What it is
An inference attack is when someone pieces together harmless-looking data to figure out sensitive information. No single detail gives it away, but combined facts - dates, locations, habits - can reveal things like your identity, health status, or company secrets.
Why it matters
You can leak risk without leaking a secret. Public posts, anonymized reports, or app metadata can be correlated to expose private details you never meant to share.
How it works - quick tour
-
Linkage: combine datasets that share a field in common.
-
Triangulation: use time, place, and behavior to narrow to one person.
-
Pattern mining: spot routines that reveal roles, projects, or health.
-
Re-identification: match “anonymous” records with public breadcrumbs.
Everyday examples
-
Fitness route + work photo times → your home and employer.
-
Anonymous salary sheet + team size on LinkedIn → a person’s pay.
-
Delivery photos + social posts → when a home is empty.
Prevent it
-
Minimize data: share only what is needed and drop precise fields.
-
Generalize: use ranges or coarse locations instead of exact values.
-
Separate identifiers: remove keys that link datasets and rotate pseudonyms.
-
Delay and jitter: post after the fact and randomize timestamps.
-
Access controls: restrict who can view exports and dashboards.