Yik Yak Users Not So Anonymous After All

It wasn't enough that yakkers had to add personal handles and profiles starting last August. That made their posts less about saying whatever was on their mind in complete anonymity and more about finding and connecting with others in their current geographic locations. Now users of mobile app Yik Yak face the ignominy of being truly discoverable. At least that's what a research team at New York University's Tandon School of Engineering suggests in a new paper.

"You Can Yak but You Can't Hide: Localizing Anonymous Social Network Users," being presented at the upcoming ACM Internet Measurements Conference next month, describes how the research team was able to determine the geographical origin of a comment or "yak" and possibly even the person who made the post, thereby making the program susceptible to "localization attacks," putting the user at risk of being identified.

Keith Ross, a professor of computer science at Tandon and the dean of engineering and computer science at New York U's Shanghai campus, worked with students and colleagues in New York and at East China Normal University on the experiment, which used a "fairly simple machine learning algorithm" to localize yaks to within 300 feet. In one of the team's experiments, the localization effort could pinpoint which college dorm was the source of the yak.

A yak only appears on devices in the vicinity of where the yak was sent. So the researchers applied a "common technique" to trick the GPS in a smartphone into believing it was on those campuses. The team tested their technique on two college campuses in the United States using their own devices and posts.

As the research paper pointed out, "If an attacker can determine the physical location from where an anonymous message was sent, then the attacker can potentially use side information (for example, knowledge of who lives at the location) to de-anonymize the sender of the message."

"The integrity of user anonymity is central to Yik Yak and similar anonymous social media apps, and this research shows that it's possible for a third party to compromise it," Ross said in a press release.

For example, if a student posted a disparaging remark about a fellow student or a faculty member, "it wouldn't be difficult" for the victim of the insult to figure out where the offensive commentary was posted from and then pinpoint the probable yakker from there.

The team informed the makers of Yik Yak about their discovery and even recommended several privacy enhancements. For example, the developer could redefine what's local by using "fixed and static display regions, where each region might cover a college campus, a small city or a district in a large city."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • sleek fishing hook with a translucent email icon hanging from it

    Report Identifies Rise in Phishing-as-a-Service Attacks

    Cybersecurity researchers at Trustwave are warning about a surge in malicious e-mail campaigns leveraging Rockstar 2FA, a phishing-as-a-service (PhaaS) toolkit designed to steal Microsoft 365 credentials.

  •  abstract design with shapes resembling open books and knowledge pathways, intertwined with circuit-like patterns

    New AAC&U Institute to Explore Challenges and Opportunities of AI in Teaching and Learning

    The American Association of Colleges and Universities (AAC&U) a new Institute on AI, Pedagogy, and the Curriculum designed to "help departments, programs, colleges, and universities respond effectively to the challenges and opportunities artificial intelligence (AI) presents for courses and curricula."

  • stylized illustration of a global AI treaty signing, featuring diverse human figures seated around a round table

    World Leaders Sign First Global AI Treaty

    The United States, the United Kingdom, the European Union, and several other countries have signed "The Framework Convention on Artificial Intelligence, Human Rights, Democracy, and the Rule of Law," the world's first legally binding treaty aimed at regulating the use of artificial intelligence (AI).

  • MathGPT

    MathGPT AI Tutor Now Out of Beta

    Ed tech provider GotIt! Education has announced the general availability of MathGPT, an AI tutor and teaching assistant for foundational math support.