Paste tabular data, mark the quasi-identifiers an attacker could link on, and the sensitive attribute you want to protect. This runs entirely in your browser and reports k-anonymity, l-diversity, and t-closeness with the exact equivalence classes that fail your thresholds.
| Quasi-identifier tuple | k (size) | l (distinct) | t (TV dist) | Status |
|---|
The tool splits your table into equivalence classes: sets of rows that share an identical combination of values across every selected quasi-identifier (QI) column. All three privacy guarantees are properties of these classes.
k-anonymity is the size of the smallest equivalence class. If k = 1, at least one QI tuple is unique, so linking it to an external voter roll or public record uniquely re-identifies a person. A dataset is k-anonymous when every class contains at least k indistinguishable records: k = min over classes of |class|.
l-diversity guards against attribute disclosure even when k is large. A class of 50 people is useless privacy if all 50 share the same diagnosis. This checker reports distinct l — the minimum number of distinct sensitive values found in any single class: l = min over classes of |distinct sensitive values|. Higher l means an attacker who locates the class still cannot pin down the sensitive value.
t-closeness tightens l-diversity by requiring each class's sensitive-value distribution to resemble the distribution across the whole table. We use the total variation distance, TV(P,Q) = ½ · Σ |P(v) − Q(v)|, comparing a class's local distribution P against the global distribution Q. The reported t is the maximum TV distance over all classes; small t means no class leaks a skewed, unusual concentration of the sensitive attribute.
A row fails your policy when its class violates any chosen threshold. Those classes are flagged risk below so you can generalize, suppress, or bucket the offending quasi-identifiers before release. Everything runs client-side over the exact rows you paste — a useful last gate before publishing a microdata file.