Nameless
ANONYMITY, PRIVACY AND SECURITY ONLINE
Nameless
Š 2017 Yu Pan. All rights reserved. Designed by Yu Pan panyu91530@gmail.com No portion of this book may be reproduced in any form without permission from the publisher, except as permitted by U.S. copyright law. Printed in U.S.
01
ANONYMITY AND RELATED NOTIONS The definition of anonymity, privacy, identity and pseudonymity
01-15
02 16-29
03 30-43
SOME ASPECTS OF ANONYMITY Rationales for anonymity and identifiability, social, legal, ethical and technological aspects of anonymity
ANONYMITY IN THE DIGITAL WORLD Methods for improving privacy, characteristics of anonymity in the electronic world
04 44-63
THE FUTURE OF ANONYMITY The future of privacy on the Internet
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
INTRODUCTION This book constitutes a part of a seminar project on ‘Anonymity on the Internet’ at the Faculty of Law of the Catholic University of Leuven. It provides an attempt to define the concept of anonymity since a qualification of the right to anonymity needs a thoughtful approach of the concept itself, in proportion to other concepts such as ‘identity’, ‘privacy’ and ‘pseudonymity’. Moreover, the paper presents some aspects and notions of types and levels of anonymity in the electronic world. This approach of ‘anonymity’ mainly concerns digital communications and transactions. In today's electronic world almost every transaction, information exchange, or move a person makes can be observed or tracked. Most of the actions a person undertakes leave tracks in some log files. Information about persons is stored in databases for later use. Communication can easily be eavesdropped. Private files and mails stored somewhere can be accessed. A person can be observed. Private information, e.g. which web site the person has visited previous to the current request, can be obtained. It might even be possible to determine the location of the user. The modern electronic world poses many threats for our anonymity and privacy.
01
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
02
01
ANONYMITY AND RELATED NOTIONS The definition of anonymity, privacy, identity and pseudonymity
03
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
Anonymity means that the person does not reveal his or her true identity. Figure 3 describes different ways of staying anonymous. a) no information from which the identity can be determined is provided to the interaction party. b) a false identity, pseudonym is used. c) the identity of person b is used.
04
Definition of anonymity If one stays anonymous, no one can determine who you are, track you or monitor you. In the electronic world anonymity can be reached if records and transactions are anonymous, that is their data cannot be associated with a particular individual, either from the data itself, or by combining the transaction with data. Anonymity is a part of our every day life, since many of our everyday activities are more or less anonymous, e.g. different kind of phone or public enquiries can be anonymous, as also different barter and cash transactions. Observe the way of expression can one be really sure about total anonymity? Anonymity brings a certain kind of freedom. There are no burdens of your background, social status, or previous actions. No prejudices are possible. It enables people to do things and express themselves, as they would not do otherwise. There are many situations where a person would like to stay anonymous.
Problems with anonymity Since anonymous persons cannot be accounted for their acts, anonymity attracts illegal and otherwise suspicious activities. This is seen as a major threat, and is often used as an argument against anonymity. Another often used argument against anonymity is that many interactions, e.g. withdrawal of money from an account, require trust and credibility and this requires that the person needs to be identifiable. However, trust and credibility do not necessarily require that the user should be identified. In a similar manner as the person can have different identities, the user could use different accountable pseudo-identities in different occasions. The accountability would be guaranteed by a trusted third party.
05
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
“Information privacy is the privacy of personal information and usually relates to personal data stored on computer systems.”
06
Definition and aspects of privacy Privacy is a fundamental right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built. Privacy enables us to create barriers to protect ourselves from unwarranted interference in our lives, which allows us to negotiate who we are and how we want to interact with the world around us. Privacy helps us establish boundaries to limit who has access to our bodies, places and things, as well as our communications and information. The rules that protect privacy give us the ability to assert our rights in the face of power imbalances. Information privacy is the privacy of personal information and usually relates to personal data stored on computer systems. The need to maintain information privacy is applicable to collected personal information, such as medical records, financial data, criminal records, political records, business related information or website data.Information privacy is also known as data privacy.
01
02
Internet privacy
03
Financial privacy
Medical privacy
All personal data shared
Financial information is
All medical records are
over the Internet is subject
particularly sensitive, as
subject to stringent laws
to privacy issues. Most
it may easily used to
that address user access
websites publish a privacy
commit online and/or
privileges. By law, security
policy that details the
offline fraud.
and authentication systems
website's intended use of
are often required for
collected online and/or
individuals that process
offline collected data.
and store records.
