Airbnb has introduced a redesigned identity and connection model to support new social features in Experiences while enforcing stronger privacy boundaries across its platform. The company describes a system that separates internal user identity from externally visible profiles, enabling users to interact within shared activities without exposing global identity information. The changes align with Airbnb's broader push to expand social interactions around Experiences, where participants may not know each other, increasing the need for controlled identity exposure and stronger privacy guarantees.
According to Airbnb, the new model replaces a single global profile with multiple context-specific profiles tied to individual Experiences. Each profile represents a scoped identity that is visible only within a given context, such as a specific event or group activity. This approach prevents users from linking identities across different Experiences, effectively creating isolated social graphs rather than a unified global network. Access to profile data is determined by shared participation, ensuring that users can only view information relevant to their current interaction.
Context-specific profiles isolate user identity across different Experiences, preventing cross-context identity linkage (Source : Airbnb Blog Post)
The system is enforced through Airbnb’s internal authorization framework, Himeji, which applies relationship-based access control policies at runtime. These policies evaluate whether users share a common context before granting access to profile information. By shifting enforcement to the data access layer, the platform ensures consistent privacy guarantees across services, rather than relying solely on interface-level restrictions. This design reflects a broader architectural pattern in which identity exposure is governed by context and relationships rather than by static user attributes.
To implement the new model, Airbnb carried out a large-scale migration across its codebase to ensure that the correct identifiers are used in the appropriate context. The engineering team developed automated auditing tools to scan for patterns of user data access, generating a list of candidate locations requiring updates. These findings were mapped to owning teams based on repository structure, enabling coordinated execution across the organization. Engineers then performed manual reviews to determine whether each usage was internal or exposed externally, ensuring that changes preserved the intended functionality.
Airbnb also incorporated AI-assisted refactoring tools to accelerate the migration. These tools suggested code changes based on audit results, while engineers reviewed and validated each update before deployment. This human-in-the-loop process allowed teams to scale the migration while maintaining accuracy and protecting business logic. In a LinkedIn post, Joy Jing noted that the system was designed to support social interactions without compromising user privacy.
The migration required collaboration across engineering, product, privacy, and legal teams to align on identity semantics and rollout priorities. This coordination enabled consistent adoption of the new model across services and ensured that privacy constraints were enforced as new social features were introduced.