Category
Research
Findings from our internal red-teaming and privacy research — attack classes, design rules, and the data behind them.
2026-06-10 De-anonymizing the “anonymous”: how location aggregates leak identity, and how to design ones that don't Aggregated location stats feel safe — “31 people in this area this week” names nobody. Our internal red-teaming shows how cell size, update cadence, and cross-time correlation can still single out individuals, especially in low-density regions. We walk through the attack classes, then derive concrete design rules: minimum cohort thresholds, net-delta updates, and why suppression must fail closed. Research 2026-05-14 Why k-anonymity is a floor, not a feature “Each user is indistinguishable from k−1 others” sounds like a guarantee. It is a starting assumption — and treating it as a finished privacy property is how anonymized datasets keep getting de-anonymized. The primer we wish every product spec linked to. Research