Professor Vitaly Shmatikov Honored With Test of Time Award

By Grace Stanley

Vitaly Shmatikov, professor of computer science at Cornell Tech and the Cornell Ann S. Bowers College of Computing and Information Science, has received a Test of Time Award from the Institute of Electrical and Electronics Engineers (IEEE) at the 47th IEEE Symposium on Security and Privacy. The award was announced at the 2026 conference, a leading international forum for cybersecurity and digital privacy research, held in San Francisco, California, from May 18 to 21.

The Test of Time Award recognizes research that continues to shape the field years after its publication. Shmatikov was honored for his 2009 paper, “De-anonymizing Social Networks,” co-authored with professor Arvind Narayanan of Princeton University.

The paper has had a lasting influence on how researchers and practitioners understand privacy risks in large-scale social networks. Its insights have helped reveal the limits of anonymization — an approach that is still occasionally used to protect user data — and have informed both academic research and real-world data-sharing practices.

“The main lesson of our work is that we cannot think of privacy as a pure computer science problem.  Privacy is a policy and ethics issue, and technical solutions will always be limited. This understanding is critical today, when AI can automate large-scale privacy violations,” said Shmatikov.

In the study, Narayanan and Shmatikov introduced a framework for analyzing privacy in social networks and developed a method to re-identify individuals using only the structure of their social connections. Their algorithm demonstrated that “you are who you know”: seemingly anonymous data about connections and relationships can be linked back to real users, even when identifying information has been removed.

To illustrate their approach, the researchers showed that users with accounts on both Twitter (now X) and Flickr could be re-identified in an anonymized Twitter dataset with notable accuracy. The work demonstrated that context and metadata are critical for understanding how anonymity and privacy fail. This lesson is very relevant today, when AI models can perform large-scale de-anonymization based on subtle contextual clues.

Overall, the paper marked a significant advance in understanding the vulnerabilities of anonymized data and helped prompt more rigorous approaches to privacy protection. At Cornell Tech, Shmatikov’s research continues to explore the evolving challenges of digital privacy, security, and machine learning, with a focus on anticipating and mitigating emerging threats in data-driven systems.

Grace Stanley is the staff writer-editor at Cornell Tech.