If you assume your online pseudonym keeps your identity safe, you might want to reconsider what you post. Researchers from ETH Zurich and Anthropic have demonstrated that off-the-shelf AI models can identify pseudonymous users in minutes. As reported by The Decoder, this automated process costs as little as one to four dollars per profile.
How the attack works
The researchers didn’t create a new super-intelligence, they simply automated the workflow of a human private investigator. The team built a four-stage pipeline to process unstructured text found in forum posts and comments:
- Profiling: An LLM reads a user’s post history to extract “micro-data”: details about location, profession, hobbies, and writing style.
- Search: An autonomous agent scans the web for real-world profiles that match these extracted attributes.
- Matching: The system compares the anonymous profile against the search results.
- Verification: A more powerful model reviews the top candidate to confirm the identity or decline the match if confidence is low.
This approach differs significantly from previous de-anonymization methods, which relied on structured data like timestamps or ratings. This new method works directly with the messy, natural language humans use every day.
The results
The effectiveness of this method is high, significantly outperforming traditional techniques. The study highlighted several key benchmarks:
- Hacker News: The AI correctly identified about two-thirds of 338 profiles, even after direct identifiers like names were removed.
- LinkedIn Matching: When matching Hacker News accounts to LinkedIn profiles, the pipeline achieved 99% accuracy on identified users. Traditional methods only managed 0.1%.
- Reddit: By analyzing discussion patterns in movie communities, the AI successfully linked users across different subreddits based on shared interests.
Why this matters
The key insight here isn’t that AI is better than a human analyst, it’s that it changes the economics of surveillance. What takes a human hours to piece together, the model finishes in minutes. This scalability means that de-anonymization is no longer limited to high-value targets.
This shifts the threat landscape dramatically. State actors could automate the unmasking of dissidents, corporations could link anonymous complaints to specific customer files, and criminals could launch highly personalized fraud campaigns at scale.
Limitations and defense
The researchers paint a difficult picture for defense. Because the attack relies on standard operations like summarizing, searching, and sorting, it is nearly impossible to distinguish from legitimate web traffic. While major model providers like OpenAI and Anthropic have safety filters that may refuse direct de-anonymization requests, the underlying capabilities remain accessible.
The takeaway for anyone posting online is simple: anonymity is fragile. The researchers note that the probability of being identified rises with every piece of information you share, no matter how trivial it seems in isolation. You can read more about the study at The Decoder.