April 2012

Are pseudonyms "anonymous"?

Let's continue our discussion of "anonymous" data by talking about pseudonyms.

A pseudonym is any kind of identifier, other than a name, that is associated with a person or (what often amounts to the same thing) a device.  Pseudonyms are very common.   Examples include the random ID value in a tracking cookie; a device ID such as a WiFi MAC address or a phone's UDID; a synthetic identifier such as an "OpenUDID"; a mobile phone number; or a Twitter handle.

Does Hashing Make Data “Anonymous”?

One of the most misunderstood topics in privacy is what it means to provide “anonymous” access to data.  One often hears references to “hashing” as a way of rendering data anonymous.   As it turns out, hashing is vastly overrated as an “anonymization” technique.   In this post, I’ll talk about what hashing is, and why it often fails to provide effective anonymity.

Transparency as a user experience problem

One of the top-level recommendations of the FTC privacy report was greater transparency about the data practices of companies and technologies.   The report pointed to mobile apps as especially needing better transparency.   Indeed, a previous FTC staff report on mobile apps for kids found that hardly any of the apps that were studied offered full privacy disclosures.