AI has made it vastly easier for malicious hackers to identify anonymous social media accounts, a new study has warned.<\/p>\n
In most test scenarios, large language models (LLMs) \u2013 the technology behind platforms such as ChatGPT<\/a> \u2013 successfully matched anonymous online users with their actual identities on other platforms, based on the information they posted.<\/p>\n The AI researchers Simon Lermen and Daniel Paleka said LLMs make it cost effective to perform sophisticated privacy attacks, forcing a \u201cfundamental reassessment of what can be considered private online\u201d.<\/p>\n In their experiment, the researchers fed anonymous accounts into an AI, and got it to scrape all the information it could. They gave a hypothetical example of a user talking about struggling at school, and walking their dog Biscuit through a \u201cDolores park\u201d.<\/p>\n In that hypothetical case, the AI then searched elsewhere for those details and matched @anon_user42 to the known identity with a high degree of confidence.<\/p>\n While this example was fictional, the paper\u2019s authors highlighted scenarios in which governments use AI to surveil dissidents and activists posting anonymously, or hackers are able to launch \u201chighly personalised\u201d scams.<\/p>\n AI surveillance is a rapidly developing field that is causing alarm among computer scientists and privacy experts. It uses LLMs to synthesise information about an individual online which would be impractical for most people to do manually.<\/p>\n Information about members of the public that is readily available online can already be \u201cmisused straightforwardly\u201d for scams, said Lermen, including spear-phishing, where a hacker poses as a trusted friend to get victims to follow a malicious link in their inbox.<\/p>\n With the expertise requirement to perform more developed attacks now much lower, hackers only need access to publicly available language models and an internet connection.<\/p>\n Peter Bentley, a professor of computer science at UCL, said there were concerns about commercial uses of the technology \u201cif and when products come out for de-anonymising\u201d.<\/p>\n One issue is that LLMs often make mistakes in linking accounts. \u201cPeople are going to be accused of things they haven\u2019t done,\u201d warned Bentley.<\/p>\n Another concern, raised by Prof Marc Ju\u00e1rez, a cybersecurity lecturer at the University of Edinburgh, is that LLMs can use public data beyond social media: hospital records, admissions data, and various other statistical releases could fall short of the high standard of anonymisation necessary in the age of AI.<\/p>\n \u201cIt is quite alarming. I think this paper is showing that we should reconsider our practices,\u201d said Juarez.<\/p>\n AI is not a magic weapon against anonymity online. While LLMs can de-anonymise records in many situations, sometimes there is not enough information to draw conclusions. In many cases, the number of potential matches is too large to narrow down.<\/p>\n \u201cThey can only link across platforms where someone consistently shares the same bits of information in both places,\u201d said Prof Marti Hearst of UC Berkeley\u2019s school of information.<\/p>\n While the technology is not perfect, scientists are now asking institutions and individuals to rethink how they anonymise data in the world of AI.<\/p>\n Lermen has recommended that platforms restrict data access as a first step: enforcing rate limits on user data downloads, detecting automated scraping, and restricting bulk exports of data. But he also noted that individual users can take greater precautions about the information they share online.<\/p>\n Get in touch<\/p>\n Contact us about this story<\/p>\n The best public interest journalism relies on first-hand accounts from people in the know. If you have something to share on this subject, you can contact us confidentially using the following methods:<\/p>\n Secure Messaging in the Guardian app<\/p>\n The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said.<\/p>\n If you don\u2019t already have the Guardian app, download it (iOS<\/a>\/Android<\/a>) and go to the menu. Select \u2018Secure Messaging\u2019. <\/p>\n SecureDropIf you can safely use the tor network without being observed or monitored you can send messages and documents to the Guardian via our SecureDrop platform.<\/a><\/p>\n