The Privacy BlogThoughts on privacy, security, and other stuff.

Mar/11

15

Using Language Patterns to Pierce Anonymity

Thanks to Bruce Schneier for linking to this interesting article on using patterns in language to identify the author of emails.

While the technique would not allow them to identify your anonymous emails in an ocean of others, that is rarely the real world threat scenario.

In many cases there is a relative hand full of likely authors of a given email or group of emails. It is often possible to gather large samples of emails known and acknowledged to be from the likely authors. In that case this technique has a small group of targets and excellent training materials which allow for very high levels of accuracy (the authors of the paper claim 80% – 90%). That is probably enough to get a warrant to search your home and computers.

Unless you have been unusually careful, the gig is probably up by then. Remember, this might not be for criminal matters. It many cases this would come up in whistle blowing or other non-criminal situations.

· · · ·

5 comments

  • N · March 27, 2011 at 12:48 am

    Anonymizer was made to release e-mail addresses of its subscribers?

    “(a) Within ten days following the PRELIMINARY APPROVAL DATE,
    ANONYMIZER shall provide the SETTLEMENT ADMINISTRATOR with a list of all the
    email addresses it received in connection with the registration of the ANONYMOUS SURFING
    SERVICE.”

    https://anonymoussurfingsettlement.com/More_Information/Court_Documents.aspx
    “Settlement Agreement and General Release” document.

  • Author comment by lance · March 27, 2011 at 4:31 am

    This was related the settlement of a class action lawsuit claiming that we had been unclear on our retail packaging about our service being a subscription.

    The settlement administrator is a neutral third party who was tasked with contacting all the members of the class to inform them of their rights and options. That party may not make any other use of the information. Only users who were part of the class, those who had purchased the boxed product in retail between certain dates, had their email addresses given to the settlement administrator.
    In reality, the fact that one is a subscriber to anonymizer (or any other service) is easily discovered by many parties. Certainly both your credit card company, and our credit card processor would know. Your ISP could easily see you connecting to the Anonymizer service. Your email provider would see billing and other related emails from us to our customers.
    Our focus is on making sure no one can know what you are doing when you are using Anonymizer rather than trying to hide that you are an Anonymizer subscriber at all. To be clear, we do not give or sell your email address to third parties for advertising or any purpose other than those directly involved in providing the services (our credit card processor for example).

  • N · March 27, 2011 at 2:01 pm

    Thank you for clarifying, Lance.

  • Anonymous · April 18, 2011 at 4:41 pm

    I have a general question. I use Universal and when I look at my activity with Wireshark, it shows my search queries in plain text (NBNS) – is this a vulnerability?

  • Author comment by lance · May 7, 2011 at 7:33 am

    Where were you running wireshark? If in your computer then you probably got it before it went in to the tunnel so no problem. If on another computer then your system may be misconfigured so the traffic is not going down the tunnel at all. If the latter, please contact tech support.

Leave a Reply

<<

>>