Companies often tell you that sharing your data is safe because they “anonymize” it by first removing or obfuscating your personal information. However, this depersonalization leads to only partial anonymity, as companies still usually store and share your data grouped together. This data group can be analyzed, and in many cases, then linked back to you, individually, based on its contents.
Deanonymizing data has been studied for a long time. In 1990, Carnegie Mellon University researcher Latanya Sweeny showed that with just a list of gender, date of birth, and five digit zip code, you can uniquely identify, thereby deanonymizing, 87% of Americans!
Data deanonymization of this nature has taken place time and time again when companies release so-called “anonymized data,” even with really good intentions such as for research purposes. For example, even though every effort was taken to anonymize data, people were still deanonymized through Netflix recommendations and AOL search histories.
Now imagine what happens when companies don’t even make that effort when sharing your anonymized data. It’s like trying to win a game of hide-and-seek like this:
The only truly anonymized data is no data, so when asked to check
boxes to share data "anonymously" — don’t. Oftentimes you can be re-
identified. That’s why at DuckDuckGo we don’t save your query with your IP address or any unique identifiers that could tie your searches together into a search history. That way we protect your search history even from us!