IMPORTANCE This work was performed to advance patient care by protecting patient anonymity. OBJECTIVES This study aimed to analyze the current practices used in patient facial photograph deidentification and set forth standardized guidelines for improving patient autonomy that are congruent with medical ethics and Health Insurance Portability and Accountability Act. DESIGN The anonymization...

Advances in technology have made it possible to collect data about individuals and the connections between them, such as email correspondence and friendships. Agencies and researchers who have collected such social network data often have a compelling interest in allowing others to analyze the data. However, in many cases the data describes relationships that are private (e.g., email correspond...

Introduction We address the problem of learning presence models of nodes in anonymized graphs. Specifically given two graphs, a “known” graph G1 and an anonymized graph G2, we want to learn a classification model that predicts the presence of nodes in G2. Solving this problem does not require solving the nodecorrespondence problem across graphs. All that it requires is the computation of the pr...

When a database owner needs to disclose her data, she can k-anonymize her data to protect the involved individuals’ privacy. However, if the data is distributed between two owners, then it is an open question whether the two owners can jointly k-anonymize the union of their data, such that the information suppressed in one owner’s data is not revealed to the other owner. In this paper, we study...

Social routing protocols are typically used to transfer messages among users and services in mobile opportunistic networks. Adaptive mechanisms are needed for achieving user anonymization and providing sufficient level of user anonymity due to the constant changes in underlying topology, mobility patterns and density of users and their queries. This paper describes a novel flexible and adaptive...

There are currently two approaches to anonymization: “utility first” (use an anonymization method with suitable utility features, then empirically evaluate the disclosure risk and, if necessary, reduce the risk by possibly sacrificing some utility) or “privacy first” (enforce a target privacy level via a privacy model, e.g., k-anonymity or ε-differential privacy, without regard to utility). To ...

Computer network researchers, system engineers and network operators have an increasing need for network traces. These are necessary to build and evaluate communication systems. This ranges from developing intrusion detection systems over evaluating network protocols or system design decisions, up to education in network security. Unfortunately, availability of realworld traces is very scarce, ...

Accurate network measurement through trace collection is critical for advancing network design and for maintaining secure, reliable networks. Unfortunately, the release of network traces to analysts is highly constrained by privacy concerns. Several host anonymization schemes have been proposed to address this issue. Preservation of prefix relationships among anonymized addresses is an importan...

De Montjoye et al. (Reports, 30 January 2015, p. 536) claimed that most individuals can be reidentified from a deidentified transaction database and that anonymization mechanisms are not effective against reidentification. We demonstrate that anonymization can be performed by techniques well established in the literature.

In this chapter, we survey the literature on privacy in social networks. We focus both on online social networks and online af liation networks. We formally de ne the possible privacy breaches and describe the privacy attacks that have been studied. We present de nitions of privacy in the context of anonymization together with existing anonymization techniques.