CAT | Anonymity
Paying for anonymity is a tricky thing, mostly because on-line payments are strikingly non-anonymous. The default payment mechanism on the Internet is the Credit Card, which generally requires hard identification. There are anonymous pre-paid cards, but they are getting harder to find, and most pre-paid cards are requiring registration with real name and (in the US) social security number.
We are working on supporting Bitcoin which provides some anonymity, but not as much as you might think. New tools for Bitcoin anonymity are being developed, so this situation may improve, and other crypto currencies are gaining traction as well.
When it comes to anonymity, cash is still king. Random small US bills are truly anonymous, and widely available (1996 study showed over half of all physical US currency circulates outside the country). While non-anonymous payments only allow Anonymizer to know who its customers are, not what they are doing, that information might be sensitive and important to protect for some people.
That is why Anonymizer accepts cash payments for its services. Obviously it is slower and more cumbersome, but for those who need it, we feel it is important to provide the ultimate anonymous payment option. If you are looking at a privacy provider, even if you don’t plan to pay with cash, take a look at whether it is an option. It could tell you something about how seriously they take protecting your privacy overall.
Here is more evidence that, if a service has access to your information, that it can get out. In this case the privacy services Whisper and Secret have privacy policies that say they will release messages tied to your identity if presented with a court order, but also to enforce their terms of service and even in response to a simple claim of “wrongdoing” (whatever that might mean).
Anonymizer has no logs connecting user activity to user identity, thus we don’t have these problems.
Janet Vertesi, sociology professor at Princeton, recently tried an on-line experiment. She had just discovered that she was pregnant, and wanted to see if it would be possible to hide that fact from “big data”. Could she prevent advertisers and social media companies from discovering this one fact, and using it to profile and target her.
Janet only tried to hide this one fact. She used pre-payed payment methods, TOR anonymity tools, and took great pains to prevent her “friends” from mentioning the pregnancy on any social media platforms. She had already opted out of using Gmail, which would have been scanning her emails as well.
While she was able to be reasonably effective, the effort and cost involved was significant, and there were some slips from within her social network. This is a great demonstration of the idea that you really need to be specific about what it is you want to hide. The personal and social costs of trying to stay “off the grid” completely are completely unacceptable for most people. The more you can identify and isolate just the individual facts or activities you want to protect, the easier it is and the more likely you will succeed.
On Monday, Dec 16, during final exams, someone sent an email to Harvard University administrators saying that there were bombs in two of four named buildings on campus. The threat was a hoax to get out of final exams. The sender used TOR and Guerrilla Mail, a disposable email address service, to hide his identity.
Despite that, police quickly identified Eldo Kim, he confessed, and was arrested. So, why did the privacy tools fail?
According to the FBI affidavit, the lead came from Harvard University, which was able to determine that Mr. Kim had accessed TOR from the university wireless network shortly before and while the emails were being sent.
This is really a case of classic police work. A bomb threat during finals is very likely to be from a student trying to avoid the tests. A student trying to avoid a test is unlikely to have the discipline to find and use a remote network. Therefor, the one or hand full of students using TOR at the time of the email are the most likely suspects…. and it turns out that they are right.
This case provides some important lessons to the rest of use who are trying to protect our identities for less illegal reasons.
First, clearly the Harvard Wireless network is being actively monitored and logged. It is reasonable to assume that your ISP or government might be monitoring your activities. One way to reduce correlations of your activity is to use privacy tools all the time, not just when you need them. This provides plausible deniability.
After all, if you never use such services, except for ten minutes exactly when some message was sent, and you are a likely suspect, then the circumstantial evidence is very strong. If you are using them 24/7, then the overlap says nothing.
Second, if Mr. Kim used anonymous email, how did they know he used TOR to access the email service? Because GuerrillaMail embeds the sending IP address in every outgoing email. The service only hides your email address, not your IP. In this case, they must have embedded the IP address of the exit TOR node. Even if they had not embedded the IP, GuerrillaMail keep logs which would have been available to the FBI with a warrant.
The lesson here is to look closely at your privacy tools, and to understand what they do protect and what they don’t.
The most important takeaway is that there is no privacy tool which will let you turn it on and turn off your brain. You always need to be thinking about what you are hiding, from whom, and how much effort they are likely to expend in finding you.
If you are hiding your IP address to get a better price on airline tickets, the threat is very low across the board. If you make terrorist threats, it is very hard to stay hidden afterwards.
Welcome to the February edition of The Privacy Blog Podcast. In this episode, I’ll discuss a topic that caught me by surprise in the recent weeks – the dark alleys of the Internet aren’t as scary as we once thought. According to Cisco’s Annual Security Report, the most common, trusted websites we visit everyday have the highest overall incidents of web malware encounters. For example, Cisco reports that online advertisements are 182 times more likely to infect you with malware than porn sites.
Secondly, I’ll be talking about corporate anonymity issues, where the stakes are often extremely high due to real dollar-losses corporations could face. A few examples I’ll hit on are: competitive pricing research, search engine only pages for spoofing search results, trademark infringement, and research and development activities.
Hope you enjoy the episode. Please leave feedback and questions in the comments section of this post.