Strawcat (strawcat) wrote,
Strawcat
strawcat

Privacy and Anonymity on the Internet

     The expectation of privacy in everyday life is nothing out of the ordinary. We usually take for granted that we’re not going to be asked for identification when we buy something at the grocery store, that the postal post office is not going to verify that the return address on the mail we send is valid, or that our mailman is not going to read our mail. The ideal of privacy on the internet, however, is generally regarded to be somewhat quaint. E-mail is notoriously unprivate: since messages are sent as unencrypted text that usually pass through several relaying hosts before they reach their destination, administrators of any of these hosts can easily eavesdrop on this information (Eklund). Web servers can log the unique IP address of the users who access and exchange information on them. This information can be used to create market surveys that are sold to corporations, or to persuade ISPs to release personal information about the user associated with the IP address (Eklund; Palme, 2002). Another threat to privacy is that ISPs are able to create identity profiles on their users based on their internet activity (Eckert and Pircher, 2001).


     However, many people don’t want the things they say on the internet to be connected to their real identities, and there are good reasons why people would want to remain anonymous when using the internet. Anonymity can provide some of the same protection as privacy in the discussion of sensitive topics (such as medical and psychological matters), and can be used to voice political dissent without facing persecution in countries with repressive political regimes, or to avoid retribution when divulging information about misconduct that criminals, governments or corporations would want to suppress (Palme, 2002). Unfortunately, there is a darker side to anonymity in which it can also be used to cloak criminal or malicious activity on the internet, such as money laundering, drug dealing, terrorism, fraud, and preying upon the vulnerable, which ironically impinges on the privacy of other people (Armstrong and Forde, 2003). The proliferation of cyber-crime has prompted governments and security experts to create surveillance policies that further narrow the possibility for ordinary citizens to protect their privacy (Palme, 2002).


     To combat the growing threat to personal privacy, anonymizing services have been developed to make it possible to send messages anonymously. One type of such services is an anonymity server, which receives messages and re-sends them under an anonymous address. There are two types of anonymity servers: those that offer full anonymity since no identity information is forwarded with the message, and pseudonymous servers, which forwards the message under a pseudonym so that other people can reply to the original message without knowing the original address of the one who sent it (Palme, 2002). A problem with this single-proxy approach to achieving anonymity is that the anonymous server is vulnerable because it represents a single point that is open to failure or attack. If the server has to go down for maintenance or because it becomes the target of a denial-of-service attack, there is no back-up to continue services. There have been cases where corporations or other entities have pressured police to raid the location of such servers, forcing its administrators to reveal the identity of those who use the server for purposes they object to (Palme, 2002). With the high level of controversy surrounding anonymous servers, it is no surprise that they tend to have a short life-time (Eklund).


     These days people tend to prefer to use more advanced anonymizing services that utilize a network of proxies as the intermediary between the origin and destination of information. One method of this is called “onion-routing”, and one of its major manifestations is Tor. Tor works by allowing users to join a network of computers around the world that randomly exchange information between each other in an encrypted layered protocol before sending that information to its destination (Schneier, 2007). While all information within the network enjoys this level of encryption, it eventually passes though an exit node in an unencrypted form prior to arriving at its original destination. This means that whoever is operating the exit node potentially has access to all this information, especially if the original data going into the network isn’t protected by the original user’s own attempts to encrypt it, which happens to be the case most of the time (Schneier, 2007). For this reason, even the most sophisticated efforts to achieve anonymity on the internet presume that the administrators can be trusted and such attempts do not offer complete privacy.




Works Cited


Armstrong, H.L., and P.J. Forde. “Internet anonymity practices in computer crime.” Information Management & Computer Security 11:5      (2003):209-215.


Eckert, Claudia and Alexander Pircher. “Internet anonymity: problems and solutions.” Proceedings of the 16th international conference on      Information security: Trusted information: the new decade challenge (2001): 35-50.


Eklund, Esa. “Controlling and Securing Personal Privacy and Anonymity in the Information Society.” Helsinki University of Technology:
     Department of Computer Science. 5 April 2009 <http://www.niksula.hut.fi/~eklund/opinnot/netsec.html>


Palme, Jacob. “Anonymity on the Internet.” Stockholm University: Department of Computer and System Sciences. 30 July 2002. 5 April      2009 <http://people.dsv.su.se/~jpalme/society/anonymity.html>


Schneier, Bruce. “Lesson From Tor Hack: Anonymity and Privacy Aren't the Same”. Wired.com. 20 Sept. 2007. Wired Magazine. 5 April      2009 <http://www.wired.com/print/politics/security/commentary/securitymatters/2007/09/security_matters_0920>
Comments for this post were disabled by the author