The Privacy BlogThoughts on privacy, security, and other stuff.

Jan/11

11

Reader question on privacy software

A reader of this blog recently emailed me to ask:

What s/w do you recommend to keep anonymous while using Gmail, IE, Outlook, and Facebook on a laptop?

This is actually a very tricky question because the nature of all of these tools, except Internet Explorer (IE), is to be associated with a visible and discoverable account and identity in the “cloud”. I will discuss IE last and separately.

Gmail ties to your gmail and other Google accounts. Outlook ties to some existing email account at some email provider. Facebook is tied to your Facebook account and is explicitly designed for making your information public.

The profound question here is, what do we even mean by being anonymous using these services? I would argue that the best one can manage is to be pseudonymous; that is to maintain a persistent and visible pseudonym / alias which, while discoverable, is not associated with your true identity.

Fortunately Gmail and Facebook are free and typically do not require any real credentials to set up an account, and many of the free email providers work similarly. Using Anonymizer Universal (AU), and a browser with no history or cache to set up the accounts would ensure they were not connected to your real identity. It is important that the accounts never be accessed in any way except through AU, or they will be forever after associated with your real IP address. Furthermore, it is critical that the browser used is never used for any activity connected to your real identity, or the cookies and other digital detritus in your browser may allow these sites (or other folks) to tie the pseudonym to your other real name accounts.

IE is in many ways the easiest because there is no underlying account, but all the same rules apply. You need to ensure that you isolate your anonymous or pseudonymous activity from your real name activity.

For all of this activity a virtual machine can be a very effective tool. For example, if you use a Mac you can use a virtual machine running Windows or Linux for all of your alias activities and use the normal operating system for your real name activities. Similar tools exist for other operating systems.

· · · · · · ·

7 comments

  • Jane · January 15, 2011 at 4:02 am

    It is a good question, what does one mean by “keeping anonymous”? I for example use a VPN to prevent my ISP from mainting a log of my online activity. I believe I have the right to what MY personal information is freely aviable to other organizations/people etc!

  • me · February 20, 2011 at 4:32 pm

    And is “Jane” a bot advertising the VPN service that’s in the URL behind the name “Jane”?

    How could one find out?

  • bsmaith · March 10, 2011 at 9:55 pm

    For lack of a better recent blog post to place this, I just noticed a change in the privacy policy that got me thinking. Under the section regarding “Privacy:Data Protection” I noticed an amendment concerning the level of monitoring on Anonymizer’s end. While in the past you have maintained that user activities are not monitored, except in cases of trouble shooting, which I do understand, the addition of

    “to maintain usage data to assist Anonymizer in debugging its system‚ investigating fraud‚ illegal use‚ abuse or other violations of the license terms”

    is a little concerning. Again, I understand the need to keep an eye on violations of ToS but the question becomes – how does one know to monitor a user for possible violations of the ToS without having first observed their activities to identify that they may have potentially violated them?

    Am I missing something here? I’d like to think so because it’s always seemed that Anonymizer has had the user’s privacy at the forefront, but this does seem to take a step backwards.

  • Author comment by lance · March 11, 2011 at 3:01 am

    There are many cases when such violation is obvious. Our firewall may show denial of service levels of traffic from a single source IP address, or we may notice that hundreds of different people are logging in to the same account from different locations every day. We have not changed our policy on logging user activity which could show which users have visited what websites and what they did there (which is what matters for privacy).

  • bsmaith · March 11, 2011 at 10:30 pm

    Thank you for the quick response and clarification Lance. That makes more sense than what was running through my mind and it is reassuring to see that Anonymizer is remaining true to its purpose. It appears that I had misinterpreted the statements in the privacy policy and I apologize for that.

  • Jason · April 28, 2011 at 5:06 am

    Many large websites don’t care much about your privacy. For a blacklist on sites that keep your data forever, see http://www.accountkiller.com/Blacklist – kinda uncanny that my Skype account can’t be deleted!

  • superb vpn · May 4, 2012 at 3:25 am

    A simple, but straightforward security method is to only keep sensitive information on removable storage media like portable flash memory drives or external hard drives. The most popular forms of security all rely on encryption, the process of encoding information in such a way that only the person (or computer) with the key can decode it.

Leave a Reply

<<

>>