De-anonymising ‘secret’ chat app not that hard, really
A little machine learning can de-anonymise Yik Yak users, according to researchers from American and Chinese universities.
Yik Yak is an anonymous messaging app that raised US$70 million, acts like a location-aware Twitter and has become a preferred tool of trolls on US College campuses.
The researchers didn’t attack the Yik Yak protocol. Rather, they applied themselves to the question of localising the users to messages they sent.
From the paper’s abstract:
“We show that we can accurately predict the locations of messages up to a small average error of 106 meters. We also devise an experiment where each message emanates from one of nine dorm colleges on the University of California Santa Cruz campus. We are able to determine the correct dorm college that generated each message 100% of the time.”
In this New York University Tandon School of Engineering release, computer science boffin Keith Ross explains: “At this stage, we can narrow down a location to a building, which when combined with other side information could potentially de-anonymise the author of any given yak.”
The researchers spoofed GPS locations in smartphones to deploy Yik Yak in a couple of university campuses for the test, and then did the same to their own smartphones, to “place” them in different locations in the campuses.
Because Yaks are localised to smartphones in the vicinity of where they’re posted, the researchers found it easy to work out which messages were available in different locations, and use that to train their AI to work out which dormitories might be associated with the postings.
As Ross put it: “It wouldn’t be difficult for a professor to figure out the dorm from which a derogatory yak was posted, then couple this information with student housing information to de-anonymise the yak, and that’s concerning.”
Yik Yak has been advised of the issue, and the researchers have suggested that what users can view be less localised. ®