07
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
08
The difference between anonymity and privacy Anonymity is very tightly bound to the concept of identity. When a person is anonymous he does not reveal his true identity. Privacy again is control of personal information and personal space. Let us now take a look at the relation between anonymity and privacy. Identity is something personal, it is part of you. Especially in the electronic world the identity is determined by providing a piece (or pieces) of personal information to others. If you are anonymous, but provide information about yourself or your behaviour is tracked, it might be possible to determine your identity based on this information or by referencing the information with other information including your identity.
Anonymity can be as a part of privacy. As stated in Anonymity is privacy of identity. We can also describe this the other way around. If the piece of information by which the user be identified is provided, data can be stored and later be referred to you.
Anonymity
Privacy Protection
Privacy Level
No
Yes
Possible to protect privacy to some extent
Yes
Yes
Possible to enhance privacy level
Yes
No
Not necessarily sufficient to guarantee privacy
Relation between anonymity and privacy
09
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
Definition of identity Identity is the data needed to allow one to track down somebody, for instance an old friend who shows up on the Internet. In this case, identity closely follows the dictionary definition which formulates the concept as the distinguishing character or personality of an individual. Digital identity can be defined as the digital information that creates the image of an individually identifiable person. Digital identity is the means whereby data are associated with a digital persona. The digital persona is the model of the individual established through the collection, storage and analysis of data about a person.
Functions of digital identity Dentification is the main function of digital identity. It is indispensable, as the other functions won’t apply without it. Roger Clarke, a scholar with a long professional interest in questions of identity, identification and privacy in the electronic world, describes it as a process whereby a real world entity is recognized, and its identity established. • to provide a gesture of goodwill • to develop mutual confidence • to reduce the scope for dishonesty • to enable each person to initiate the next round of communications • to enable each person to associate transactions and information with the other person
10
“Identities have a central role in our lives. With help of our own identity and the perception of other’s identity we create our model of the world and rules for social interaction. ”
11
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
Definition of pseudonymity Pseudonymity is the use of a pseudonym. A pseudonym is a fictitious distinguishing mark by which a certain communication or transaction can be traced back to a certain existing person. It is with regard to the notion of anonymity, important to distinguish pseudonyms that can be linked to identifiers such as the legal name and/or locatability. According to Roger Clarke, pseudonymity is generally used to enable the protection of individuals who are at risk of undue embarrassment or physical harm. He refers to celebrities and VIP’s, who are subject to widespread but excessive interest among sections of the media and the general public, to protected witnesses, people under threat from stalkers.
12
Pseudonymity and anonymity Pseudonym is an identifier for somebody to a transaction or a communication, at first doesn’t reveal one’s identity but that is indirectly sufficient to associate the transaction or the communication with the particular human being who uses the fictitious name. Comparing to pseudonymity, anonymity means that the agent of a communication or transaction has no observable persistent characteristics. Pseudonymity, on the other hand, means that there is some characteristic associated with the agent for that communication or transaction.
13
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 01
Trust and Balance of Interest As in case of anonymity, trust plays also an important role in privacy. The difference is that in case of anonymity where it is the anonymous person that must be trusted, in privacy it is generally the person who provides information that need to trust others. Generally a relation of trust is required in order for users to provide personal information to others. The level of openness is generally directly related to the level of confidence to the receiving party. Lack of trust and confidence can also mean that users will not provide required information or stop using the service on a whole. On the other hand, the relation can’t be built solely on trust, if there are no mechanisms of control incorporated people tend to do what rewards their personal interests at the most. That is personal information will be used to fulfil the personal interests of those having the information. There should be mechanisms or technologies incorporated to provide the user some control of how his information is used and to whom it is provided. A user might be ready to compromise his privacy if he experiences that he gets an enough compensation for providing information about himself. A good example are customer programs (e.g. frequent flyer, shop clubs) where users are entitled to receive special offers or get price reductions when gathering certain amount of points. The providing of information to others can also be caused by lack of knowledge.
14
“A user might be ready to compromise his privacy if he experiences that he gets an enough compensation for providing information about himself. �
15
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 02
02
SOME ASPECTS OF ANONYMITY Rationales for anonymity and identifiability, social, legal, ethical and technological aspects of anonymity
16
17
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 02
Rationales for anonymity and identifiability Anonymity is, as said, a method for privacy protection. Privacy protection is among other things, one rationale for anonymity. Gary Marx identifies a number of major rationales and contexts where anonymity or identifiability is required or permitted. His enumeration is not exhaustive but covers the most common contexts in which anonymity and identifiability are viewed as socially desirable.
