The Privacy Blog Podcast – Ep. 5: The Dark Alleys of the Internet & The High Stakes of Corporate Anonymity

Welcome to the February edition of The Privacy Blog Podcast. In this episode, I’ll discuss a topic that caught me by surprise in the recent weeks – the dark alleys of the Internet aren’t as scary as we once thought. According to Cisco’s Annual Security Report, the most common, trusted websites we visit everyday have the highest overall incidents of web malware encounters. For example, Cisco reports that online advertisements are 182 times more likely to infect you with malware than porn sites. Secondly, I’ll be talking about corporate anonymity issues, where the stakes are often extremely high due to real dollar-losses corporations could face. A few examples I’ll hit on are: competitive pricing research, search engine only pages for spoofing search results, trademark infringement, and research and development activities.

Hope you enjoy the episode. Please leave feedback and questions in the comments section of this post.

Have you seen your digital footprint lately?

A Guest Post by Robin Wilton of the Internet Society  

We are the raw material of the new economy. Data about all of us is being prospected for, mined, refined, and traded...

 

. . . and most of us don’t even know about it.

 

Every time we go online, we add to a personal digital footprint that’s interconnected across multiple service providers, and enrich massive caches of personal data that identify us, whether we have explicitly authenticated or not.

 

That may make you feel somewhat uneasy. It's pretty hard to manage your digital footprint if you can't even see it.

 

Although none of us can control everything that’s known about us online, there are steps we can take to understand and regain some level of control over our online identities, and the Internet Society has developed three interactive tutorials to help educate and inform users who would like to find out more.

 

We set out to answer some basic questions about personal data and privacy:

 

  1. Who’s interested in our online identity? From advertisers to corporations, our online footprint is what many sales driven companies say helps them make more informed decisions about not only the products and services they provide - but also who to target, when and why.

 

  1. What's the real bargain we enter into when we sign up? The websites we visit may seem free - but there are always costs. More often than not, we pay by giving up information about ourselves – information that we have been encouraged to think has no value.

 

  1. What risk does this bargain involve? Often, the information in our digital footprint directly changes our online experience. This can range from the advertising we see right down to paying higher prices or being denied services altogether based on some piece of data about us that we may never even have seen. We need to improve our awareness of the risks associated with our digital footprint.

 

  1. The best thing we can do to protect our identity online is to learn more about it.

 

The aim of the three tutorials is to help everyone learn more about how data about us is collected and used. They also suggest things you need to look out for in order to make informed choices about what you share and when.

 

Each lasts about 5 minutes and will help empower all of us to not only about what we want to keep private, but also about what we want to share.

 

After all, if we are the raw material others are mining to make money in the information economy, don't we deserve a say in how it happens?

 

Find out more about the Internet Society’s work on Privacy and Identity by visiting its website.

 

* Robin Wilton oversees technical outreach for Identity and Privacy at the Internet Society.

A new "modest proposal" for the Internet

In the tradition of Jonathan Swift's "A Modest Proposal" is "The Dictator's Practical Guide to Internet Power Retention, Global Edition".

Under the pretext of being a guide on how to crack down on Internet dissent for dictators, it does a nice job of analyzing how the Internet is used by dissidents, and the techniques used by governments to crack down on those practices.

Thanks to boingboing for bringing this to my attention.

My philosophy on privacy and anonymity

I have recently seen chatter suggesting people are confused about my thinking and allegiances on various privacy issues. First, a few core beliefs that form the axioms underlying my actions and positions.

I believe that:

  • The basic design of the Internet and the protocols that run on top of it make it the most privacy hostile major communications media ever used.
  • Censorship and widespread surveillance are inimical to free speech and free expression.
  • Personal privacy is critical to our social, societal, and mental health.
  • There are criminals, terrorists, and governments whose activities will undermine the quality of life for myself, friends, and family.
  • Law enforcement and intelligence organizations are a necessary part of a functioning society.
  • Governments and other organizations are made up of real people with real and diverse opinions and are not monolithic entities and edifices of conformity.
  • If data is valuable to someone, and is sitting around in a database or other storage, it is very likely to be compromised at some point, in some way.

So, these basic tenants lead me to take the following opinions:

Individuals need the ability to robustly protect their privacy when engaging on-line. While not all areas of the Internet are appropriate for anonymity (I really want my bank to make sure it is me accessing my accounts), anonymity / pseudonymity should be an option in most social spaces on the Internet.

Not only are most websites not inclined or incentivized to help you be anonymous, but the very structure of the Internet encourages detailed logging such that creating anonymity friendly systems is quite hard.

