number theory

Why the “Number Game” isn’t secret at all

Posted on Updated on

In short: humans are very bad at generating random numbers and obscuring themselves from set theory analysis.

Today, the “Number Game” swept Twitter, Facebook, and other social media. The premise is simple: privately message an individual a number, and they will publicly post their thoughts about you to that number.

Secrecy, then, relies on two pieces of information. First, it requires that the recipient party not divulge the name of the party providing the pre-shared numeric key. Second, it relies on each key existing as a nonce, as any additional use of the same key is compromised to prior parties.

Unfortunately, as I discovered just by trawling my own timeline, many people failed to provide this second guarantee (affording false positives, such as 666). The higher the information entropy of the number selected and reused, the more likely it was selected by a single party.

This has several interesting ramifications. First, it means every identifiable key shared more than once is unmasked to all other recipients. Each recipient will know what the others have said about you.

Second, message passing for this “game” on Twitter is handled by direct message. Because this requires the recipient be following the sending party, there is a public record of a small pool of candidates for every key. By performing set intersection upon each reuse, each participant’s followers whittle the candidates down until there exists one (and only one) party who could have shared the original key. Add any metadata provided by the message text itself (such as, “this person’s art…”), and this whittles down even faster.

While this game may be “cute” and “fun”, I do not advise playing. It does not work as advertised. If you continue to do so, please be aware that you are publicly speaking about someone to your audience with dubious, trivially breakable secrecy.

The fact this is so noisy is a matter to address separately. And, accidentally presciently, I addressed my thoughts on this yesterday. I intend to filter these messages and continue on my merry way. I couldn’t ask for better data to test my new tools against, so collectively, thank you!

But, as many other people do not have this luxury: please be considerate to your audiences. Twitter is broadcasting these to everyone who follows you, many of whom desire timely, relevant information. Filling their channels with noise is not generally appreciated.

Now, if you’ll excuse me, I’m going to go try lucky number 8. 8 hours of sleep, that is.