Where Internet freedom is far from reality Countries with the highest and lowest degree of Internet freedom in 2014
Iceland
Obstacles to Access 0-25 Points
6
Estonia
8
Canada
15
Australia
17
Germany
17
United States
19
Violations of User Rights 0-40 Points Limits on Content 0-35 Points 0=Most Free 100=Least Free
Uzbekistan
79 80
Ethiopia
84
Cuba China
87
Syria
88
Iran
89 0
20
40
60
80
Source: Freedom House
18
100
Anonymity is required or permitted:
Rationales in support of identifiability • • • • • •
These contexts and rationales in support of anonymity must be balanced by a consideration of the opposite. The rationales in support of identifiability are simpler, clearer and less disputed. Identifiability is required, expected or permitted: to aide in accountability to judge reputation to pay dues or receive just deserts to aide efficiency and improve service to determine bureaucratic eligibility to guarantee interactions that are distanced or mediated by time and space
• to obtain personal information for research in which persons are assumed not to want to give publicly attributable answers or data; • to encourage attention to the content of a message or behaviour rather than to the nominal characteristics of the messenger which may detract from that; • to encourage reporting, information seeking, communicating, sharing and self-help for conditions that are stigmatising and/or which can put the person at a strategic disadvantage or are simply very personal; • to protect donors of a resource or those taking action seen as necessary but unpopular from subsequent obligations, demands, labeling, entanglements or retribution; • to protect strategic economic interests, whether as a buyer or a seller; • to protect one's time, space and person from unwanted intrusions; • to increase the likelihood that judgements and decision making will be carried out according; • to designated standards and not personal characteristics deemed to be irrelevant; • to protect reputation and assets. The theft of identity and sending of inauthentic messages has emerged as a significant by-product of the expansion of electronically mediated (as against face-to-face) interactions; • to avoid persecution;
19
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 02
Social aspects of anonymity Technology changes have profound consequences on social behaviour. For example, the development of mass-produced automobiles, made possible by the development of suburban shopping malls in the United States, which in turn led to an adolescent mall culture unimaginable in the 1920’s. It seems quite likely that the pervasive spread of the Internet will have equally profound effects on social organization and interactions. It should be interesting to study what is already known about the effects of anonymity as we analyse anonymity in the electronic world.
20
The theory of deindividuation and antisociality In general, the findings of scientists are not encouraging for future of the electronic world unless we can somehow avoid the known association of antisocial behaviour and anonymity. Early studies on people in groups focused on anonymity as a root of the perceived frequency of antisocial behaviour. The anonymous members of a crowd show reduced inhibition of antisocial and reckless, impulsive behaviour. They are subject to increased irritability and suggestibility. Later social psychologists formulated a theory of deindividuation in which they proposed that one's personal sense of identity can be overwhelmed by the sense of belonging to a group. As mentioned in the introductory comments for section, there is a reason to suppose that technology can contribute to the deindividuation of its users. Anonymity has been postulated in anecdotal reports to account in part for strong contrast in behaviour of normal people who become aggressive while driving cars. It seems plausible that being isolated in a tight space.
Anonymity and aggression Experimental work by Zimbardo suggested that anonymity can significantly increase aggression. For example, when women were asked to deliver electric shocks to victims, those who agreed to wear white lab coats and hoods administered what they thought were longer shocks to the alleged victims compared to women who wore their own clothes and nametags.
21
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 02
22
Anonymity increases the likelihood that people will transgress rules and laws. As said, the avoiding of persecution is a rationale in support of anonymity.
23
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 02
Legal aspects of anonymity More people adopt the Internet as a tool of expression and knowledge every day. At the same time, societies continue to struggle to balance freedoms and individual rights in the online communication environment. Issues of anonymous expression online particularly complicate matters of legal process. Psychologists have noted that communicating anonymously can have a disinhibiting effect on the communicator, freeing that person from societal and individual limitations on expressing her thoughts. Along similar lines, psychologists have also noted that anonymity creates a deindividuation effect marked by a decrease in self-control and a greater willingness to engage in anti-social behavior.
24
Ethical issues on anonymity There are many ways to anonymity that we consider to be bad uses. Although it’s not intended to discuss the good and the bad things about anonymity in this paper, the bad uses can be broken down, briefly, into a number of categories, based on the type of use or offence involved.