All providers of privacy services are fundamentally saying “trust me and I will protect you.” Any claims about how a service works rely on the operator to have actually implemented the system as claimed. At the end of the day this is only backed up by the reputation of the operators of those systems. Choose wisely.

Criminals and other “hostiles” are indiscriminate in their use of technologies. They will use the best tool for any job. The Internet is no exception to this rule. While there is a long history and extensive precedent for plain clothes and under cover police and intelligence activities in the meatspace, the same is not true for cyberspace. Yet, the same need applies. If one is trying to engage with a criminal on the Internet, doing so as a law enforcement officer, from known law enforcement IP addresses is going to imperil the investigation at the very least.

What does this mean for me and how I comport myself?

I have chosen to very publicly back the Anonymizer.com privacy services with my personal reputation. I have been active in the personal privacy space since I started running anonymous remailers as a grad student in 1992. I have been creating new privacy services since I wrote Mixmaster in 1993. I created the “Kosovo privacy project” during the Kosovo conflict to enable people in the country to report on atrocities going on. I have provided multiple anonymity and anti-censorship tools for the Chinese and Iranian people, protecting hundreds of thousands of their citizens against their own country. Human rights and free speech are passions of mine. Anonymizer.com itself has protected countless numbers of users of its services. In all that time there has never been a case where we have violated the privacy assurances we have made to our customers. This is not because we have not been tested. Anonymizer is regularly subpoenaed for information on our customers’ activities. Compare this to a relative newcomer “HideMyAss.com.” They, as it turns out, did keep logs and were compelled to compromise the privacy of a member of LulzSec. There are numerous examples of TOR exit nodes monitoring and even altering traffic. With a much longer and weightier track record, you will find no such incidents with Anonymizer. It is logically impossible to prove a negative, but our history speaks volumes. Anonymizer will never provide a back door or violate any of our privacy assurances while my name is attached to it. Reputation is hard to earn and easy to squander. It is my personally most valuable asset.

Law enforcement and other government entities need anonymity and pseudonymity tools too. In their cases the people trying to pierce the veil are often much more motivated, skilled, funded, and resourced, than those tying to identify ordinary individuals. It is not practical, reasonable, or desirable to have these groups simply ignore the Internet in the scope of their responsibilities I have been involved in the creation and operation of numerous tools to enable such organizations to do their jobs on-line as they do off-line. In working with these people I have discovered that they are “people.” They hold diverse opinions about privacy and anonymity. Many are personally closely aligned with my beliefs. They are also tightly constrained by legal limitations on what they can do. Watching my U.S. government customers struggle with their legal departments to do even the simplest and most innocuous activities, while very frustrating, makes me sleep much better at night.

While there have certainly been times when the U.S. Government has overstepped its authorities, they are rare, and we know about these because they came out. The diversity of people in these organizations makes any of the grand conspiracies I see discussed on the Internet absurd on their face. Secrets are either known by very few people and thus limited in scope, are reasonable to just about everyone who all agree they should be kept secret, or will get leaked or blown in some way.

Some users of my personal / consumer privacy services see themselves as in opposition to some or all of my corporate or government users, and vice versa. I think both are important and I protect the anonymity of all of my customers equally. There is no “crossing of the streams.” None of my customers get any special insight into the identities or activities of any of my other customers. As above, there are no secrets like that which would last very long, and it would destroy my reputation.

Honor, reputation, and a man’s word being his bond may be very old fashioned ideas these days, but they carry great weight with me. I hope this clarifies where I stand.

Printers watermark your documents

It has long been known in security circles that many printers embed nearly invisible watermarks in all printed documents which uniquely identify the printer used. SpringyLeaks reports that a recent FOIA request revealed the names of printer companies who embed such markings and have worked with law enforcement to identify the printers used in various cases.

The article also suggest that these watermarks can be used to aid reconstruction of shredded documents.

FBI: Anonymity implies terrorist

The FBI in conjunction with the Bureau of Justice Assistance and Joint Regional Intelligence Center have produced a number of fliers to help the public identify possible terrorists. While some of the points have merit, it is very likely that this will generate an extremely high proportion of false alerts based on perfectly reasonable and legal behaviors.

A big red flag for me were the fliers for cyber cafes and electronics stores. These suggest that the use of privacy protecting services, like Anonymizer, should be deemed suspicious. They also call out Encryption, VoIP, and communicating through video games.

In almost all of the fliers they suggest that wanting to pay cash (legal tender for all debts public and private) is suspicious.

Thanks to Public Intelligence for pulling together PDFs of the documents.

Internet Cafe flier.

Electronics Store flier.

