Researchers have developed a new probabilistic metric to measure digital privacy, revealing significant disparities in how major platforms protect user data, with Meta falling behind its competitors.
Universidad Carlos III de Madrid (UC3M), in collaboration with the National Cybersecurity Institute (INCIBE), created the new system to provide a more accurate assessment of anonymity in digital databases than current industry standards allow.
Published in the scientific journal Array, the research challenges the effectiveness of “K-anonymity”, a metric commonly used for years to gauge data privacy.
“K-anonymity has been used for years, but it only measures how many people are like you within a database, so it doesn’t reflect whether a user is actually well protected or not,” said Rubén Cuevas Rumín, deputy director of the UC3M–Banco Santander Joint Institute in Financial Big Data.
Probabilistic approach
The new method moves beyond simple matching. Instead, it estimates the probability that a specific individual resembles another user based on the complete data set within a system, analysing variables such as age, gender, and interests.
This probabilistic approach enables researchers to examine the level of anonymity offered by digital platforms in greater detail, highlighting how minor changes in data storage can have significant impacts on security.
When applying this new metric to real-world platforms, the researchers found a stark contrast in protection levels.
“We have seen that LinkedIn and X provide greater privacy protection than Meta,” Cuevas noted.
Simple changes
The study also highlighted how easily these gaps could be closed. The researchers found that Meta could improve its privacy level more than tenfold by implementing simple changes, such as replacing a user’s exact age with an age range in their database.
The development is part of the ANTICIPA project, a strategic initiative funded by Next Generation-EU Funds under Spain’s Recovery, Transformation, and Resilience Plan. The project aims to strengthen cybersecurity capabilities for citizens and professionals alike.
Cuevas emphasised that understanding these metrics is crucial for the public: “People should be aware of which databases are storing their information and what protection they provide, as leaks can lead to dangerous practices if the systems are not well designed.”
