AURiX WHITEPAPER: Anonymize ================================================================================ Title: Anonymize — Sector-Grade Safe Release of Any Corpus, Without Requiring the Releaser to be an Expert Author: AURiX Protocol | 2026-04-21 Status: Desktop app. v1 shipped (personal GUI). v2 shipped (CLI / library, sector profiles). Design doc at finished/anonymize_v2_design.md. Part of the Helper Who Helps family per FWF. ================================================================================ ABSTRACT Anonymize is the release pipeline for any corpus a user wants to share, publish, or archive without exposing identifying content. It runs locally, enforces the 8 AURiX invariants on itself, emits an audit receipt with a hash chain, and supports eight sector profiles (HIPAA Safe Harbor, GDPR, journalism, science / IRB, legal discovery, art, personal, generic). The release is not a one-way black box: every decision (what was detected, what rule fired, what was replaced with what, under which profile) lands in a declared receipt that a reviewer can verify by re-running the same inputs through the same rule set. This paper describes the four-layer architecture, the sector profiles, the reversibility tiers, and the AURiX-native properties that make Anonymize a protocol instrument rather than a utility. THE PROBLEM Releasing any corpus that references real people, places, or identifiers creates risk: re-identification through quasi-identifiers, contextual inference (role descriptors such as "the inventor of [widely-known system X]" collapse to a named individual in seconds of public search), stylometric fingerprinting, disclosed dates that triangulate with external data. The people best positioned to release such corpora (doctors, journalists, researchers, lawyers, artists) are rarely anonymization experts. Existing tools either assume expertise the releaser lacks, or ship a one-size-fits-all setting that under- or over-anonymizes for the actual sector. Anonymize inverts the default: the releaser picks a sector profile, the tool applies the profile's detection + replacement + output rules, and every decision enters a declared receipt the releaser can show to their editor, IRB, compliance officer, or future self. ARCHITECTURE — FOUR PLUGGABLE LAYERS Layer 1: Detection. Finds things that may need anonymization. - Key-based (v1 behavior): known entities from a user-maintained key.json. - PII regex: SSN, email, phone, credit card, IP, URL, bank account, medical record numbers. - Capitalized-word heuristic: any capitalized multi-word phrase not in the key gets flagged for review. - Date detection: ISO, written, relative dates — flagged for generalization. - Quasi-identifier clustering: age + ZIP + occupation + gender co-occurrence signals re-identification risk. - (Deferred) NER via spaCy, contextual re-identification. Layer 2: Replacement. Decides what to do with each detected item. - Direct alias (v1): Emma → Lila, from key. - Generalization: 2026-04-20 → "April 2026" / "Q2 2026" / "2026"; Eugene, OR → "Pacific Northwest"; age 47 → "40-50". - Suppression: text removed, replaced with [REDACTED]. - Hash-binding: deterministic pseudo-identifier bound to the key's sealed state — same input gives same pseudo-id within one run. - (Deferred) Decoy injection, stylometric rephrasing. Layer 3: Output. Produces the anonymized artifact plus integrity metadata. - Anonymized text (the document). - Audit receipt (JSON): what was detected, what was changed, which rule fired, which profile. - Hash chain: SHA-256 of input + SHA-256 of output + SHA-256 of rule set. Tamper-evident. - Declared profile attestation: "this output was produced under profile X," re-runnable. - AURiX Receipt: binds the moment to a lawful state under declared origin — matches the protocol's Receipt primitive. Layer 4: Profile. Presets that configure detection + replacement + output for sector use. - HIPAA Safe Harbor — 18 identifier categories per 45 CFR 164.514(b)(2). Auto-detect and remove names, geographic subdivisions smaller than state, date elements except year (except for over-89 ages, where year is suppressed too), phone, fax, email, SSN, medical record numbers, health plan beneficiary numbers, account numbers, certificate / license numbers, vehicle identifiers, device identifiers, URLs, IP addresses, biometric identifiers, full-face photos, any other unique identifying number. - GDPR