Online anonymity has never been more sought after and, at the same time, never more elusive.
Though the Snowden leaks woke the world to the prying eyes of government snoops and helped popularize services for people to cover their tracks on the Web, we are living in a time when governments around the world are deploying sophisticated technologies for digital eavesdropping.
Governments aren’t the only hurdles, either. In a world where data is money, anonymity is an enemy to online marketers, advertisers, and big tech companies that earn billions to monitor, track, and profile Internet users.
While online anonymizing tools may protect against many accidental and even malicious eavesdroppers, there’s no guarantee of completely avoiding the new array of surveillance capabilities, says Dan Kaminsky, chief scientist at New York-based security vendor White Ops.
“Absolute anonymity is not a particularly achievable thing,” says Mr. Kaminsky.
One dramatic example is Operation Onymous involving the recent takedown of more than 400 allegedly illegal websites operating on the Tor network by an international coalition of law enforcement agencies from the US and the European Union. Tor is widely acknowledged as the strongest anonymizing service on the Internet.
That operation was the second time in recent months that law enforcement has been able to uncloak sites operating on Tor. The first time was last fall, when they similarly managed to take down online black market Silk Road.
Those takedowns show that given enough time and resources, even people using a service such as Tor can be found out.
The increasing difficulty to hide on the Web isn't just bad news for people seeking anonymity for illicit activities. Digital rights advocates see these developments as having a chilling effect on potential whistleblowers or stifling opposition movements in places like China and Iran or on American activists who may have good reasons to keep their pursuits secret.
The privacy paradox
Anonymity is especially difficult to maintain over a sustained period of time, says Jeremy Gillula, a staff technologist at digital rights advocacy group Electronic Frontier Foundation (EFF) in San Francisco. It's one thing to use a cloaking service to send an anonymous e-mail. It is a completely different matter to sustain those activities on a continuous basis, especially if someone is looking for such activity, says Mr. Gillula.
That’s because every single interaction on the Internet creates a potential for some digital crumb to be left behind in the form of an IP address, a geolocation, device configuration details, or other metadata sufficient to unmask a user’s real ID. Researchers at EFF have shown how even your browser has a unique fingerprint that allows a website to identify your device with surprising accuracy regardless of whether cookies are enabled or not, says Gillula.
Often all it takes is one inadvertent error to compromise an anonymous operation.
“If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, you’ve permanently attached your name to whatever anonymous provider you’re using,” says security guru and cryptographer Bruce Schneier, who writes extensively about data tracking in his upcoming book, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.”
In 2013, security firm Mandiant was able to link cyberattacks against US assets to military hackers in China because the hackers made the mistake of accessing their Facebook accounts from the same computers that were used to launch the attacks, Mr. Schneier says in his book. Similarly, Paula Broadwell, who had an affair with former CIA director David Petraeus, took extensive measures to hide her identity but was ultimately tripped up by metadata footprints left by e-mails she sent on her home computer, he notes.
Somewhat paradoxically, using anonymizing services such as Tor is also the best way to attract attention to yourself if what you are actually trying to do is lie low. In a sense it is almost like using Google to search for instructions on how to make a pipe bomb or make contact with the ISIS terror group.
Law enforcement agencies have a tendency to view people who use such services with suspicion and it can mean they will keep a closer eye on your activities, says Kaminsky. “You have identified yourself as an interesting person and now they are watching all that you do.”
Still, Snowden’s revelations have spurred interest in tools such as Tor, Tails, Orbot CyberGhost VPN, DuckDuckGo, and Guerilla Mail that increase the ability for individuals to maintain a level of privacy on the web. Strong encryption technologies built into recent mobile operating systems from Apple and Google have also significantly boosted the ability of individuals to communicate with a degree of protection against eavesdroppers.
Such tools enable a high degree of privacy, says Ryan Lester, chief executive of Cyph, a brand new encrypted chat service based on the Off-the-Record (OTR) cryptographic protocol.
