching across fully encrypted domain

TL;DR

This paper shows that individual temporal activity patterns, specifically inter-event times, can be used to match identities across encrypted online platforms, revealing privacy risks even without content data.

Contribution

It introduces a novel method leveraging temporal data as fingerprints for cross-domain identity matching, outperforming previous models.

Findings

Effective identity matching across encrypted platforms.

Temporal data alone poses significant privacy risks.

Outperforms existing models in accuracy.

Abstract

Technological advancements have significantly transformed communication patterns, introducing a diverse array of online platforms, thereby prompting individuals to use multiple profiles for different domains and objectives. Enhancing the understanding of cross domain identity matching capabilities is essential, not only for practical applications such as commercial strategies and cybersecurity measures, but also for theoretical insights into the privacy implications of data disclosure. In this study, we demonstrate that individual temporal data, in the form of inter-event times distribution, constitutes an individual temporal fingerprint, allowing for matching profiles across different domains back to their associated real-world entity. We evaluate our methodology on encrypted digital trading platforms within the Ethereum Blockchain and present impressing results in matching identities across these privacy-preserving domains, while outperforming previously suggested models. Our findings indicate that simply knowing when an individual is active, even if information about who they talk to and what they discuss is lacking, poses risks to users' privacy, highlighting the inherent challenges in preserving privacy in today's digital landscape.