We use passwords all the time. Sometimes they're called "PINs" or "access codes" or "lock combinations" but they amount to the same thing, a sequence of symbols that must be provided in order to get access to something. Passwords have one big advantage: ease of use. But this comes with several disadvantages.
I have been writing recently about data and privacy. Today I want to continue by talking about aggregate data. A common intuitions is aggregate data--information averaged or summed over a large population--is inherently free of privacy implications. As we'll see, that isn't always right.
In recent posts, I explained why hashing and pseudonyms often fail to provide anonymity. These problems, and the well-known examples of people re-identifying supposedly anonymized data sets, might tempt you into believing that any data set can be re-identified given enough effort or that there is just no way to provide access to data in a privacy-preserving way. But tho
Today the FTC announced a proposed settlement with Myspace, on charges that the company broke its privacy promises to consumers. I want to focus today on one of the FTC's charges, relating to possible syncing of identifiers.
Myspace, a popular social network, assigns each of its users a numeric identifier called a "Friend ID". If you know someone's Friend ID, you can use it to get their public information, by accessing the URL myspace.com/<Friend ID>.