Yik Yak Users Not So Anonymous After All

It wasn't enough that yakkers had to add personal handles and profiles starting last August. That made their posts less about saying whatever was on their mind in complete anonymity and more about finding and connecting with others in their current geographic locations. Now users of mobile app Yik Yak face the ignominy of being truly discoverable. At least that's what a research team at New York University's Tandon School of Engineering suggests in a new paper.

"You Can Yak but You Can't Hide: Localizing Anonymous Social Network Users," being presented at the upcoming ACM Internet Measurements Conference next month, describes how the research team was able to determine the geographical origin of a comment or "yak" and possibly even the person who made the post, thereby making the program susceptible to "localization attacks," putting the user at risk of being identified.

Keith Ross, a professor of computer science at Tandon and the dean of engineering and computer science at New York U's Shanghai campus, worked with students and colleagues in New York and at East China Normal University on the experiment, which used a "fairly simple machine learning algorithm" to localize yaks to within 300 feet. In one of the team's experiments, the localization effort could pinpoint which college dorm was the source of the yak.

A yak only appears on devices in the vicinity of where the yak was sent. So the researchers applied a "common technique" to trick the GPS in a smartphone into believing it was on those campuses. The team tested their technique on two college campuses in the United States using their own devices and posts.

As the research paper pointed out, "If an attacker can determine the physical location from where an anonymous message was sent, then the attacker can potentially use side information (for example, knowledge of who lives at the location) to de-anonymize the sender of the message."

"The integrity of user anonymity is central to Yik Yak and similar anonymous social media apps, and this research shows that it's possible for a third party to compromise it," Ross said in a press release.

For example, if a student posted a disparaging remark about a fellow student or a faculty member, "it wouldn't be difficult" for the victim of the insult to figure out where the offensive commentary was posted from and then pinpoint the probable yakker from there.

The team informed the makers of Yik Yak about their discovery and even recommended several privacy enhancements. For example, the developer could redefine what's local by using "fixed and static display regions, where each region might cover a college campus, a small city or a district in a large city."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • school building connected by lines to symbols of AI, data charts, and a funding document with a dollar sign

    ED Issues Guidance on the Use of Federal Grant Funds to Support Learner Outcomes with AI

    In response to President Trump's April 23 Executive Order on advancing AI education, the United States Department of Education has issued new guidance on how K-12 and higher education institutions may use federal grant funds "to support improved outcomes for learners through the responsible integration of artificial intelligence."

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • teenager’s study desk with a laptop displaying an AI symbol, surrounded by books, headphones, a notebook, and a cup of colorful pencils

    Survey: Student AI Use on the Rise

    Ninety-three percent of students across the United States have used AI at least once or twice for school-related purposes, according to the latest AI in Education report from Microsoft.

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.