• •
•
•
•
These are issues that generally come up in the context of anonymous speech or communication systems, rather than specifically in the context of anonymous publication systems. They include: Death threats: users may be able to make death threats without accountability. Terrorism communications: users may be able to coordinate and conspire to plan terrorist activities against the state or other organizations or individuals. Kidnapping communications: similarly, users might conspire and coordinate to plan kidnappings or other illegal actions. Spam: users might make use of the anonymous channel to spam victims with targeted advertisements or other text. Harassment: as opposed to targeted spam, stalkers might make directed communications intended to embarrass, defame, or threaten. Blackmail: users might publish material without disclosing the key, and then threaten to publicize the location of the material.
25
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 02
Technological aspects of anonymity Anonymous posting services on the internet
With the benefits of
were started around 1988 and were introduced primarily for use on specific newsgroups which discussed particularly volatile, sensitive and personal subjects. One of the first of these services was started by Dave Mack for use on alt.sex. bondage. Anonymous postings on newsgroups such as this one soon became the primary method of communication. Anonymity services which utilized remailers originated with the Cypherpunk group in mid-1992. Global anonymity servers which served the entire internet soon sprang up, combining the functions of anonymous posting.
on-line anonymity also come the disadvantages. Extreme abuse and illegal activity on the net is one of the most visible drawbacks to anonymity on the net. In general, abusive and frivolous anonymous email and posting is done mostly by users who have just discovered anonymity.
“The society in which we live can frequently be extremely conservative, often making it dangerous to make certain statements, have certain opinions, or adopt a certain lifestyle.�
26
Personal data vs. work data
44%
Smartphone users are more concerned about losing personal content than worring about enabling cybercriminals to access sensitive business data.
Respondents were concerned about the theft of corporate data.
3%
47%
Almost half of respondents do not worry much or at all about losing client or customer details.
27
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 02
What is a data breach? It has come to a point that people have become desensitized with the news of a data breach. Every now and then, companies announce that their systems were breached, followed by the extent of the damage, and what they’re doing about it. Compromised data is a subject that needs the public’s full attention. Data breaches can result in millions of private records and sensitive data stolen, affecting not just the breached organization, but also everyone whose personal information may have been stolen. A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files, or by bypassing network security remotely. The latter is often the method used to target companies.
50% used some form of hacking 29% involved physicial attacks
11% resulted from social engineering 49% incorporated malware
17% resulted from abuse of privileges
28
29
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 03
30
03
ANONYMITY IN THE DIGITAL WORLD Methods for improving privacy, characteristics of anonymity in the electronic world
31
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 03
Real world vs. digital world The foregoing accounts centred upon essential notions within the scope of the definition of anonymity and its aspects. These were the foundations to concentrate on the undermentioned characteristics of anonymity in the electronic world.
32
Anonymity in the real world The real world refers to the material and physical world of everyday human interactions. Using real world in this way is not intended to insinuate that the electronic world is less significant, useful or even real than the worldly level on which we interact; it is only a convenient reference to distinguish the physical from the electronic. Anonymity in the real world is the absence of a real world identity. Some authors define it simply as being without a name or with an unknown name. As suggested above, this namelessness is not enough to be anonymous.
Anonymity in the digital world In this paper the electronic world, also called cyberspace, refers to the totality of electronic data storage and transmission; this paper focuses on communications and transactions using the Internet. Anonymity in the electronic world is the absence of (digital) identity. Identity on the Internet is primarily the e-mail address. The e-mail address sometimes provides for crude and unreliable information about affiliation and geographic location via e.g. domain names. Roger Clarke has written an excellent introduction on the question what is meant by identity in the electronic world. Another well known author on this subject is L.Detweiler; it is still unknown whether this is a real name or not. Detweiler suggests that identity on the Internet is amorphous and unstable because there is no one-to-one relationship between people and email addresses.
33
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 03
The importance of anonymity in the digital world According to Detweiler anonymity is a powerful tool that can be beneficial or problematic depending on its use. Arguably absence of identification is as important as the presence of it. It may be the case that many strong benefits from electronic anonymity will be discovered that were unforeseen and unpredicted, because true anonymity has been historically very difficult to establish. One can use anonymity to make personal statements to a colleague that would sabotage a relationship if stated openly. One can use it to pass information and evade any threat of direct retribution. For example, whistleblowers reporting on government abuses can bring issues to light without fear of stigma or retaliation. Sensitive, personal, potentially dama g ing infor ma tion is of te n poste d to some USENET groups, a risky situation where anonymity allows conversations to be carried on completely independent of the identities of the participants.
“The Internet is, as an essential part of the electronic world, really a network of network and is comprised of a number of different technologies.�
34
Some police departments run phone services that allow anonymous reporting of crimes, such uses would be straightforward on the network. Anonymity can be extremely important and potentially lifesaving diagnoses and discussions carried out on medical or therapeutic newsgroups. Unfortunately, extortion and harassment become more insidious with assurances of anonymity.
