Sunday, September 20, 2015

New Crypto Tool Makes Anonymous Surveys Truly Anonymous

This article discusses an issue in the realm of online surveys in that they are more than not cryptographically anonymous. A professor at Cornell Universtiy, Rafael Pass, was asked by one of his students if the surveys were truly anonymous, to which he had to respond that “the data is there”[1] if anyone wanted to find out who responded to the survey and how. In reaction to this, Pass created a cryptographically anonymous survey system called Anonize which, unlike other online surveys, does not require a unique identifier (like and email address) and is now being used at Cornell and eventually University of Virginia.

The first point worth noting is that Anonize, unlike Survey Monkey, does not collect enough individual data for the responses to be traced back to the user. They do this by assigning each user an individual key when they download the app that the instructor can then see as an authorized respondent. This key then changes per survey so they can’t be matched on other email lists. The second notable point is that while this is all technologically sound and anonymous, if anyone were able to get their hands on a responders phone they could matched their key to the responses. This point is important because, while very difficult, it is still possible to find out how a participant responded. Third and finally, the article emphasizes a warning from Pass and the other developers of the app that seemingly private data doesn’t stay private for long. He references the data breaches to companies Ashley Madison in which hackers gained access “30 gigabytes of company and customer data”[2] and a similar breach to their severs at Cornell.

This article could have went into more depth as to how a system like this could not only benefit a school in the way their students respond to surveys, but as to how this software could be used to benefit companies that may be prone to security breaches in the future. Another point that was over-looked was the argument that Survey Monkey is not as secure as Pass claims it is. I would have liked to seen an explanation as to how a hacker (or instructor) would be able to trace the data back to its source.

[1] had to blindly trust that the university wouldn’t access their identifying information. “The data is there,” Pass says he admitted.”

[2] a siTE that touted itself as the premier cheating site for married people seeking partners for infidelity, Ashley Madison was relatively unknown until hackers broke into its servers and released more than 30 gigabytes of customer and company data this week, propelling it into the spotlight.”

1 comment:

  1. I think another important aspect of this new crypto app will be its usage outside of just anonymous surveys. Most anonymous apps, such as YikYak or WhatsGoodly, will also start to implement this technology into the own apps because of the anonymity that is offered. College kids are mainly the users of the two examples above, but with a bit of work, someone could figure out from where posts and comments are being sent from and possibly locate the exact person. Another example could be fitness apps wanting to keep their customers data secure and anonymous.


Note: Only a member of this blog may post a comment.