Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anonymous No More: Your Coding Style Can Give You Away

Posted by samzenpus on from the leaving-your-mark dept.

itwbennett writes Researchers from Drexel University, the University of Maryland, the University of Goettingen, and Princeton have developed a "code stylometry" that uses natural language processing and machine learning to determine the authors of source code based on coding style. To test how well their code stylometry works, the researchers gathered publicly available data from Google's Code Jam, an annual programming competition that attracts a wide range of programmers, from students to professionals to hobbyists. Looking at data from 250 coders over multiple years, averaging 630 lines of code per author their code stylometry achieved 95% accuracy in identifying the author of anonymous code (PDF). Using a dataset with fewer programmers (30) but more lines of code per person (1,900), the identification accuracy rate reached 97%.

18 of 220 comments (clear)

  1. Can they do it with corporate code? by msobkow · · Score: 5, Interesting

    Can they do it with corporate code where there are naming and style standards in abundance, and code reviews to ensure those guidelines are followed?

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:Can they do it with corporate code? by Marginal+Coward · · Score: 4, Funny

      It seems like using the applicable features of the corporate version control system would be a lot easier - and possibly even better than 95% accurate.

    2. Re:Can they do it with corporate code? by grimmjeeper · · Score: 4, Informative

      You obviously haven't had to work in an environment where code has to be certified. I can tell you from first hand experience that coding in an RTCA DO-178B environment or similar has some pretty strict adherence to some very pedantic and strict coding requirements. You'll find this type of development in avionics systems (both civilian and military) as well as other industries like medical electronics where code safety is literally life-and-death.

      Outside of that type of environment, I do agree with you. You'd be lucky if even half of the developers have seen a company coding standard. You'd be hard pressed to find any developers who really adhere to it even when they know the document exists. But in those small niche markets, you'd be surprised at how strictly they adhere to arbitrary coding standards (whether they really impact code quality or safety or not).

    3. Re:Can they do it with corporate code? by jellomizer · · Score: 4, Interesting

      Perhaps not as well. If people are following the coding standards for the organization then the code for the most part looks far more similar.

      When I am working with a development team, I will tend to adjust my unique style to better match what everyone else is doing. Even if it means doing coding methods that I will normally disagree with.

      If the code tends to use a bunch of Goto's instead of Procedures or classes. I will use those GOTO not for my benefit, but for people who will maintain my code later on, so they won't have to change their mindset and debugging strategies to see what the program is doing to do future corrections.

      I will go full Object Oriented if the group of people that I am working with do their coding full OO.

      My personal style would be more procedural, than OO. Not due to lack of knowledge or not realizing OO advantages and disadvantages. But if I am to code on my own, I code in the way that My Mind handles the requirements, and how I feel would be easier for me to change and fix my code in the future.

      I think this method is best for ID based on personal code, vs group corporate code, where a lot of your particular style is hidden.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    4. Re:Can they do it with corporate code? by war4peace · · Score: 3, Insightful

      *raising hands slowly* Is there a problem, Coding Officer?

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  2. Up next, automatic intelligence rating... by TWX · · Score: 4, Funny

    ...based on the quality of that code...

    --
    Do not look into laser with remaining eye.
    1. Re:Up next, automatic intelligence rating... by halivar · · Score: 4, Funny

      goto blah;
      ^^ Idiot.

      // If you don't know why this is here, don't fuck with it.
      goto blah;
      ^^ Code guru.

    2. Re:Up next, automatic intelligence rating... by lgw · · Score: 4, Insightful

      For lack of mod points let me just say: beautiful!

      It's like this in any engineering discipline:
      * The apprentice doesn't do things by the book, for he thinks himself clever
      * The journeyman does everything by the book, for he has learned the world of pain the book prevents
      * The master goes beyond the book, for he understand why every rule is there and no longer needs the rules

      Or put another way - the apprentice thinks he knows everything, the journeyman known how little he knows, the master knows everything in the field, and still knows how little he knows.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  3. What about Bitcoin? by Anonymous Coward · · Score: 5, Funny

    Can we use this to find Satoshi?

