While trying to solve the problem of anomaly detection in accesses to a public cloud resource to identify troubling accesses, I think I have convinced myself that privacy and security are mutually exclusive.
From the lawsuit that killed the second Netflix prize, and subsequent research (Naren Ramakrishnan, Benjamin J. Keller, Batul J. Mirza, Ananth Y. Grama, George Karypis (2001). "Privacy Risks in Recommender Systems". IEEE Internet Computing (Piscataway, NJ: IEEE Educational Activities Department) 5 (6): 54–62. ISBN 1-58113-561-0) into user identification, it appears to me that you can't solve security on a public resource without violating privacy.
Is there research that proves this one way or another?