{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T15:42:41Z","timestamp":1780069361257,"version":"3.54.0"},"reference-count":0,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2023,10,1]],"date-time":"2023-10-01T00:00:00Z","timestamp":1696118400000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["PoPETs"],"abstract":"<jats:p>Recently proposed systems aim at achieving privacy using locality-sensitive hashing. We show how these approaches fail by presenting attacks against two such systems: Google's FLoC proposal for privacy-preserving targeted advertising and the MinHash Hierarchy, a system for processing location trajectories in a privacy-preserving way. Our attacks refute the pre-image resistance, anonymity, and privacy guarantees claimed for these systems. In the case of FLoC, we show how to deanonymize users using Sybil attacks and to reconstruct 10% or more of the browsing history for 30% of its users using Generative Adversarial Networks. We achieve this only analyzing the hashes used by FLoC. For MinHash, we precisely identify the location trajectory of a subset of individuals and, on average, we can limit users' trajectory to just 10% of the possible geographic area, again using just the hashes. In addition, we refute their differential privacy claims.<\/jats:p>","DOI":"10.56553\/popets-2023-0101","type":"journal-article","created":{"date-parts":[[2023,8,3]],"date-time":"2023-08-03T20:41:11Z","timestamp":1691095271000},"page":"117-131","source":"Crossref","is-referenced-by-count":5,"title":["Locality-Sensitive Hashing Does Not Guarantee Privacy! Attacks on Google's FLoC and the MinHash Hierarchy System"],"prefix":"10.56553","volume":"2023","author":[{"given":"Florian","family":"Turati","sequence":"first","affiliation":[{"name":"ETH Zurich"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Karel","family":"Kubicek","sequence":"additional","affiliation":[{"name":"ETH Zurich"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Carlos","family":"Cotrini","sequence":"additional","affiliation":[{"name":"ETH Zurich"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"David","family":"Basin","sequence":"additional","affiliation":[{"name":"ETH Zurich"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"35752","published-online":{"date-parts":[[2023,10]]},"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"deposited":{"date-parts":[[2023,8,3]],"date-time":"2023-08-03T20:41:27Z","timestamp":1691095287000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2023\/popets-2023-0101.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10]]},"references-count":0,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,10]]}},"alternative-id":["10.56553\/popets-2023-0101"],"URL":"https:\/\/doi.org\/10.56553\/popets-2023-0101","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10]]}}}