Yik Yak Is Not So Anonymous After All
- By Dian Schaffhauser
It wasn't enough that yakkers had to add personal handles and profiles starting last August. That made their posts less about saying whatever was on their mind in complete anonymity and more about finding and connecting with others in their current geographic locations. Now users of mobile app Yik Yak face the ignominy of being truly discoverable. At least that's what a research team at New York University's Tandon School of Engineering suggests in a new paper.
"You Can Yak but You Can't Hide: Localizing Anonymous Social Network Users," being presented at the upcoming ACM Internet Measurements Conference next month, describes how the research team was able to determine the geographical origin of a comment or "yak" and possibly even the person who made the post, thereby making the program susceptible to "localization attacks," putting the user at risk of being identified.
Keith Ross, a professor of computer science at Tandon and the dean of engineering and computer science at New York U's Shanghai campus, worked with students and colleagues in New York and at East China Normal University on the experiment, which used a "fairly simple machine learning algorithm" to localize yaks to within 300 feet. In one of the team's experiments, the localization effort could pinpoint which dorm was the source of the yak.
A yak only appears on devices in the vicinity of where the yak was sent. So the researchers applied a "common technique" to trick the GPS in a smartphone into believing it was on those campuses. The team tested their technique on two college campuses in the United States using their own devices and posts.
As the research paper pointed out, "If an attacker can determine the physical location from where an anonymous message was sent, then the attacker can potentially use side information (for example, knowledge of who lives at the location) to de-anonymize the sender of the message."
"The integrity of user anonymity is central to Yik Yak and similar anonymous social media apps, and this research shows that it's possible for a third party to compromise it," Ross said in a press release.
For example, if a student posted a disparaging remark about a fellow student or a faculty member, "it wouldn't be difficult" for the victim of the insult to figure out where the offensive commentary was posted from and then pinpoint the probable yakker from there.
The team informed the makers of Yik Yak about their discovery and even recommended several privacy enhancements. For example, the developer could redefine what's local by using "fixed and static display regions, where each region might cover a college campus, a small city or a district in a large city."
Dian Schaffhauser is a senior contributing editor for 1105 Media's education publications THE Journal and Campus Technology. She can be reached at firstname.lastname@example.org or on Twitter @schaffhauser.