During the summer of 2020, fluxLoop challenged Orange Cyberdefense to perform an attack on the anonymised dataset from Pinch. The goal was to identify an individual by combining the anonymised dataset from Pinch with other available datasets and sources.
“Our research has shown that the measures taken by fluxLoop to anonymise the dataset are effective in mitigating re-identification attacks. Especially the fact that journeys contain no personal attributes and are not linked together makes it challenging to successfully identify individuals. There is no reliable way of identifying an individual traveling from point A to point B, then to point C.” – August 2020
The research shows that several choices fluxLoop has made makes it very hard or impossible to identify individuals in the dataset.
Some of the measures taken are as described below:
The fact that there is no device id or similar connecting any journeys together means that even if we can correctly re-identify the individual there is no certain way of tracking where he has been traveling.
The lack of attributes serves two purposes. It makes it impossible to identify individuals based on these attributes which have been very successful in other studies. Also in this dataset, the lack of attributes makes it very hard to link journeys as being made by the same individual.
Because the dataset only contains information on the individuals that have agreed to share their travel data, there are many cases where only a small set of individuals live and work in the same locations. However behind these numbers are all the people who do not submit their travel data and when performing re-identification these are also possible candidates as we simply can not know which person within this group performed a given journey.
fluxLoop are happy to go through the report and the details of it together with you.
Please contact your Customer Success Manager or Sales representative at fluxLoop.
FluxLoop contacted Orange Cyberdefence Norway AS for a review of their anonymized dataset used in their Pinch Analytics application. The goal being to see if we could re-identify individuals based on the anonymized data. Orange Cyberdefense has attempted various techniques to achieve this goal and the results are detailed in this report.