35
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 03
The Internet provides immediate access immediate access to to inforinformation from around the world. With With simple simple e-mail, e-mail, it is easy to send a message to anybody on earth. Through Through the the World world wide Wide Web, web, millions millions of of information sources information sources are are available from around the world.
36
37
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 03
Degrees of anonymity Developing a system to protect privacy while browsing the World Wide Web, Mike Reiter and Avi Rubin introduced the idea of degrees of anonymity as an important tool for describing and proving anonymity properties. They argue that the degree of anonymity provided against an attacker can be viewed as a continuum, ranging from no anonymity to complete anonymity and having several interesting points in between.
Absolute privacy
38
Beyond suspicion
Probable innocence
Possible innocence
Exposed
Probably exposed
Threats to anonymity in the digital world Nowadays, there are many threats to anonymity in the digital world. Organizations and authorities keep personal data in information databases. This causes a threat of unauthorised access to personal information, which is a risk for personal privacy. Another threat arises from the significant emergence of electronic communication such as email, newsgroups, chat, etc. The biggest privacy risk is that somebody monitors or even manipulates this communication. A third threat to anonymity in the electronic world is transaction monitoring and extraction of additional information. Most electronic transactions are logged. In addition to, many personal data can be stored. Most electronic services require the user to identify him. The demands for identification and authentication obstruct the desire to be anonymous and thus the desire to protect privacy. Moreover, the Internet creates opportunities for identity theft, as it is easier to copy or to fake identities in the electronic world. The problem is that this causes great harm to the person whose identity is stolen.
39
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 03
Types of anonymity related to the characteristics of a communication The agent of a communication has control on whether to publish his speech over a given channel, based on the characteristics of that particular channel. The speaker might tailor his speech, or choose not to speak at all, based on the level of protection provided by that channel and the choices he makes about his anonymity. This explanation is also based on Roger Dingledine’s rather technical viewpoints. The distinction between computational and information-theoretic anonymity depends on the notion of how protected a given address is: does it rely on computational complexity to protect its anonymity. Finally, there are types of anonymity that are not really related to the agents or the characteristics of a communication or a transaction.It concerns the main distinction between data anonymity and connection anonymity. In data anonymity, data flowing
40
over a connection do not reveal an identity. In connection anonymity, the connection itself does not reveal an identity, and the vulnerability is traffic analysis. Pfitzmann and Waidner describe three main types of anonymous communication properties: sender anonymity, receiver anonymity and unlinkability of sender and receiver. Sender anonymity means that the identity of the party who sent a message is hidden, while the receiver (and the message itself) might not be hidden. Receiver anonymity similarly means that the identity of the receiver is hidden. Unlinkability of sender and receiver means that though the sender and receiver can each be identified as participating in some communication, they cannot be identified as communicating with each other.
41
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 03
America's internet speeds continue to soar Every quarter, Akamai releases a State of the Internet Report. This study is a widely accepted third-party evaluation of not just the health of the overall internet, but a comparison of states, regions, and countries’ internet speed, adoption, and security.
Earlier this week, Akamai released its 2017 1st Quarter report and it revealed that on a number of key metrics, the internet in the United States took a huge leap forward compared to other countries. The US is now in the top ten countries for adoption of internet speeds over 15 and 25 Mbps as well as the top ten for overall average speed.
42
70.7 86.5
90
Q1 2017
67.7
80
Q3 2016
53.3
70
Q1 2016
Q3 2015
53.3
48.7
60
Q1 2015
Q3 2014
40.6
36.1
34.1
50
Q1 2014
Q3 2013
26.0
40
Q1 2013
Q3 2012
23.4
30
Q1 2012
Mbps
AVERAGE PEAK CONNECTION SPEEDS IN THE U.S 2012 - 2017
100
20
10
0
Source: Akamai State of the Internet, Q1 2017
43
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
04
THE FUTURE OF ANONYMITY The future of privacy on the Internet
44
45
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
46
The future of VPN and privacy Following the rise in a number of emerging trends such as Bring Your Own Device (BYOD) and the Internet of Things, we can now expect virtual private networks to become ubiquitous. While years ago, VPNs were exclusively used by big companies and government authorities, today a large pool of individuals and businesses of all sizes are seeing the benefits of it. VPNs were initially created to provide remote access to network resources. From there, the VPN industry is now undergoing a shift in its focus to make privacy a core focus. As we are expecting to see new encryptions incorporated, VPN technologies coming to market in the next five years ar likely to become more and more privacy-focused. Once these improvements are incorporated, such as anonymous tokenized authentication and protocol obfuscation, we can expect a significant change in how online privacy is being reinforced.
