Companies often tell you that sharing your data is safe because they “anonymize” it by first removing or obfuscating your personal information. However, this depersonalization leads to only partial anonymity, as companies still usually store and share your data grouped together. This data group can be analyzed, and in many cases, then linked back to you, individually, based on its contents.
Deanonymizing data has been studied for a long time. In 1990, Carnegie Mellon University researcher Latanya Sweeny showed that with just a list of gender, date of birth, and five digit zip code, you can uniquely identify, thereby deanonymizing, 87% of Americans!
Data deanonymization of this nature has taken place time and time again when companies release so-called “anonymized data,” even with really good intentions such as for research purposes. For example, even though every effort was taken to anonymize data, people were still deanonymized through Netflix recommendations and AOL search histories.
Now imagine what happens when companies don’t even make that effort when sharing your anonymized data. It’s like trying to win a game of hide-and-seek like this:
The only truly anonymized data is no data. That’s why at DuckDuckGo we throw out your personal information every time you search, making sure we don’t store anything that could be tied together to identify you. We protect your search history from everyone — even us!