I too have some concerns about Netflix releasing information that is supposedly anonymous without consent. But your failed to back your premise, and I believe it is a faulty premise anyway.
The UT study found that given a subset of someone's ratings (say off imdb), you could positively identify that person in a larger set of their ratings, mixed in with other people's ratings (the Netflix prize). Neither Netflix or imdb releases enough information to find someone, unless that "hiding" person was dumb enough to release identifiable information in their imdb ratings. The only other exploit is if you had someone internal to Netflix. In either case, it is irrelevant within the context of them releasing "anonymous" data for the contest.
The more plausible and possible scenario is someone rated some tame movies on imdb, and later an investigator fishing for extortion material matched that data with the anonymous Netflix ratings containing ratings of porn, racist propaganda, or other sensitive and controversial matters from that same person.
I use Netflix. I like it a lot.
Then again, I don’t care much about my personal privacy. I blog under my own name, which is unique to me. I reveal personal details in my blog. I’ve even pictured my own home.
It’s something I was taught in journalism school — try to live as though your every action were public record.
But if your privacy means more to you than mine does to me, perhaps you should be concerned.
Netflix released a ton of data on its users in order to run a Netflix Prize contest, which yesterday delivered $1 million to a team of AT&T researchers who improved its movie recommendation engine by 10%.
A second contest is reportedly in the works.
The problem is with the data used for the contest. As Arvind Narayanan and Vitaly Shmatikov of the University of Texas found in 2007, it’s not that anonymous. If I know just your sex, zip code and birth date I can identify you with 87% accuracy. This process of de-anonymization turns out to be surprisingly easy.
The UT researchers were able to match Internet Movie Database users against Netflix records with near absolute accuracy. Thus, Paul Ohm writes at Freedom to Tinker:
Netflix needs to understand the concept of “information entropy”: even if it is not revealing information tied to a single person, it is revealing information tied to so few that we should consider this a privacy breach.
Even if the motives of Netflix are pure as the driven snow, Ohm adds, they should cancel Netflix Prize II, because the data they’re releasing could be used to find people who have a desire not to be found.
If a woman runs from her husband, and the husband calls an information broker, and that broker uses the Netflix Dataset to find where that woman has moved to, leading to a murder, Netflix won’t get a second warning.
Of course all this shows just how dangerous the “anonymous” data we are giving away routinely can be. I have no problem with such data, in the hands of Google or Netflix or any other reputable business.
I just want it sealed, protected just as personal data is, and used only for the purposes those who obtained it say they will put it toward.
Like, should I rent Knocked Up?
