[ziddoap]

>To put another way, "guy was vaguely near New York on these dates" doesn't narrow down the search parameters by much.

That's why I said that this data alone is probably worthless, but can gain value when combined with other data.("As a piece of data alone, the results are probably not of significant use")

The combining of data is the important bit and the entire emphasis of both of my other comments.

Two pieces of otherwise anonymous data can, when combined, lead to re-identification.

[gruez]

>Two pieces of otherwise anonymous data can, when combined, lead to re-identification.

How are you going to get more anonymous data? Practically speaking if your target has such poor opsec that he's hemorrhaging bits of data, you probably don't need this attack to deanonymize them.

[ziddoap]

>How are you going to get more anonymous data?

All over the place? Your comment history here (and mine!) is full of data. Each piece alone isn't identifying, but there's a good chance that in aggregate it is.

If you share that username on discord/twitter/reddit/steam/whatever, that's even more data. If you reference old accounts anywhere, you guessed it, even more.

>you probably don't need this attack to deanonymize them

My comment wasn't necessarily specific to this attack, just noting that this attack can be an additional piece of data in the chain of re-identification.

You've gone from "not convinced on the real world applications here" to "how are you going to get more anonymous data". If we assume that you can get some data somewhere (a small list of example sources above), can we agree that there is, possibly, a real world application?