Reply to post: No shit Sherlock.

No hack needed: Anonymisation beaten with a dash of SQL

Anonymous Coward
Anonymous Coward

No shit Sherlock.

A database full of fields that can be sorted, full of PII that's supposedly anonymized. Pick a field, sort it to show all the other records with that same PII. Oh look, you've just narrowed your potential suspects list from millions to perhaps a few thousand. Enough such sorting cycles on other fields, finding matching PII in all of them, further reduces the likelyhood of a false posative. Eventually you're left with nothing but records with all matching PII, which means you've just found all the records, supposedly anonymous records, pertaining to said subject. It might take you or I a few days to do such massive computational gruntwork, it will take a government (or government aided) supercomputer cluster a few minutes at most to do the same job. Thus your pseudo annonymous lie is exposed.

Using Rot13 as your "encryption" doesn't do you any favors either.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021