It is easy to imagine a prosperous future for the VPN industry as the technology has the potential to bolster internet security from a number of threats. That said, we must keep in mind that while VPNs are likely to become as widespread in the next few years as firewalls are today, they cannot eradicate cyber threats and ensure absolute privacy. The need for VPN will continue to grow however, and they are on the path to becoming omnipresent in the business environment. It will increase the number of VPN providers and competition on VPN market will continue to grow. In today's world, one of the main problems is that each device in one way or another collect data for different purposes. Services for communication such as Skype, WhatsApp, Gmail, Facebook, also mean the transfer of data to a third party and of course people are not comfortable with that. Our personal data is our intellectual property and we are interested in reducing all possible risks of leakage At the moment the truth is that most internet users are technically unsafe. VPN industry is trying to change it making use of VPN affordable and easy for everyone. In the future, there will be no need for users to setup VPN on their devices as it will be built in OS and automatized.
47
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
TOR VS. VPN TOR vs. VPN – Anonymity has become the basic need for every internet user in today’s era. When we want to browse the internet anonymously, there are many ways to do so. The two most common ways are: • Virtual Private Network (VPN) • The Onion Router (TOR)
TOR and VPNs often get compared side-byside as competing products. However, in reality TOR and VPN are simply different. Since, they both serve the same purpose, most people treat them as an alternative to each other or competing products. Both have their particular advantages and disadvantages. While a VPN may be more suitable for one particular situation, TOR may be more suitable for another one. Today, we will break down TOR and VPN so that you know which one to choose and when. TOR is a decentralized system that allows users to connect to their desired website or server by connecting through a network of
48
relays, rather than connecting directly. With TOR, user’s traffic is routed through a number of nodes (Random Server), each node is only aware of the IP addresses in front or behind it. This way, at any point, no one can track the whole path between the user’s computer and the destination website. A Virtual Private Network (VPN) is created by establishing a virtual point-to-point connection to a gateway through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. To the network beyond gateway, the user appears to be coming from one of the gateway’s IP addresses. Once user connects to a server, his/her IP gets replaced with one of the server’s IP. This way user’s IP remains anonymous on the internet and anyone, even the ISP cannot track it.
“TOR vs. VPN is like Apples vs. Oranges Both are used for same purpose, but totally different from each other.�
49
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
This past week the Russian government announced a new law making it clear they’re no longer going to allow their tech savvy citizens to view restricted websites using services that help them circumvent the system. For many years Russian residents have been banned from viewing tens of thousands of websites, mostly those sharing copyrighted material. But many residents decided not to bend to these new rules willingly, rather opting for virtual private networks to help them surf online anonymously.
50
The future of using virtual private networks to facilitate piracy Understandably, governments and enforcers of copyright laws are frustrated that VPNs allows users to easily sidestep restrictions. Professor Nicolas Suzor of the University of Technology in Queensland called site blocking “basically like ‘whack-a-mole’,” explaining that it’s more of a “symbolic victory over piracy” rather than a sustainable solution. However, many tech experts warn that merely banning these sites and restricting access is not enough because it can be bypassed in seconds using a VPN. And ever since the court order, companies providing VPN services Down Under have reported a boom in sales with more and more Australians hiding their IP addresses and moving their illegal viewing off shore.
On top of that, many users especially Australians feel they have an intrinsic right to access content if it’s not easily available through legal channels or too expensive. There are no realistic means for an ISP to stop people using a VPN to visit sites, confirms Finder.com.au’s Angus Kidman. Because the very use of a VPN makes it impossible for your ISP to know you are using one or see what sites or content you are accessing through it. Google, too, added their voice to proceedings, writing that whole-site removal is ineffective and can easily result in censorship of lawful material. This would jeopardise free speech principles, emerging services, and the free flow of information online globally and in contexts far removed from copyright. tion online globally and in contexts far removed from copyright.
51
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
“Rooms is a space for people to talk about their interests without having to be anxious that it could be connected to their real identities.”
52
The future of anonymity on the internet is facebook rooms Danielle citron looks at Facebook Rooms and sees a nice middle ground in the battle over anonymity on the internet. Released last week, the new Facebook app is a place where you chats with other like-minded people about most anything, from the World Series to 18th century playwrights, because you needn't use your real name when joining one of its chat rooms, you have a freedom to express yourself that you wouldn't have on, say, the main Facebook app.
