How reproducible is "Large-scale online deanonymization with LLMs"?

Estimated time to first reproduction: a few days. Risk flags: No repository-level reproducibility signals are currently available, Estimate is based on paper-only reproduction flow. No direct maintained implementation was found. Use the paper PDF and citation graph to design a baseline reproduction.

Large-scale online deanonymization with LLMs

Simon Lermen, Daniel Paleka, Joshua Swanson, Michael Aerni, Nicholas Carlini, Florian Tramèr

Published: Feb 18, 2026

No direct implementation yet

Evidence: Inferred

Domain fit: AI-core

Verified repos: 0

Core AI workload signals detected from paper context and implementation/artifact evidence.

Time to first repro: a few days

2 risk flags

arXiv PDF

We show that large language models can be used to perform at-scale deanonymization. With full Internet access, our agent can re-identify Hacker News users and Anthropic Interviewer participants at high precision, given pseudonymous online profiles and conversations alone, matching what would take hours for a dedicated human investigator. We then design attacks for the closed-world setting. Given two databases of pseu ...

Read full abstract

donymous individuals, each containing unstructured text written by or about that individual, we implement a scalable attack pipeline that uses LLMs to: (1) extract identity-relevant features, (2) search for candidate matches via semantic embeddings, and (3) reason over top candidates to verify matches and reduce false positives. Compared to prior deanonymization work (e.g., on the Netflix prize) that required structured data or manual feature engineering, our approach works directly on raw user content across arbitrary platforms. We construct three datasets with known ground-truth data to evaluate our attacks. The first links Hacker News to LinkedIn profiles, using cross-platform references that appear in the profiles. Our second dataset matches users across Reddit movie discussion communities; and the third splits a single user's Reddit history in time to create two pseudonymous profiles to be matched. In each setting, LLM-based methods substantially outperform classical baselines, achieving up to 68% recall at 90% precision compared to near 0% for the best non-LLM method. Our results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered.

Technical details

Canonical key: arxiv-2602.16800

Cache status: Fresh

Generated at: May 16, 2026, 3:02 AM

Artifact coverage: sparse

HF provider: ok (token)

PWC source used: No

LLM status: not_generated

LLM model: n/a

LLM generated: Unknown

LLM content type: n/a

HF policy: hf-relevance-v27

context only

Benchmarks: thin evidence

Time to repro: a few days

2 risk flags

Results & Benchmarks

Freshness tier: hot

Direct + Inferred Evidence

Representation learning

Narayanan baseline

90% Prec

0.1

Source: paper fulltext

Representation learning

Search (embedding)

90% Prec

26.3

Source: paper fulltext

Agentic tool use

Reason (low)

90% Prec

5.2

Source: paper fulltext

Agentic tool use

Reason (high)

90% Prec

8.5

Source: paper fulltext

Agentic tool use

Baseline (Narayanan)

90% Prec

0.4

Source: paper fulltext

Benchmark evidence drill-down

6 findings

Audit each benchmark finding before selecting an implementation path. Evidence refs map to the disclosure section below.

Task	Dataset	Metric	Value	Source	Evidence refs
Representation learning	Narayanan baseline	90% Prec	0.1	paper-derived	No explicit refs
Representation learning	Search (embedding)	90% Prec	26.3	paper-derived	No explicit refs
Agentic tool use	Reason (low)	90% Prec	5.2	paper-derived	No explicit refs
Agentic tool use	Reason (high)	90% Prec	8.5	paper-derived	No explicit refs
Agentic tool use	Baseline (Narayanan)	90% Prec	0.4	paper-derived	No explicit refs
Agentic tool use	LLM	90% Prec	38.3	paper-derived	No explicit refs

We show that large language models can be used to perform at-scale deanonymization.

Implementation Evidence Summary

Confidence: low

Recommendation evidence is currently too limited for a maintained-repo choice. Use Implementation Status and Reproduction Path for a practical baseline plan.

Reproduction Risks

Estimate is based on paper-only reproduction flow

Hardware Notes

Expect multi-day setup/compute for meaningful reproduction based on current guidance.

Evidence disclosure

Evidence graph: 2 refs, 1 links.

Utility signals: depth 95/100, grounding 68/100, status medium.

Implementation Comparison

Top 3 paths

Compare maintenance quality, reproducibility coverage, and evidence confidence before choosing a reproduction baseline.

joheras/Lecturas

alternative

Maintenance: Active

Confidence: Low

Reproducibility: Limited

Matched via arXiv identifier search

Stars: 20
Last push: May 6, 2026 (11d ago)

Risk flags

No CI pipeline detected
No tagged releases
No Docker setup

Concorde89/Open-Source-Satoshi-Hunt

alternative

Maintenance: Recently updated

Confidence: Low

Reproducibility: Limited

Matched via arXiv identifier search

Stars: 0
Last push: Feb 26, 2026 (79d ago)

Risk flags

No CI pipeline detected
No tagged releases
No Docker setup

siliconbag/osint-profiler

alternative

Maintenance: Recently updated

Confidence: Low

Reproducibility: Limited

Matched via arXiv identifier search

Stars: 0
Last push: Mar 2, 2026 (76d ago)

Risk flags

No CI pipeline detected
No tagged releases
No Docker setup

Implementation Status

No verified maintained repo

There is no verified maintained implementation yet. Use this baseline plan to decide whether to prototype now or defer.

No direct maintained implementation was found. Use the paper PDF and citation graph to design a baseline reproduction.
Track assumptions and missing details in an experiment log before coding.

Time to first repro: a few days

Reproduction readiness

No Repo

Time to first repro: days

Last checked: May 16, 2026

Hardware requirements

Expect multi-day setup/compute for meaningful reproduction based on current guidance.

No verified implementation available

· No maintained repository has been identified for this paper. Check adjacent implementations or HF artifacts below.

Additional implementations

No additional verified repositories beyond the primary recommendation.

Possible but unverified matches (4)

These repositories had low-confidence matching signals and are hidden by default.

joheras/Lecturas

Confidence: Low

Stars: 20
Concorde89/Open-Source-Satoshi-Hunt

Confidence: Low

Stars: 0
siliconbag/osint-profiler

Confidence: Low

Stars: 0
nestorghh/LLMdeanonymization

Confidence: Low

Stars: 0

Hugging Face artifacts

No trustworthy direct or curated related Hugging Face artifacts were found yet.

Continue with targeted Hugging Face searches derived from the paper title and method context:

Models

arxiv:2602.16800 LLMs Natural Language Processing

Datasets

arxiv:2602.16800 LLMs dataset

Spaces

arxiv:2602.16800 LLMs demo

Tip: start with models, then check datasets/spaces if you need evaluation data or demos.

Direct artifact matches are currently sparse. Use targeted Hugging Face searches to quickly locate candidate models, datasets, and demos.

Search models Search datasets Search spaces

Research context

Tasks

Agentic tool use

Methods

Transformer

Domains

Natural Language Processing, Large Language Models, AI Agents

Evaluation & Human Feedback Data

Open this paper in HFEPX to review benchmark signals, evaluation modes, and human-feedback protocol context.

Open in HFEPX

Explore Similar Papers

Jump to Paper2Code search queries derived from this paper's research context.

Agentic tool use Transformer Natural Language Processing Large Language Models AI Agents

Need human evaluators for your AI research? Scale annotation with expert AI Trainers.

Post a Job Get a Quote