SAN FRANCISCO — People using fake names on Twitter, Instagram, Foursquare, or Tinder in the hope these accounts can't be traced back to them are in for a surprise, according to a new report from Columbia University and Google that found that geotagged posts on just two social media apps was enough to link various accounts held by the same person.
“Creating separate identities online could be an illusion,” study author Augustin Chaintreau, a computer science professor at Columbia and a member of the Data Science Institute, told BuzzFeed News. “Your metadata points back to a single user… just your location data could make you recognizable across all your various accounts.”
Their findings show that digital traces, or metadata, left in the apps by most people are so distinctive that most people could be identified from just a few data points within a single data set. Leaving on geotagging, which many people do to provide locations on Instagram photos and tweets, was just one example of the trail left behind that could be used to connect that anonymous Bieber fan Twitter account to your personal LinkedIn account.
“For example, on LinkedIn you are likely to use your real name … but maybe you are also using Tinder or some or other application which you would not want linked back to your real name," said Chaintreau. "Using the data in what you have posted, those accounts could be linked, even if in one of them — say Tinder— you believed you were operating in ghost mode."
The joint Columbia-Google team developed an algorithm that compared geotagged posts on various platforms — including Twitter, Instagram, and Foursquare — and then suggested which accounts were held by the same person. The algorithm calculated the probability that one person posting at a certain place and time could also be posting in a different app, set to another location and time. Chaintreau said that his team also worked with a separate data set that used the algorithm to identify shoppers by matching anonymous credit card purchases against logs of mobile phones pinging the nearest cell tower. The report found, for instance, that even if a credit card is used on average once every three days, a few monthly bills suffice to link shoppers to anonymized logs of their mobile phones.
The dangers of geotagging posts has already been well documented. In 2010, a report by the International Computer Science Institute (ICSI) showed it was possible to get the home addresses of people who had posted photos in ads on Craigslist, despite those people having opted to keep their addresses hidden in their postings, by using the geotagging data on photos that many digital cameras and smartphones automatically include. Even with geotagging turned off, in 2014 IBM created an algorithm that predicts a Twitter user's location with 58% accuracy.
“You would imagine that people would be better informed,” said Chaintreau. “But it is hard for anyone to know the consequence of sharing information online.”
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.