TikTok for Developers
Evaluating anonymity limitations with AnonPSI
by Jian Du and Bo Jiang, Research Scientists, TikTok Privacy Innovation
Research
Privacy

Last year, we announced PrivacyGo, one of the initiatives undertaken by Privacy Innovation at TikTok to research innovative ways of safeguarding the privacy and security of our users and protecting sensitive information for our partner organizations. PrivacyGo is the synergetic fusion of Privacy Enhancing Technologies (PETs), namely Private Set Intersection (PSI) and Differential Privacy (DP).

Introducing AnonPSI

Within the PrivacyGo ecosystem, we recently introduced AnonPSI, an anonymity assessment framework for Private Set Intersection (PSI). AnonPSI shows that solely using PSI is not secure, therefore, motivating the PET fusion introduced by PrivacyGo.


PSI is a widely used protocol that enables two parties to securely compute a function over the intersected part of their shared datasets and has been a significant research focus over the years. However, recent studies have highlighted its vulnerability to Set Membership Inference Attacks (SMIA), where an adversary might deduce an individual's membership by invoking multiple PSI protocols. This presents a considerable risk, even in the most stringent versions of PSI, which only return the cardinality of the intersection.


We recently published a research paper that explores the evaluation of anonymity within the PSI context.


Initially, we highlight the reasons why existing works fall short in measuring privacy leakage, and subsequently propose two attack strategies that address these deficiencies. Furthermore, we provide theoretical guarantees on the performance of our proposed methods. In addition to these, we illustrate how the integration of auxiliary information, such as the sum of payloads associated with members of the intersection (PSI-SUM), can enhance attack efficiency. We conducted a comprehensive performance evaluation of various attack strategies proposed utilizing two real datasets.


Our findings indicate that the methods we propose markedly enhance attack efficiency when contrasted with previous research endeavors. The effective attacking implies that depending solely on existing PSI protocols may not provide an adequate level of privacy assurance. It is recommended to combine privacy-enhancing technologies synergistically to enhance privacy protection even further.

Learn more about AnonPSI

For more information, check out the AnonPSI research paper and follow us on GitHub.


Share this article
Discover more
Learning by Doing: Transforming AI Skills at Me2We 2025At Me2We 2025, 100 participants built 100 AI agents and gained hands-on experience in voice AI, data tools, and prompt engineering
Community
InfiniEdge AI 1.1: Performance Boosts, One-Click Edge-to-Cloud, and TikTok LiveInfiniEdge AI 1.1 brings faster on-device AI performance, integrates SPEAR & OPEA for a unified edge-to-cloud pipeline, and showcases a TikTok Live demo with no-code AI agents.
Tech @ TikTok
How TikTok’s Privacy and Data Protection Office (PDPO) Protects User DataIn this blog, we’ll explore what privacy and data protection mean, why protecting sensitive information is important, and how TikTok’s PDPO (Privacy and Data Protection Office) ensures compliance and data security.
Privacy
Want to stay in the loop?Subscribe to our mailing list to be the first to know about future blog posts!
By providing your email address and subscribing, you consent to TikTok sending you email notifications whenever a new article is posted on our blogs. You may opt out at any time using the unsubscribe link in each email. Read our full Privacy Policy for more information.
TikTok for Developers
© 2025 TikTokTerms of ServicePrivacy PolicyResources & Legal