Anonymizer Survey: Anti-virus and Firewall popular but ineffective privacy protectors

Anonymizer just released the results of a new survey of people's use of privacy protecting technologies. The short answer is that the old standards, anti-virus and firewalls, are widely used. Unfortunately they don't actually do much to protect your privacy. They are more about security.

For full details, read the article.

Facebook says “Anonymity on the Internet has to go away”

Randi Zuckerberg, marketing director and co-founder of Facebook said:

I think anonymity on the Internet has to go away… People behave a lot better when they have their real names down. … I think people hide behind anonymity and they feel like they can say whatever they want behind closed doors.

<irony> This of course explains why no one is a jerk or a bully on Facebook. </irony>

I have been doing this Anonymity thing for much longer than Facebook has existed. I have seen the debates and watched the reality. I am convinced that the problem is that most Internet spaces are impersonal, rather than that they are anonymous. People will be outrageously rude and offensive online while being unfailingly courteous in person, even if both situations are in real name.

In reality, most "real world" interactions are functionally anonymous, yet most of us behave most of the time.

I won't even get in to how terrible her idea would be for people under repressive regimes.

Facebook: “Anonymity on the Internet has to go away” | ZDNet

 

The difficulty of identifying attackers on the Internet and why it is impossible to fix.

This article in Scientific American does a nice job of describing why it is difficult to track attacks back to their true origins. This essay by Bruce Schneier goes farther arguing that it is fundamentally impossible to create an Internet without anonymity.

The core point of both articles is that identifying the computer that a given packet came from is not the same as identifying the sender. The computer could be a server set up to enable anonymous communications (like Anonymizer.com), it could be a compromised computer (like part of a botnet), or even a server run by the attacker purchased using pre-paid or stolen credit cards.

Whatever the mechanism, it will always be possible for attackers to hide their identities and activities. The real question is the degree to which we are willing to design the Internet to make tracking and monitoring of citizens easy for repressive regimes.

Using Language Patterns to Pierce Anonymity

Thanks to Bruce Schneier for linking to this interesting article on using patterns in language to identify the author of emails. While the technique would not allow them to identify your anonymous emails in an ocean of others, that is rarely the real world threat scenario.

In many cases there is a relative hand full of likely authors of a given email or group of emails. It is often possible to gather large samples of emails known and acknowledged to be from the likely authors. In that case this technique has a small group of targets and excellent training materials which allow for very high levels of accuracy (the authors of the paper claim 80% - 90%). That is probably enough to get a warrant to search your home and computers.

Unless you have been unusually careful, the gig is probably up by then. Remember, this might not be for criminal matters. It many cases this would come up in whistle blowing or other non-criminal situations.

Debate about activist need for anonymity on Facebook

Amid unrest, a hard new look at online anonymity | The Social - CNET News:

This article takes an interesting look at the issues with Facebook's true name policy and the impact it has on activists and dissidents in repressive countries. It quite rightly talks about the fact that for most of the history of the Internet use of "screen names" was the default.

The odd thing about this debate is that there is basically no authentication of the names used. Many people assume that since most users are under true name that all of them are. It is trivial to set up a new account with a plausible name which can not be traced back to the real user.

I would hope that dissidents, activists and others at risk would take advantage of this simple capability to protect themselves. Yes, this is in violation of the terms of service, but I think it is for a much greater good.

If you choose to do this, take care with who you friend under this alias. If the social network you create matches your real one, or that of another account, it may be very easy to unmask your identity.

Reader question on privacy software

A reader of this blog recently emailed me to ask:

What s/w do you recommend to keep anonymous while using Gmail, IE, Outlook, and Facebook on a laptop?

This is actually a very tricky question because the nature of all of these tools, except Internet Explorer (IE), is to be associated with a visible and discoverable account and identity in the "cloud". I will discuss IE last and separately.

Gmail ties to your gmail and other Google accounts. Outlook ties to some existing email account at some email provider. Facebook is tied to your Facebook account and is explicitly designed for making your information public.

The profound question here is, what do we even mean by being anonymous using these services? I would argue that the best one can manage is to be pseudonymous; that is to maintain a persistent and visible pseudonym / alias which, while discoverable, is not associated with your true identity.

Fortunately Gmail and Facebook are free and typically do not require any real credentials to set up an account, and many of the free email providers work similarly. Using Anonymizer Universal (AU), and a browser with no history or cache to set up the accounts would ensure they were not connected to your real identity. It is important that the accounts never be accessed in any way except through AU, or they will be forever after associated with your real IP address. Furthermore, it is critical that the browser used is never used for any activity connected to your real identity, or the cookies and other digital detritus in your browser may allow these sites (or other folks) to tie the pseudonym to your other real name accounts.

