You think your anonymous accounts are safe.

Researchers from ETH Zurich and Anthropic built an AI system that can figure out who you really are.

They tested it on Reddit, Hacker News, and LinkedIn. It works on raw text. No structured data needed.

They collected 338 Hacker News users who had linked their LinkedIn profiles, then stripped all identifying information from their accounts. The AI correctly re-identified 67% of them. When it made a guess, it got the right person 9 out of 10 times.

The cost? Between $1 and $4 per person.

The system uses GPT-5.2 for reasoning, Gemini for matching, and Grok 4.1 Fast for shortlisting. It reads your posts, builds a profile of who you are, then searches the internet for your real identity. No human needed. Fully automatic.

The old way of doing this? A method based on the famous Netflix Prize attack. It found 0.1% of people. The AI found 45.1% of people at 99% precision. That is a 450x improvement.

They also tested it on Reddit. They split 5,000 people's posting histories into two halves separated by a full year. Then they asked the AI to reconnect the two halves. It matched 67.3% of people at 90% precision. The old method? 0.4%.

The scariest finding: even when only 1 in 10,000 users in the database had a possible match, the AI still found 9% of them at 90% precision.

The researchers wrote: "Pseudonymity does not provide meaningful protection online." They also said: "Users who post under persistent usernames should assume that adversaries can link their accounts to real identities."

The more you post, the easier you are to find. Reddit users who discussed 10 or more movies across different communities were identified 48.1% of the time at 90% precision.

Governments could use this to track activists. Corporations could use it for targeted ads. Stalkers could use it for $4.

This is not a future threat. The attack uses publicly available AI models, standard APIs, and costs less than a cup of coffee per person.

Your anonymous account is not anonymous anymore.

1/The pipeline has 4 steps:

1. Extract: AI reads your posts and pulls out personal details

2. Search: It encodes your profile and searches millions of candidates

3. Reason: GPT-5.2 verifies the match with deep reasoning

4. Calibrate: It scores confidence to avoid wrong guesses

All of this runs automatically. No human needed.

2/Matching Hacker News users to LinkedIn profiles (987 queries):

Old method (Netflix Prize attack): 0.1% found at 99% precision
AI with embeddings only: 4.4%
AI with reasoning (low): 36.0%
AI with reasoning (high): 45.1%

More AI reasoning = more people found. Every step makes it worse for your privacy.

3/They split 5,000 Reddit users' histories into "before" and "after" with a 1-year gap.

Old method: 0.4% matched at 90% precision
AI (full pipeline): 67.3% matched at 90% precision
AI at 99% precision: still 38.4%

Even a year of silence between accounts could not hide you.

4/The attack keeps working as the database grows:

100 candidates: nearly 100% recall
10,000: 63.2%
89,000: 55.2%
1 million (projected): ~35% at 90% precision

Classical methods drop to 0% past 100 candidates. The AI barely flinches.