That throwaway Reddit account where you discuss your mental health struggles? The Hacker News handle you use to comment on your industry without your employer knowing? The pseudonymous Twitter account where you share opinions you’d never attach to your real name?
AI can now connect them to your real identity. Cheaply, automatically, and at scale.
Researchers at ETH Zurich and Anthropic published a paper in late February demonstrating that large language models can deanonymize pseudonymous online accounts with alarming accuracy. Their system correctly identified 67% of Hacker News users from their posts alone, linking them to their real LinkedIn profiles with 90% precision.
The cost per identification: between $1 and $4.
How It Works
The attack pipeline uses LLMs in three stages. First, the model extracts identity-relevant features from a user’s posts - their location, employer, hobbies, conference attendance, opinions on niche topics. Each piece alone might seem innocuous. Combined, they form a fingerprint.
Second, the system uses semantic embeddings to search millions of candidate profiles for potential matches. This narrows the field from the entire internet to a manageable list.
Third, the LLM reasons over the top candidates to verify matches and eliminate false positives. It’s not just pattern matching - the model understands context, makes inferences, and synthesizes information the way a skilled investigator would.
“Ask yourself: could a team of smart investigators figure out who you are from your posts?” wrote lead author Simon Lermen. “If yes, LLM agents can likely do the same, and the cost of doing so is only going down.”
The Numbers
The researchers tested their approach across multiple platforms and datasets:
Hacker News to LinkedIn: They collected 338 verified Hacker News users with known LinkedIn profiles, anonymized the HN data by removing names, URLs, and direct identifiers, then tasked their LLM agent with re-identifying the users. Result: 226 correct identifications out of 338 attempts - a 67% success rate at 90% precision. Only 25 were incorrect; the system abstained in 86 cases where it wasn’t confident.
Reddit movie discussions: Users who discussed more than 10 shared movies across subreddits like r/movies and r/horror saw their recall jump to 48% at 90% precision. Your taste in horror films might be a unique identifier.
Anonymous interview transcripts: The researchers tested against a dataset of 125 anonymized scientist interviews about AI use. Their agent correctly identified at least 9 participants - a 7.2% success rate - by cross-referencing statements with publicly available information about researchers.
The entire experiment cost less than $2,000. Traditional deanonymization methods achieved essentially 0% recall at the same precision thresholds.
Why This Matters Now
Previous deanonymization attacks existed, but they required extensive manual effort or relied on obvious metadata leaks. What’s different is the combination of capability and cost.
“LLMs democratize deanonymization,” the researchers write. The same reasoning capabilities that make these models useful for summarization and research also make them excellent at connecting scattered personal details into coherent identity profiles.
The researchers explicitly warn about government surveillance: authorities could “link pseudonymous accounts to real identities for surveillance of dissidents, journalists, or activists.” The cost structure - a few dollars per target - makes mass surveillance programs feasible.
Corporations could build detailed advertising profiles by connecting users’ anonymous browsing to their real identities. Attackers could craft highly personalized social engineering attacks using information the victim thought was safely siloed behind a pseudonym.
What Doesn’t Help
The researchers note that current defensive measures have significant limitations.
LLM provider guardrails: Each step of the attack - summarizing text, searching databases, reasoning about matches - looks identical to legitimate use cases. Refusing to help with “deanonymization” doesn’t stop someone from asking the model to “find the LinkedIn profile that best matches this text summary.” Open-source models sidestep restrictions entirely.
Platform rate limiting: Helps slow down attacks but doesn’t prevent them. A determined adversary can distribute requests across time and accounts.
Obscuring writing style: The system doesn’t rely solely on stylistic fingerprinting. It extracts factual content - the specific conference you attended, the neighborhood you mentioned living in, the obscure movie you reviewed. Those details remain regardless of how you phrase them.
What Might Help
The researchers offer defensive recommendations, though none are complete solutions.
For individuals: Adopt a “security mindset” about online pseudonymity. Before posting, ask whether the combination of details across all your posts could identify you. Use separate accounts for sensitive topics and avoid cross-linking them through shared interests or writing patterns. Minimize biographical details even in seemingly anonymous contexts.
For platforms: Implement stronger anti-scraping measures. Restrict bulk data exports. Assume pseudonymous accounts can be linked to real identities and design privacy protections accordingly.
For anyone posting sensitive content: Recognize that pseudonymity is not anonymity. If identification would have serious consequences - for your job, your safety, your relationships - assume it’s possible and act accordingly.
The End of Casual Pseudonymity
The internet was built on the assumption that pseudonymity provided meaningful privacy protection. Your username wasn’t your real name, so your posts weren’t really you. That assumption is collapsing.
The researchers frame their work as a warning: “Raising awareness of this is a major reason we published the paper!” wrote co-author Joshua Swanson. The capabilities they demonstrated already exist. The question is how long before they’re widely deployed.
This doesn’t mean all online privacy is dead. Truly anonymous posting - using Tor, avoiding any personal details, maintaining strict operational security - remains possible. But that level of discipline is beyond what most people practice or even understand.
What’s ending is the middle ground: the reasonable expectation that using a pseudonym and avoiding obvious identifying details was enough to separate your online persona from your offline identity. For most people on most platforms, that separation was already thinner than they realized. Now AI can collapse it entirely.
The Bottom Line
If you’ve ever posted something under a pseudonym that you wouldn’t want attached to your real name, the time to assume that connection is possible is now. Not because every post will be deanonymized, but because the cost of doing so has dropped from “requires a dedicated investigation” to “costs less than a coffee.”
The researchers conclude with advice that sounds obvious but apparently needs stating: “Don’t post anything you wouldn’t want publicly shared.” In 2026, that’s not paranoia. It’s just accurate threat modeling.