Insomnia (insomnia) wrote,

The illusion of online privacy.

markpasc mentioned a way to use LJ as a type of Invisiblog, which would, according to Invisiblog's creator, give "political activists, independent journalists, whistleblowers -- anyone who is prevented from publishing by repressive laws or threats of violence" a secure, anonymous voice on the Internet.

My response to this is that yes, while pisting through Invisiblog is secure and anonymous, it *ISN"T* what is really needed -- it isn't safe.

In order to create any weblog, you can pretty much depend on facing at least seven security risks :

1> Computer access.
2> Internet access.
3> An account name.
4> A password.
5> An email address.
6> Content.
7> A personality.

Based on my experiences tracking down "anonymous" users for online abuse cases, I can say quite definitively that what Invisiblog is offering is just an illusion of security, and a pretty dangerous illusion for those who don't know better.

PGP and "untraceable" publishing via Mixmaster aren't going to help you much, if at all... because -- like posts made to existing services like Blogger, LiveJournal, etc. -- they are all pretty much equally insecure. The reason for this is simply because your greatest security threat isn't how you post to your weblog; your greatest security threat is you.

For those who know how to sift through it, content on a weblog gives away far more clues to a person's identity than the computer you use, its IP address, your account name, email address, password, etc. Anonymous posting only covers a small fraction of your security concerns, and there isn't a single service out there that cannot theoretically be subpoenaed for your information. Really, though, the amount of information that a service like LJ has on its users is not substantially more than what the average reader has on them... often, there is no real difference at all.

The history of the internet has numerous examples of people who tried to be anonymous and who were eventually outed. (The Kaycee Nicole fiasco and Salam Pax are two that come to mind...) Infact, I cannot think of one single major "anonymous" poster who has remained anonymous for more than a year or so. The more someone posts, the easier it is to determine who they are. You are literally allowing people to profile you.

Of course, if you put up photos or offer someone a way to get ahold of you, that allows others to track your identity via where you store your pictures, and even opens the door to social engineering, which is a huge security risk. Good social engineers can get you to reveal all sorts of damaging information... and sometimes, just planting information which is never responded to is an effective way to determine an individual's secret identity.

Social engineering is just one of those security weaknesses that come from being a human. Webloggers don't operate in a void. A new weblogger -- even an anonymous one -- usually starts out by "introducing" themselves in one way or another, spreading the word to the world that they are out there. The first people they introduce themselves to (and who, in turn, tell others about them) are also the ones most likely to know who they are IRL. They can log who visits their site and determines who links to them... and all of that information can be used to determine who is running an anonymous weblog, even if the weblogger posts anonymously.

Ultimately, posting anonymously isn't enough. Surfing anonymously is also needed, as is not giving away personal information, keeping your online and real life world seperated, not mentioning knowledge that would only be known by a limited amount of people or by people in a certain location at a certain time, not making friends who can be used to expose you, not having "thumbprints" such as a handle or password you've used before, etc.

Webloggers are rarely an island to themselves, which is kind of the point, really. You can't expect to have perfect security when you are, after all, telling everyone about your life, about your browsing habits, about the web services you use and the sites you visit, etc. Sooner or later, you can expect to be found out, so long as someone has a reason to do so.

In short, your best chance at remaining anonymous on the internet is to post nothing of interest to anyone... because as soon as you do, you're fair game.

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.