But at the same time, Mark Zuckerberg and company have committed to policing rooms at the lowest level. If anything offensive appears in the app—hate speech, threats, spam, or graphic content—room moderators or Facebook itself can take it down. For Citron, a law professor at the University of Maryland and the author of Hate Crimes in Cyberspace, that is crucial. “Maybe it's partly a marketing move that Facebook is also getting into this space, but I'm optimistic,” Citron says. “This could be a sign that we're starting to create a middle ground that takes advantage of the best qualities of anonymity.” Of course, this takes away a certain amount of free expression, and now, we've started to move back in the other direction. This year, myriad anonymous sharing apps—including Whisper, Secret and YikYak—have emerged to let users air their grievances with little risk of real-life consequences. As usual, there are problems with the latest tools. But Facebook Rooms attempts to find the right balance.“I think there’s definitely a pendulum swing, where we move and experiment with anonymity,” says Citron. “There's certainly a destructive side to anonymity, as we've seen in Gamergate and other internet hate crimes. But anonymity also frees people o put their best self forward.”
53
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
Conclusion Anonymity is, as it is generally acknowledged, the absence of identity. It is a method of privacy protection and thus a part of privacy. The concept of anonymity becomes increasingly significant regarding privacy protection in electronic services. The fluidity of identity on the Internet simplifies anonymous communications and transactions. Many strong benefits from electronic anonymity are discovered though there are many threats to this anonymity. It is a trying task to decide what is legal or who should be held responsible for anonymous communications and transactions. The discussion on the aspects of anonymity in the electronic world may result in a good understanding of the concept, with a view to guide the development and assessment of any Internet policy regarding anonymity. Since information about other persons enable people to gain personal advantage or power over other persons, there will always be an interest in obtaining such information. In addition to this, the economical value of personal information is continuously increasing as a result of the development of the economics towards market segmentation and mass-customisation. At the same time the growing data processing and storage capabilities have enabled a more efficient monitoring and tracking of persons. It is evident that there is an increasing need for privacy and anonymity in the electronic world of today.
54
Even though the terms privacy and anonymity are often used synonymously, they have distinctive meanings. Anonymity means that the person does not reveal his true identity, where as privacy again is control of personal information and space. Anonymity can be seen as part of privacy protection, since anonymity is privacy of identity. One can argue that anonymity alone is not necessarily sufficient to guarantee privacy, since if an anonymous person provides information about himself, it might be possible to determine his identity based on the information or by cross-referencing the information with other information including his identity. High level of privacy can only be obtained by combining anonymity and privacy mechanisms. In today's electronic world it is very difficult to stay anonymous and to protect ones privacy. Most electronic systems require some kind of identification information of the user, in order to authorise the user or store information about the user to be used for e.g. billing, tracking or trouble shooting. Because of the basic need in information systems to label information in order for the data to be found later, and the ease to do so it seems that the identity is often required also when it is not necessarily needed. Instead schemes with accountable pseudonyms or anonymous authorisation could be used. The importance of anonymity in the protection of one's privacy has grown in the electronic world.
Trust and trust models play an important role in anonymity and privacy. The problem of anonymity is generally how to trust an
That they do not misuse the personal information the user has provided. However, in our opinion such a relation cannot be built solely
anonymous person. On the other hand, since few anonymous systems are 100 % anonymous, anonymous person generally still needs to trust some one in the system. In case of privacy the user needs to trust others.
on trust, since if there are no mechanisms of control incorporated people tend to do what rewards their personal interests most.
55
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
56
57
ANONYMITY, PRIVACY AND SECURITY ONLINE CHAPTER 04
58
The electronic world poses many threats for user's anonymity and privacy. But in addition to threats, the information technology has brought new means to protect the anonymity and privacy of the user. In order to improve the anonymity and privacy in the electronic world, the most important thing to do is to inform people about existing threats.
