Anonymity is only as stong as the group you are hiding in

Unknown known

Your Anonymous Posts to Secret Aren’t Anonymous After All | Threat Level | WIRED

This article describes a clever attack against Secret, the “anonymous” secret sharing app.

Their technique allows the attacker to isolate just a single target, so any posts seen are known to be from them. The company is working on detecting and preventing this attack, but it is a hard problem.

In general, any anonymity system needs to blend the activity of a number of users so that any observed activity could have originated from any of them. For effective anonymity the number needs to be large. Just pulling from the friends in my address book who also use Secret is way too small a group.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Privacy in Chrome and IE8

Both Microsoft's new beta of IE 8 and Google's beta of their new browser Chrome tout new enhanced privacy features. I have seen a few articles like this one, that talk about this issue. The Safari browser has had these features in the production version for a long time. Privacy is a complex multi-headed beast. All of these browsers address one privacy concern while ignoring others. These browsers protect you from risks associated with the stored local data about your web browsing activities. Normally, browsers keep a history of recently visited URLs, a cache of recently visited pages (for faster retrieval) and cookies from the websites you have visited (possibly not at all recently). These browsers enable you to take control of what is recorded by your browser, and how long it is kept. This is a good and important development.

These new security capabilities do nothing to protect you from information gathering by the sites you visit, or from your ISP (see my previous post on that). Your IP address is still completely visible to any site you visit, ISPs can still intercept all your traffic.

These new privacy features are an important part of a user's toolbox, but they should not give one a false sense of security. They are part of the solution, but not a complete solution.