Research from ETH Zurich and Anthropic published last week shows large language models can identify anonymous users across Hacker News, Reddit, and LinkedIn with 67% accuracy at 90% precision—for just $1-4 per person. The study matched 226 of 338 pseudonymous Hacker News accounts to real LinkedIn profiles at a total cost under $2,000. The days of hiding behind pseudonyms are over. Online anonymity, as developers have known it, is dead.
67% Success Rate for $1-4 Per Person
The ArXiv paper demonstrates a 4-stage automated pipeline that deanonymizes users by analyzing unstructured text from their posts. The ESRC framework—Extract, Search, Reason, Calibrate—pulls identity signals from comments (location, occupation, interests, writing style), searches millions of candidate profiles via embeddings, uses LLM reasoning to match accounts, and calibrates confidence scores to achieve 90-99% precision thresholds.
The results are stark. Matching Hacker News accounts to LinkedIn profiles achieved 67% recall at 90% precision and 45.1% recall at 99% precision—compared to 0.1% for classical non-LLM methods. On Reddit, users who shared 10+ movie recommendations became identifiable with 48.1% recall at 90% precision. The system even matched 27% of Anthropic’s anonymized interviewer transcripts to real identities at 82% precision. Moreover, the attack scales: at 1,000 candidates the recall hits 68%, and extrapolated to 1 million candidates it projects 35% recall—still orders of magnitude better than manual investigation.
The $4 Threshold Changes Everything
Here’s what matters most: the cost. Each identification cost between $1 and $4. The entire 338-target experiment ran under $2,000. This isn’t a theoretical threat requiring nation-state resources. Anyone with $4 and an OpenAI API key can deanonymize a specific target. As lead researcher Simon Lermen put it: “If you think investigators could identify you from your posts, LLM agents can likely do the same—and the cost of doing so is only going down.”
The shift is fundamental. Previous deanonymization required hours of manual investigation by specialists. LLMs automate the entire workflow in minutes via public APIs. The attack pipeline is composed of individually benign steps—summarizing text, generating embeddings, ranking candidates—making misuse nearly impossible to detect. “Practical obscurity,” the assumption that pseudonymous users were protected by the sheer expense of identifying them, relied on a cost barrier. That barrier is gone.
This democratizes surveillance. Governments can track dissidents and journalists at scale. Corporations can link anonymous employee feedback to real identities. Attackers can build detailed profiles for social engineering campaigns. And critically, none of this requires specialized skills anymore—just an API subscription.
Your Hacker News Posts Are Now Linkable to Your Real Identity
For developers, the implications are immediate. That Hacker News comment where you mentioned working on a “distributed caching layer for a fintech startup in NYC”? Linkable. The Reddit post asking for career advice about “switching from backend Java to ML engineering”? Identifiable. The anonymous Stack Overflow answer demonstrating deep expertise in Kubernetes orchestration? Fingerprinted.
The research specifically targeted Hacker News because developers often post pseudonymously while inadvertently revealing identifying details across years of comment history. A single mention of your city, employer type, technology stack, or side project might not identify you—but the combination across dozens of posts creates a unique fingerprint. The Register noted that LLMs “fundamentally change the privacy calculus” by extracting these signals from arbitrary prose without predefined schemas.
Enterprise risks extend beyond personal privacy. Anonymous employee surveys are no longer truly anonymous—HR can link feedback to specific individuals. Whistleblower hotlines become traceable. Internal forums discussing workplace issues can identify participants. BYOD policies create cross-contamination where personal accounts used for work discussions expose professional affiliations.
Assume Deanonymization Is Always Possible
The threat model shift is non-negotiable: Developers must assume any public post can be linked to their real identity for $4. Security expert Bruce Schneier flagged the research as a critical privacy development, noting that what was “often practically limited by the expense of human investigation” becomes increasingly accessible through automation.
Practical countermeasures exist but require operational security discipline. Compartmentalize online identities—separate accounts for work, personal projects, and anonymous discussions with no cross-posting. Avoid posting identifying micro-details even if they seem innocuous (employer names, specific projects, unique life events). Assume long-term posting histories can be automatically aggregated and analyzed. High-variance writing styles across accounts can help evade detection, but this requires conscious effort.
Platforms can respond with rate limiting on API access, automated scraping detection, and restrictions on bulk data exports—all of which raise the cost of large-scale attacks. However, these mitigations are incomplete. The attack’s individual steps look like legitimate usage (text summarization, similarity search, candidate ranking), making abuse hard to distinguish from normal activity. And for targeted attacks against specific individuals, even rate limits won’t stop a determined adversary willing to spend $4.
Key Takeaways
- Online anonymity is dead—LLMs match anonymous Hacker News accounts to LinkedIn profiles with 67% success at $1-4 per person, killing “practical obscurity” that relied on cost barriers.
- The $4 cost democratizes surveillance—Anyone can now deanonymize targets; no specialized skills or expensive resources needed, just public LLM APIs.
- Developers are directly exposed—Years of HN/Reddit posts create unique fingerprints linking pseudonyms to real identities through inadvertent micro-details.
- Threat model must change—Assume all public posts are linkable to real identity; compartmentalize accounts, avoid identifying details, expect automated analysis.
- Platform countermeasures are insufficient—Rate limiting and scraping detection raise costs but can’t stop targeted $4 attacks; fundamental privacy assumptions no longer hold.