59
ANONYMITY, PRIVACY AND SECURITY ONLINE BIBLIOGRAPHY
Bibliography Chapter 1 Benassi P., TRUSTe: An Online Privacy Seal Program, Communications of the ACM, February 1999, volume 42, number 2, pp.56-59 Brin D., The Transparent Society, Perseus Books, Reading, MA, 1998 Chaum David, Achieving Electronic Privacy, Scientific America, August 1992 Clarke R., Human Identification in Information Systems: Management Challenges and Public Policy Issues, Information Technology & People 7,4 (December 1994) 6-37 Clarke R., Internet Privacy Concern Confirm the Case for Intervention, Communications of the ACM, February 1999, volume 42, number 2, pp.60-67
Crainor L., Internet Privacy, Communications of the ACM, February 1999, volume 42, number 2, pp.29-31 Eklund, E., Controlling and Securing Personal Privacy and Anonymity in the Information Society, Proceedings of the HUT Seminar on Network Security, November 22-23, Helsinki University of Technology, 1995 Gabber E., Gibbons P., Kristol D., Matias Y., Mayer A, Consistent Yet Anonymous Web Access with LPWA, Communications of the ACM, February 1999, volume 42, number 2, pp.42-47 Goldschlag, D., Reed, M., Syverson, P., Onion Routing for Anonymous and Private Internet Connections, Communications of the ACM, February 1999, volume 42, number 2, pp.39-41
60
Chapter 2 Lehti I., SPKI-based Access Control Server, Master's thesis, Helsinki University of Technology, 13 January, 1998 Reagle J. and Cranor L., The Platform for Privacy Preferences, Communications of the ACM, February 1999, volume 42, number 2, pp.48-55 Reiter, M. K. and Rubin, A.D., Anonymous Web Transactions with Crowds, Communications of the ACM, February 1999, volume 42, number 2, pp.32-38 Schneier, Bruce, Applied Cryptography, second edition, John Wiley & Sons, 1996 Webster's Ninth New Collegiate Dictionary, Springfield MA, 1991
The war of desire and technology, Cambridge, MA, MIT Press, 1996 TURKLE, S., Life on the screen: identity in the age of the internet, New York, Touchstone, 1995 WALLACE, P., The psychology of the Internet, Cambridge, UK, Cambridge University Press, 1999 GRIJPINK, J. and PRINS, C., An exploration of the legal implications of digital anonymity, unpublished translation of the dutch text entitled Nieuwe rechtsregels voor anoniem elektronisch rechtsverkeer, 2001
61
ANONYMITY, PRIVACY AND SECURITY ONLINE BIBLIOGRAPHY
Chapter 3 The human choice: individuation, reason and order versus deindividuation, impulse, and chaos, Arnold, W. J. & D. Levine, eds, Nebraska Symposium on Motivation, University of Nebraska Press (Lincoln), 1969 RUSSELL, J. J., The new menace on the road, Good Housekeeping, 1997 ZIMBARDO, P. G., The human choice: indivi-duation, reason and order versus deindividuation, impulse, and chaos, Arnold, W. J. & D. Levine eds, Nebraska Symposium on Motivation, University of Nebraska Press (Lincoln), 1969 WALLACE, J., D., Nameless in Cyberspace: Anonymity on the Internet, 1999 RIGOLE, P., Technological Aspects of Anonymity on the Internet, Seminar paper, 2001
DETWEILLER L., Identity, Privacy and Anonymity on the Internet, 1993 SMITS, S., Anonymous E-mail, Seminar paper, KULeuven, 2001 FROOMKIN, M., Anonymity and Its Enmities, The Journal of Online Law, 1995, article 4, par. 7 Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Databases, Pittsburgh Journal of Law and Commerce, 1996 DINGLEDINE, R., The Free Haven Project: Design and Deployment of an Anonymous Secure Data Haven, MIT Master's Thesis, 2000
62
Chapter 4 The culture of connectivity: A critical history of social media, Oxford: Oxford University Press, JosĂŠ van Dijck, 2013 Cf. the FCC E911 mandate in the U.S., put into practice in case of an emergency as from October 2001 PFITZMANN, A., and WAIDNER, M., Networks without user observability, Computers & Security 2, 1987, 6, 158-166 REITER, M., RUBIN, A., Crowds: Anonymity for Web Transactions, 1999 SMITH, R., The IP Address: Your Internet Identity, 1998 SMITS, S., Anonymous E-mail, Seminar paper, KULeuven, 2001
Clarke R., Introduction to Dataveillance and Information Privacy and Definitions of Terms Original of 15 August 1997, latest rev. 16 September 1999 DETWEILLER L., Identity, Privacy and Anonymity on the Internet, 1993 CHAUM, D., Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, 1981 FROOMKIN, M., Anonymity and Its Enmities, The Journal of Online Law, 1995, article 4, par. 3.
63
Colofon Typefaces Body: Apercu Headings: Verlag Software Adobe Creative Cloud InDesign, Illustrator, Photoshop Equipment MacBook Pro Retina Epson P800 Paper Epson Premium matte 48lb Photography and illustrations Yu Pan Designer Yu Pan
64