Researchers at ETH Zurich, UC Berkeley, and Google published a study this week proving that large language models can automatically identify pseudonymous internet users with 67% accuracy at just $1-4 per profile. The attack, detailed in an ArXiv paper released February 18 and covered by The Register today, works by analyzing writing style, inferring demographic details, and cross-referencing public databases—replicating in minutes what would take human investigators hours. At a total experiment cost of $2,000, the team correctly identified 226 of 338 Hacker News users by matching their pseudonymous posts to real LinkedIn profiles.
67% Success at $1-4 Per Profile
The numbers tell a stark story. Researchers achieved 67% recall at 90% precision—meaning 9 out of 10 identifications were correct, not guesses. LLM-based methods reached up to 68% recall at 90% precision across multiple datasets, while traditional non-LLM approaches achieved near 0% success. The cost? Just $1-4 per person.
Moreover, this isn’t theoretical. A Northeastern professor used an LLM to deanonymize 25% of Anthropic’s “anonymous” interview participants, associating interviews with specific papers and scientists. The attack worked on professionally anonymized data—the kind organizations assume is protected.
The $2,000 total cost is the critical point. This isn’t a government-only capability. A stalker can afford $2K. A corporation retaliating against a Glassdoor reviewer can afford $2K. An angry ex can afford $2K. Consequently, the democratization of deanonymization fundamentally changes the threat model for anyone using pseudonyms online.
Three-Stage Automated Pipeline
The attack operates in three stages. First, the LLM extracts identity-relevant features from posts—location clues, profession indicators, interests, writing style, demographic markers. From “a handful of comments,” as lead researcher Simon Lermen explains, the system can infer where you live, what you do, and your interests.
Second, semantic embeddings search databases like LinkedIn and GitHub for candidate matches based on similarity scores. Third, the LLM applies reasoning to verify matches and filter false positives, cross-referencing multiple data points for high precision.
Lermen’s warning is direct: “The combination is often a unique fingerprint. Ask yourself: could a team of smart investigators figure out who you are from your posts?” However, the difference now is that LLM automation reduces investigation time from hours to minutes and cost from hundreds of dollars to $1-4.
Traditional deanonymization required manual labor—$250-2000 per target for 5-10 hours of investigator time. In contrast, LLM-based attacks achieve 50-500x cost reduction and 10-100x speed improvement, making mass deanonymization economically feasible for the first time.
Related: Google API Keys Risk: Gemini Access Without Warning
Journalists, Activists, and Anyone Using Pseudonyms
The research authors explicitly warn that “governments could use this technique to target journalists or activists, corporations could mine forums to build highly targeted advertising profiles, and online attackers could develop detailed personal profiles to make social engineering scams more credible.”
Who’s at risk? Journalists using pseudonyms to protect sources. Activists in authoritarian countries relying on anonymity for safety. Whistleblowers exposing corporate wrongdoing. Additionally, employees posting honest Glassdoor reviews, people sharing mental health experiences anonymously, and developers criticizing employers on Reddit or Hacker News all face exposure.
This isn’t about criminals being caught. This is about ordinary people who use pseudonyms for legitimate reasons—privacy, safety, professional protection—having those protections stripped away. Furthermore, the asymmetry is stark: attack costs $2K, but there’s no effective defense for already-public posts.
Practical Obscurity is Dead
The research team identified only one mathematically proven defense: differential privacy using DP-SGD during model training. However, this doesn’t help users whose posts are already public. Other mitigations—rate limiting API access, detecting automated scraping, restricting bulk exports—might slow attacks but won’t stop them.
The authors state bluntly: “The practical obscurity protecting pseudonymous users online no longer holds and threat models for online privacy need to be reconsidered.”
Deleting posts doesn’t work—web archives, caches, and quotes persist. Changing writing style doesn’t work—patterns emerge over time. Compartmentalizing personas helps but requires extreme discipline (separate writing styles, interests, opinions across accounts). Consequently, the only real defense is not posting publicly under any pseudonym, which defeats the purpose of online discussion.
For decades, pseudonymity worked because connecting the dots was expensive and time-consuming. “Practical obscurity” meant your Reddit posts and LinkedIn profile were technically linkable, but nobody would bother. Now, for $1-4, anyone can bother. Therefore, that fundamental privacy model is broken.
Published February 18, 2026 and trending on Hacker News today with 240 points and 179 comments, this research forces a fundamental reassessment of what can be considered private online. The authors warn: “LLMs democratize deanonymization; the asymmetry between attack cost and defense cost may force a fundamental reassessment of what can be considered private online.”
Everyone who posts pseudonymously—whether on Hacker News, Reddit, Twitter, or any public forum—needs to assume their identity can be discovered for a few dollars. The era of anonymous online discourse may be ending.