Cyph is designed to let people chat with each other without fear of their conversations being intercepted and read by a third party, says Mr. Lester, a former SpaceX engineer. It incorporates techniques like Perfect Forward Secrecy to ensure that previously encrypted communications remain that way even if the private encryption key is compromised.
The service lets anyone with a computer or a smartphone start a fully encrypted chat in about 30 seconds with no signup or application download required. The encryption behind it is so strong that it will take even the fastest supercomputers an impossibly long time to break, Lester says.
Privacy doesn't equal secrecy
Total anonymity remains a somewhat utopian dream. Services such as Cyph and many currently available tools enable a great deal of privacy, but not anonymity, Lester says. They protect against the contents of a chat conversation or an e-mail being read by an unauthorized entity. They do little however to conceal the fact that an encrypted chat or e-mail exchange took place in the first instance.
"We are not trying to solve the anonymity problem," Lester admits readily. If you text someone using Cyph, there's a good chance you'll attract attention from law enforcement or an intelligence agency simply because you are attempting to do something in secret. "There probably are some clever ways you can have perfect anonymity. But it is a much more difficult challenge to solve," than privacy, he said.
Other social media apps such as Whisper and Secret have built large user bases relatively quickly by promising people the ability to interact with each other in total anonymity. Thousands have used the apps to confess to everything from infidelities and relationship problems to grim battles with depression and post-traumatic stress.
In October, the Guardian published a disputed report claiming that Whisper, which touts itself as the “safest place on the Internet,” actually collects information that allows it to map at least the general whereabouts of its supposedly anonymous users and potentially even to identify them.
Just weeks earlier, researchers at Rhino Security Labs unearthed a flaw in the Secret app, that has since been fixed, that allowed them to identify users posting anonymous messages. The disclosures have focused considerable attention on the dangers posed to Internet users by hard-to-keep promises of anonymity by those purveying identity cloaking services.
Whisper and Secret are just among dozens of applications, operating systems, browsers, browser add-ons, ad blockers, virtual private networks and e-mail services that promise varying degrees of online anonymity.
Government vs. anonymity
Governments around the world tend to push back against efforts to make anonymity easier, arguing that an unfettered “Dark Web” would only enable money launderers, drug peddlers, pedophiles, terrorists and other bad actors to operate with impunity.
FBI director James Comey’s recent protests over the encryption offered by Apple and Google in their new mobile operating systems is one manifestation of that concern. Mr. Comey, like many others in law enforcement, worry that unbreakable encryption of any kind only frustrates legal electronic surveillance and makes it much harder for law enforcement to pursue and stop criminal activity on the Internet.
Similar concerns birthed the controversial Clipper Chip plan in the 1990s under which the US government tried to get manufacturers of communications equipment to install an eavesdropping, NSA-developed cryptographic chipset in their products. Privacy and civil rights concerns quickly scuttled the Clipper program. But that hasn’t stopped the government over the years from trying to use similar methods to weaken anonymizing technologies where possible.
The Snowden leaks have revealed how the NSA’s Tailored Access Operations (TAO) unit has been quietly working over the past several years to try and build backdoors in products from some of the world’s largest technology companies. Other documents have shown how the NSA may have succeeded in getting security vendor RSA to integrate an NSA-developed random number generator in one of its cryptographic products. NSA and its counterparts in other countries have also deployed various programs for harvesting and analyzing almost all traffic flowing over the Internet. Examples include the NSA’s phone metadata collection program and the FBIs PRISM program for gathering and analyzing user data from companies like Google, Facebook, Yahoo, and Microsoft.
In his upcoming book, Schneier notes how data correlation techniques make it easy to attach identities to seemingly anonymized data.
As an example, Schneier points to how researchers were able to identify many people in a Netflix dataset of 500,000 anonymized customers by comparing their movie rankings on Netflix with public rankings and time stamps in the Internet Movie Database.
“We might naively think that there are so many of us that it’s easy to hide in the sea of data. Or that most of our data is anonymous,” notes Schneier in a chapter from the book that he shared with Passcode. “That’s not true. Most techniques for anonymizing data don’t work, and the data can be reidentified with surprisingly little information.”