pith. sign in

arxiv: cs/0610105 · v2 · submitted 2006-10-18 · 💻 cs.CR · cs.DB

How To Break Anonymity of the Netflix Prize Dataset

Arvind Narayanan , Vitaly Shmatikov This is my paper
classification 💻 cs.CR cs.DB
keywords netflixdatasetmovieadversarybackgroundde-anonymizationindividualknowledge
0
0 comments X
read the original abstract

We present a new class of statistical de-anonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on. Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary's background knowledge. We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world's largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber's record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 4 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. On the (In-)Security of the Shuffling Defense in the Transformer Secure Inference

    cs.CR 2026-05 conditional novelty 6.0

    An attack aligns differently shuffled intermediate activations from secure Transformer inference queries to recover model weights with low error using roughly one dollar of queries.

  2. A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset

    cs.CR 2025-06 unverdicted novelty 6.0

    An empirical audit of one web-scraped ML training dataset reveals persistent PII after sanitization, which the authors combine with legal analysis to highlight privacy risks and advocate redefining 'publicly available...

  3. Inferring Sensitive Attributes from Knowledge Graph Embeddings: Attack and Defense Strategies

    cs.CR 2026-05 unverdicted novelty 4.0

    Attribute inference attacks succeed on KGE outputs and randomization-based sanitization offers partial mitigation at the cost of recommendation utility.

  4. Privacy Parameter Variation Using RAPPOR on a Malware Dataset

    cs.CR 2019-07 unverdicted novelty 2.0

    RAPPOR is applied with ε=10, 1.0, 0.1 (and a finer sweep 0.5-1.0) to filtered Android app datasets of 10k, 100k, and 1.2M records to examine privacy-utility effects.