Slashdot Mirror
'Anonymized' Credit Card Data Not So Anonymous, MIT Study Shows
schwit1 writes Scientists showed they can identify you with more than 90 percent accuracy by looking at just four purchases, three if the price is included — and this is after companies "anonymized" the transaction records, saying they wiped away names and other personal details. The study out of MIT, published Thursday in the journal Science, examined three months of credit card records for 1.1 million people. "We are showing that the privacy we are told that we have isn't real," study co-author Alex "Sandy" Pentland of the Massachusetts Institute of Technology, said in an email.
Where is the link to the actual study?
Staff Sergeant Obvious reporting for duty.
...using a fingerprint database to show that cash isn't anonymous.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
Could it be that men tend to shop a lot less than women!?
Men are either more likely to buy what everyone else is buying, or more likely to buy based on logic and not emotion. Or both.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The article says it can identify someone in as few as 3 transactions.
But they aren't really identifying them, they are just showing that no other person hit the same exact set of shops.
Well, they also mention that they get a datestamp with the transaction so assuming that datestamp has minutes
or seconds then it should only take 1 transaction or 2 at the most. That being said, you really haven't identified
this person as you don't know who they are in the real world just that they have a unique shopping pattern as
everyone does.
If you don't count my student loans, I'm well off and have plenty of money.
Of course, "Outside of the killings, DC has one of the lowest crime rates in the country"--Marion S. Barry Jr., 1989
I always thought it was anonymized through aggregation.
Aggregation is not very useful. Much more useful is being able to look for relationships between purchases by the same user. Years ago department stores would have an "accessories" section. Then Wal-Mart crunched their data, and figured out that people don't shop for accessories randomly. They buy a belt when they are buying pants. They buy a necktie when they are buying shirts. So today, the belts are placed by the pants, and the neckties are placed by the shirts. This seems kind of obvious in hindsight, but it took data analysis to make it happen.
If a woman stops buying condoms and starts buying vitamin supplements, that means you should showing her popup ads for maternity clothes. Nine months later, you can show her a different brand of condom, with ads than emphasize reliability.
As one who hot tired of high fees, I dropped the use of credit/debit cards. I used a gift card for an online purchase. Nothing annon about it. Has my name and address on the order.
Its less about the order itself, more about credit card companies selling the data to advertisers and other dodgy organisations. They claim the data is anonymised (which means they remove names from the orders) but its trivial to de-anonymise the data.
This is one of the reasons I use cash for most purchases.
Calling someone a "hater" only means you can not rationally rebut their argument.
Best guess?
The number of women buying unique items (i.e.: that one purse that's so cute) is 4-5 points higher then the number of men doing the same thing, which would mean a given data point is 4-5% more effective if the shopper is female.
I don't know about you, but I think it's pretty fair to say that a record without any information directly identifying the subject is "anonymous".
The ability to complete an analysis of multiple records and data sources thereby reasonable guess (90% accuracy) of who the subject might be is insufficient to remove the title of anonymous.
It has no fees you know about... And banks want to keep it that way. When you pay for something by credit card, the merchant pays 3% or more for accepting the card. This means they have to pass the cost onto you in the form of higher prices.
You didn't think the bank gave you free money did you?
Its Machiavellian in its brilliance, you're robbing yourself of 3% in order to give yourself 1% and you're so enamoured with it, you're trying to do this as much as possible.
Calling someone a "hater" only means you can not rationally rebut their argument.
When you pay for something by credit card, the merchant pays 3% or more for accepting the card. This means they have to pass the cost onto you in the form of higher prices.
Yes. But if they're like most merchants in the world (with the exception of some gas stations and a random shop here and there), they pass that cost onto YOU too, even if you don't use a credit card.
Its Machiavellian in its brilliance, you're robbing yourself of 3% in order to give yourself 1% and you're so enamoured with it, you're trying to do this as much as possible.
Umm, well again if it's like most merchants in the world, you and I pay the same price if I pay by credit card and you pay by cash.
The difference is that they're "robbing" 2% from me, while they rob 3% from you.
Thus, I win if I use the card in the current system.
Convince more merchants to offer cash discounts or convince so many people to stop using cards that most merchants want to charge a fee. Then we can talk about how people are stupid for using credit cards to get rewards. Until you do so, refusing to use a card is just letting the card companies take MORE money from you.
Actually, many businesses had a credit surcharge for a while. Then the credit cards added a no surcharge clause to the merchant contracts. So they hiked their prices and offered a cash discount. Then the credit cards added a no cash discount clause.
Yes, services cost money. That's no excuse for hiding how much it costs and forcing it to be paid for by people not using the service (for example, everyone that pays cash).
Many merchants prefer cash because cash can't be charged back after the fact. For example, if the card turns out to be stolen but not yet reported or the customer files a false claim.
They did NOT show that, from 3-4 transactions, they could provide your name, address and phone number, or even that if you have 3-4 transactions in a million transaction anonymized data set they can find out anything about you personally *unless they know you first*.
What they did is show that if they know that you, personally, had 3 to 4 types of transactions on specific dates (you went to a grocery store and a gas station today, and a restaurant yesterday), they could identify which anonymized data set you belong to. Their discovery requires specific outside knowledge not contained in the data.
This only matters if, say, a third party could identify specific purchases and dates - they could then comb the records and find the rest of your transactions on that specific card. IOW, someone has to be looking for you, and know at least something about you, to even start the search.
Is it just my observation, or are there way too many stupid people in the world?
Of course it's not bloody real.
For us to believe this data has been 'anonymized', we have to assume that a) the company is qualified to do what is required to anonymize the data, b) that they actually give a shit, and c) that they bear any penalty if they do a terrible job.
Entrusting these companies with this data in the first place is the problem. Allowing them to share it all over the place for profit and with no restriction is a terrible idea.
This is precisely why sane countries have data protection and privacy laws -- because corporations are greedy, self serving entities, who won't give a crap if the collateral damage of their stuff is to damage the privacy of everybody they deal with.
And this is precisely why all of those analytics companies in web pages are just parasites and not to be trusted.
Lost at C:>. Found at C.