2009-11-24

On Anonymity



This post is intended as a howto on internet anonymity. It was inspired by an article on
Wired about a man named Evan Ratliff who decided to try and vanish for a month. If someone was able to track him down, take a photo of him and say the codeword "fluke" would win a 5000$ prize. Here is a link to the article, Vanish (Warning it is a really long article). After having read it, I decided to write a guide on things you should know when trying to be anonymous online.

Important Note
This article is about anonymity, NOT Security!. This is an important distinction to make. Most of the time people need to be secure when they use the internet. Your password to banking sites needs to be secured, not the fact you are using a banking website.


Reasons to Want Anonymity
One of the biggest legal issues of the inter is whether internet users should have an expectation of privacy online. People that believe you should be allowed to obscure you identity online argue that a precedent exists in the real world, where you can do pretty much whatever as long as it is not illegal. Police aren't allowed to ask you to identify yourself without some probable cause, so why should it be any different online? Those against argue that being anonymous is a security risk, and that people use it to do evil things, like plan terrorist attacks and distribute child porn. But this debate is a whole other topic, so I'm going to focus on two reasons why I think you would want to use this.

  1. Fear of Repercussions
  2. For Fun


The first reason is entirely legitimate. Let's suppose that you work for some company who is doing bad things that are being kept secret from people who could stop them and you, being a good person, want to leak them some information, but are worried about your job. How do you act anonymously?
The second reason, for fun, is really why I know as much as I do. I wanted to see if I could do it, because maybe it will come in handy one day (disclosure: that's paranoid me talking). Mostly it's about education. Why shouldn't you know how to do this? But enough about reasons, let's get down to business.

Things that Leave Traces
I figure it is best to understand why you are using the tools I am going to tell you, but if that seems boring to you, skip down to the next section.
When you use the internet to check your email, or chat with people, you leave a ton of traces on your computer and all the other computers/routers that your information travels through on its way to do whatever it is it does. Here are the biggest things you have to worry about when trying to be anonymous:
1. IP address
2. Computer Traces (Cookies and logs)
3. ISP logs
4. Mac Addresses
5. Accounts

IP address.
When you use the internet, you are using a "stack" of protocols called TCP/IP. Each computer/device that uses the internet gets assigned an IP address. This is how your computer (the client) knows which computer to get information from (the server). BUT the computer you request information from has to know where to send the information, so a client always reports its IP address to the server. This fact can be used to track your.

Computer Traces
If you want to be anonymous sometimes you have to worry about leaving traces on the computer you are using. Some websites leave "cookies" on your computer which allow them to track your habits online. Of course being annonymous means that this is unacceptable. You also don't want your anonymous activity to show up in your browser history.

ISP logs
When you use the internet, somebody is acting as your “Internet Service Provider”. In Canada these are usually Bell or Rogers, but regardless who they are, they can track what you do online via logs for page requests that they may or may not be keeping. We are going to assume they are because

MAC Addresses
When your computer is communicating with other computers, sometimes you need a more permant way of identifying it compared to an IP address, which is liable to change. To overcome this, each network adapter on your computer (the wireless card, the ethernet card, the bluetooth radio, etc...) has a unique MAC address, an uniqueness is bad when you want to be anonymous.

Accounts

If you have an account on a website, it is pretty easy to track you, regardless of where you came from as it should be unique to you. The man from the wired article lost the challenge because he regularly used a fake facebook account. He made sure his connection to the account was anonymous, but once he logged in all the steps he had taken to be anonymous, were useless.

I will post the second part once I finish it on up on how to be annonymous.

ps I am sorry for the long delay.


No comments: