Sites Inria

Version française


Inria - 22/04/2011

Anonymity on the web: telltale usernames

Anonymity on the web Anonymity on the web - © Tyler Olson -

Choosing a username can have an impact on the spam that fills up our inboxes. This is suggested in an article published in an MIT journal that demonstrates, for the first time, how a username alone can provide information about its owner. Daniele Perito, an Italian PhD student in the Planete project team, contributed to this study and has developed a tool to test usernames.

You have demonstrated that usernames can serve to track web users. How does that work?

Daniele Perito: When we browse the web we use services like social networks, blogs or online shopping sites. In order to access almost all of these sites, we need to create a member account and choose a username, a name that is unique on the website and that allows us to communicate with other members.
 We have demonstrated (by studying more than 10 million usernames on the web) that people tend to select the same username, or very similar ones, for use on the sites they consult. This means that it is easy to make the connection between these different usernames and recognise that they belong to the same individual. Thus, if you buy something on EBay, since your purchase is public, it is associated with your username and a link can be made to your email address. This information can then be used by marketing professionals to send you targeted messages based on your tastes. One important point we have illustrated is that this kind of “profiling”, based on usernames, is even easier if the username is rarely used on the web, since it corresponds to a smaller number of people.

You have created a tool that enables people to test how unique their username is. Is this something we should systematically be concerned with?

Daniele Perito:  Users should not have to change their habits. The results we have obtained point to failings in protecting privacy in terms of the use of usernames on the web. Service providers are the ones who should change their applications to prevent spammers from exploiting usernames to profile website users. However, if you do not want to be identified, for example to protect your personal medical records, it is advisable to select a username that is radically different from the other ones you may use.

Why are you so enthusiastic about protecting privacy?

Daniele Perito:  Over the next few years, tension will grow between the possibilities offered by new technologies and their possible implications for privacy. I would like to find an intermediate solution that works for everyone. It is a highly stimulating research theme and I am delighted to have the opportunity to work on it with the Planete team. I really appreciate working at Inria, which offers a great deal of freedom in the choice of research work.

What do your usernames say about you?

The Planete research team has developed a tool that allows you to determine whether the usernames you use on the web can serve to track you or even discover your true identity.

This tool estimates how frequently a username pops up on the web by calculating its entropy: the stronger the entropy, the rarer the username. As this is a complicated calculation, researchers break down the name into several parts, calculating the probability of each part and then combining the results to obtain the probability of the entire name occurring.

Keywords: Data protection Username Privacy