IE is in many ways the easiest because there is no underlying account, but all the same rules apply. You need to ensure that you isolate your anonymous or pseudonymous activity from your real name activity.

For all of this activity a virtual machine can be a very effective tool. For example, if you use a Mac you can use a virtual machine running Windows or Linux for all of your alias activities and use the normal operating system for your real name activities. Similar tools exist for other operating systems.

Eric Schmidt against Anonymity

In this interview with Eric Schmidt, CEO of Google, comes out very strongly against anonymity starting at about 5:10 in the video. His argument is that: "If you are trying to commit a terrible evil crime it is not obvious that you should be able to do so with complete anonymity." The problem is that absolute and complete anonymity is easy for criminals. There is a robust economy in stolen account, botnets, stolen credit cards, open networks and other capabilities that enable absolute anonymity for anyone willing to violate the law. It is only anonymity for the law abiding that is difficult, and the reason Anonymizer exists. Arguing against anonymity is, for all practical purposes, only arguing against anonymity for legitimate purposes while it thrives for illegitimate purposes.

I will spare you the lecture on the history of anonymity and anonymous speech dating back to the founders of the United States.

BTW, this was delayed for a while while I struggled with getting embedding working within WordPress. It seems to be working now on FireFox, but not when I view in Safari. Please comment with how I am being stupid if you know what is going wrong.

Google president opposes anonymity.

In an interesting CNET article Google CEO Schmidt talks about how new technologies are going to impact society. One of his comments really struck me. Schmidt said that the only way to handle the new technologies is "much greater transparency and no anonymity." I have not seen the arguments and evidence behind such a bold claim. I would have argued exactly the opposite. We need MORE anonymity for users and more transparency and accountability from data collectors like Google.

ISPs will attach your ZIP to all web requests

This Article on Wired.com is about an initiative by Juniper Networks in collaboration with Feeva to sell a new tracking technology to ISPs.

The enhanced router would be sold to ISPs and will automatically insert your ZIP+4 into HTML headers. This will allow marketers to have much more accurate information about the user's physical location.

They claim that the "consumer is not in any way stripped of their privacy" but fail to actually explain how that is the case. The point is for ISPs to get a piece of the advertising pie. The ZIP will be encoded, not sent in the clear, but will be available to some undefined set of "trusted third parties". That does not give me much comfort.

I have seen many examples of websites which charge different prices based on where you live, or otherwise restrict access to web pages. This kind of targeting does not help me at all. If I want to be located, I have many ways of explicitly telling the site where I am.

This is another example of why you can't trust your ISP. Their interests are not the same as yours. They have a strong incentive to track and monetize your activity.

Fortunately it is easy to take back control. If your traffic is encrypted within a VPN, then the ISP will be unable to insert this information. It gives you the absolute ability to enforce your own "opt out" even if the ISP does not want to give you the option. Anonymizer Universal(TM) provides an easy tool to accomplish this.

 

TOR may actually reduce your privacy

WikiLeaks seeded its database of documents by intercepting traffic through a TOR node they were operating.

This article at Wired highlights an almost buried section of this New Yorker interview with one of the founders of WikiLeaks.

Before the WikiLeaks site went live, the founders noticed that hackers were transferring stolen government documents over the TOR network. They captured over a million of these documents to form the initial core of the WikiLeaks archive.

This shows once again what I have been saying for a long time. Any privacy system that allows any untrusted and unknown person to become part of the infrastructure and have access to cleartext information is fundamentally flawed.

Any person with malicious intent can easily set up a TOR node and begin exactly the same kind of data collection that the WikiLeaks folks practiced.

Reputation is everything in this business. It is not practical for typical individuals to properly vet their providers. Track record, reputation, and respected third party endorsements are your best bet when choosing a privacy or security provider. Look for those for everyone who has access to your information.

Privacy and Corporations at CFP Conference

I am very excited to be organizing a couple of panels at this year's "Computers Freedom and Privacy" (CFP) Conference in San Jose June 15-18.

Historically the conference has focused on personal privacy / freedom issues, technologies, and policies. That was certainly my focus as well when I started Anonymizer. Over time I have become aware of some other aspects to the privacy issue that I have not seen discussed. In addition to corporations impacting privacy of their customers, users, employees, etc. they also have issues and needs for privacy themselves.

Companies activities are monitored, analyzed, blocked, misinformed, and censored. While these have analogs in the personal privacy world, the details, impacts and scale, and solutions to the problems are often very different.

I am organizing a panel to discuss these issues at the conference and would love to hear from others who may have experienced these kinds of issues and would be willing and able to share them at this conference.