  4. No Kidding by invid · · Score: 4, Insightful

    I can usually tell who wrote the code in the office by whether or not they put a space after their ifs: if(i == 0) vs if (i == 0); where they put their brackets, whether or not they replace their tabs with spaces, how they deal with bools: if (!var) vs if (var == false) and several other telling signs. There are so many combinations of variations no two programmers in the office (about 12 of us) have the same style.

    --
    The Moore-Murphy Law: The number of things that will go wrong will double every 2 years.
  5. Re:Demonstrates the need... by Anonymous Coward · · Score: 5, Insightful

    This is why people need to follow style guides, so that all source code is styled the same.

    There's a damn good chance 95% of coders are not criminals, nor would they care if someone identified their code.

    That said, this will become a legal nightmare is when this kind of profiling can be used to frame another coder.

    And with the laws wanting to treat any "hacker" as a potential terrorist these days, the consequences of even being accused can be rather severe to deal with.

  6. John Varley Press Enter by Crashmarik · · Score: 3, Informative

    1985 Hugo Winner

    Really, the fact that coding style is recognizable was so well known it made it into pop culture 30 years ago.

    Also, on the smaller sample size the program might just be recognizing the parts of the style that come from the corporate standards. It would be interesting to see if it could recognize code from people who all work at the same company.

  7. Re:Not my Frankencode... by Tablizer · · Score: 3, Funny

    ... a patchwork of open-source freebies.

    So, what's it like to work for FaceBook?

    --
    Table-ized A.I.
  8. Re:Welcome to the party by Virtucon · · Score: 4, Insightful

    It's all about style. Writing software is very creative and it needs to have the authors fingerprints on it somewhere. If corporations don't like that they can suck the source code into a parser and spit out perfectly mundane crap that loses the intonation and the thoughts the original developer had for it.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  9. Re:Demonstrates the need... by Impy+the+Impiuos+Imp · · Score: 5, Insightful

    You want scary? The same can be applied to general text on the Internet, tying posters on different sotes together, including anonymous (not your real name avatar) to a site with your real name.

    Which the NSA probably has churning away on its databases. Which probably does little more than add confirmation of said links from watching and recording all traffic to any and all of a billion IP addresses.

    And I, for one, welcome our new panopticon overlords who won't abuse it, not one of their thousand agents, because they're supposed to check a got-a-warrant box on a piece of paper before choosing to abuse it.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  10. Bad Coders Can't Be Identified by TrollstonButterbeans · · Score: 3, Interesting

    If your coding is terrible and very newbie like, they can't single you out since your code is similar to the ocean of other terrible coders.

    So if you are a paranoid freak, the best way to ensure your safety and keep the government off your back is to write terrible code.

    --
    Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
  11. Most programming isn't new code by jgotts · · Score: 3, Insightful

    Most programming isn't writing new code. Most programming is working on someone else's crap you inherited. Invariably, you're going to be using that person's style or else the result will look like garbage.

    There is also the problem that most non-trivial code is worked on by multiple people at the same time.

    Writing some code from scratch as an assignment is a very artificial exercise nowadays, unless you're in a classroom setting. Therefore, you're going to get a signature from a programmer doing atypical work.

  12. So you could use this tool to make your code anon. by Maxo-Texas · · Score: 4, Interesting

    Write a version of pretty-printer that rerenders your code into a different style.

    Have a lexicon of mipelled words for each "personality".

    Another lexicon of variable names.
    a vs inta vs int_a vs x.

    Refactoring and unfactoring for subroutines.

    Run the comments through google translate and back to english.
    ukrainian
    japanese
    chinese

    Synonym and antonym substitution in the comments.

    The mind dances at the possibilities to mess with this algorithm.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.