anonymization — stronger in some respects than HIPAA (no key-link preserved if "anonymization" vs. "pseudonymization"). Configurable. - Journalism / source protection — protects named sources while preserving quote verifiability via sealed-key record held by the publication. - Science / IRB — re-linkable via sealed key held by trusted third party. Date generalization to year. Geographic to region. - Legal discovery — protective orders; preserves sealed linkages for court subpoena. - Art / creative — preserves voice and narrative while anonymizing entities. Lightest touch. - Personal — current v1 behavior preserved. - Generic — plain-language defaults, user tunable. REVERSIBILITY TIERS The releaser chooses, at anonymization time, how reversible the output should be. Tier 1 — Irreversible. One-way hash replaces identifiers. No key stored. Cannot be re-identified even by the author. Use for public release where no future re-linkage is ever needed. Tier 2 — Key-sealed (default). Key file held by user; anyone with the key can re-link. Matches current v1 behavior. Tier 3 — Threshold-sealed. Shamir's Secret Sharing splits the key into N shares, M of N required to reconstruct. Journalism: editor + reporter. Science: IRB + PI. Legal: judge + counsel. Deferred (crypto library dependency), but the v2 key schema already supports it. IMPENETRABILITY FEATURES (V2 + DEFERRED) - k-anonymity check on output (k ≥ 5 default, configurable to 20+). - l-diversity, t-closeness for sensitive-attribute distribution (deferred). - Differential privacy for aggregate statistics on the corpus (deferred). - Forward secrecy: each run uses an ephemeral subkey; compromising one run does not expose the chain. - Extent field: declares scope of anonymization (page / conversation / corpus / cross-corpus). - Extant check: later verification that the anonymized output still matches its declared state — enforces invariant 6 (no silent transformation). NON-TEXT FORMAT SUPPORT (PHASED) v2 ships text. Phased support for: - PDF: strip EXIF / metadata, OCR visible text, run through text pipeline, re-embed. - Images: EXIF strip, face blur, text-region detection and redaction. - Spreadsheets / CSV: column-level rules, k-anonymity on the table. - HTML: strip tracking scripts, anonymize visible text, preserve structure. - Video: audio transcription + redaction, blur + text overlay. AURIX-NATIVE PROPERTIES Anonymize honors the 8 invariants recursively — the tool that enforces invariants applies them to itself: 1. Mechanism only. Every anonymization is a mechanical rule. 2. No interpretation imposed. The tool does not decide whether a detected entity "should" be anonymized morally; it flags based on rule and lets the user confirm. 3. Separation of layers. Detection, replacement, output, profile are independent pluggable stages. 4. Observable or declared. Every change enters the audit receipt. 5. Explicit origin. Each detection records which detector fired. 6. No silent transformation. Receipt is tamper-evident via hash chain. 7. Reproducibility boundary. Same input + same rules + same key → byte-identical output. 8. No undeclared meaning. Receipt declares profile, rules, extent. WHY THIS IS A PROTOCOL INSTRUMENT, NOT A UTILITY Most anonymization tools are utilities: input → output, trust us. Anonymize is a protocol instrument: input → output + audit receipt + hash chain + declared profile + re-runnable rule set. The releaser can hand the receipt to their editor / IRB / compliance officer and the receiver can verify. The receiver doesn't have to trust Anonymize; they can rerun the same inputs through the same rules and confirm the same output byte-for-byte. This matches the core AURiX constraint: no trust required. Show the mechanism; the receiver decides. CONCLUSION Anonymize makes safe release of a corpus a one-command operation for the releaser, an audited operation for their reviewer, and a structurally verifiable operation for anyone later auditing the release. The profiles encode sector expertise the releaser doesn't need to carry. The receipt encodes accountability without requiring good faith. The hash chain encodes tamper-evidence without requiring a third-party witness. The word is Anonymize. Not obnubilate. Plain words over fancy. ================================================================================ END OF WHITEPAPER ================================================================================