{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:21:21Z","timestamp":1772040081143,"version":"3.50.1"},"reference-count":0,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"3","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["PoPETs"],"abstract":"<jats:p>The source code of a program not only defines its semantics but also contains subtle clues that can identify its author. Several studies have shown that these clues can be automatically extracted using machine learning and allow for determining a program's author among hundreds of programmers. This attribution poses a significant threat to developers of anti-censorship and privacy-enhancing technologies, as they become identifiable and may be prosecuted. An ideal protection from this threat would be the anonymization of source code. However, neither theoretical nor practical principles of such an anonymization have been explored so far. In this paper, we tackle this problem and develop a framework for reasoning about code anonymization. We prove that the task of generating a \ud835\udc58-anonymous program\u2014a program that cannot be attributed to one of \ud835\udc58 authors\u2014is not computable in the general case. As a remedy, we introduce a relaxed concept called \ud835\udc58-uncertainty, which enables us to measure the protection of developers. Based on this concept, we empirically study candidate techniques for anonymization, such as code normalization, coding style imitation, and code obfuscation. We find that none of the techniques provides sufficient protection when the attacker is aware of the anonymization. While we observe a notable reduction in attribution performance on real-world code, a reliable protection is not achieved for all developers. We conclude that code anonymization is a hard problem that requires further attention from the research community.<\/jats:p>","DOI":"10.56553\/popets-2024-0102","type":"journal-article","created":{"date-parts":[[2024,6,25]],"date-time":"2024-06-25T18:57:15Z","timestamp":1719341835000},"page":"744-760","source":"Crossref","is-referenced-by-count":4,"title":["I still know it's you! On Challenges in Anonymizing Source Code"],"prefix":"10.56553","volume":"2024","author":[{"given":"Micha","family":"Horlboge","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t Berlin"}]},{"given":"Erwin","family":"Quiring","sequence":"additional","affiliation":[{"name":"ICSI & Ruhr Universit\u00e4t Bochum"}]},{"given":"Roland","family":"Meyer","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Braunschweig"}]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[{"name":"BIFOLD & Technische Universit\u00e4t Berlin"}]}],"member":"35752","published-online":{"date-parts":[[2024,7]]},"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"deposited":{"date-parts":[[2024,6,25]],"date-time":"2024-06-25T19:07:18Z","timestamp":1719342438000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2024\/popets-2024-0102.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":0,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2024,7]]}},"alternative-id":["10.56553\/popets-2024-0102"],"URL":"https:\/\/doi.org\/10.56553\/popets-2024-0102","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7]]}}}