1. I've never seen a formal definition of security that k-anon supposedly satisfies. While I personally really like formal guarantees, maybe one might argue this wouldn't be so bad absent concrete problems with the definition. Which leads us to...
2. K-anon doesn't compose. The JOIN of 2 databases, each k anonymized, can be 1-anonymous (i.e., no anonymity), no matter what k is.
3. The distinction between quasi-identifiers and sensitive attributes (central to the whole framework) is more than meaningless: is misleading. Every sensitive attributes is a quasi-identifier given the right auxiliary datasets. Using k anon essentially requires one to determine a priori which additional datasets will be used when attacking the k anonymized dataset.
4. My understanding of modified versions (diversity, closeness, etc) is less developed, but I believe they suffer similar weaknesses. The weaknesses are obscured by the additional definitional complexity.
(Edit: typos and autocorrect)
Even if you make sure that information gain about an individual from your dataset is minimal, this could easily change if combined with other data sets, as GP stated.
Anyone claiming to do this needs to be verified, that means that it has to be open. And being open does not by any stretch imply that it has been verified. And I will not do that just to use your product/site.
Bottom line: Just abandon and ignore anyone claiming to anonymize sensitive data.
For example, the Doctor On Demand app has records of all of my visits available on the screen when I am logged in, but in order to actually export or download them, I was required to call them, then fill out an online form where none of that data was prefilled, then I will need to wait up to 10 days for the request to be filled. Its ridiculous.
It doesn't make any sense, since I could just take screenshots on the app as I scroll through the data. Which it seems that if I am identified on the app, they should be able to release the records -- which they do -- they just deliberately make it difficult to export them.
Someone is going to come on here and give me a lecture about privacy laws and how they have to do that or something, but I think its BS. The laws need to be updated to ensure that people can access and export and transfer their own medical records easily. I need to own that data.
I think there are quite a few groups working on technology to solve the problem of owning your data and also being able to share it in a non-identifiable way. Some of them use things like bitcoin or blockchain to do so. We definitely need high tech solutions so I hope some of these types of endeavors will become popular and more effective than some of the inept government efforts so far.
Edit: an old an interesting discussion on this: https://news.ycombinator.com/item?id=2942967
This is a losing battle. The information is already being leaked--we have been protected by the high cost and inaccessibility of analyzing it. These factors are quickly changing, and it's time to ask ourselves: how do we intend to live in a post-privacy world?
