The Myth of Anonymity03 Oct 2005 Does anonymity really exist? I think not.
Do you think you are anonymous, when you read this blog entry? The software that runs this blog know source IP adress of your connection. How diffucult is to find out your Internet Provider? Few queries in public databases. How difficult it might be to resolve the adress further? Maybe few tricks with DNS and I'll know the company you work for or the region you live in. And if you live in the country similar to the one I live in, I may get a bit further. Maybe if I invest some money to a bottle of expensive liquor and invest that bottle in the right person at the ISP, I may experience a sudden "vision" that may reveal part of your customer record.
Do you still think that you are anonymous?
People that worked with "Orange Book" class-B secure systems (Common Criteria LSPP) may tell you long stories about covert and subliminal channels. And these stories have common moral: you cannot effectivelly fight the leakage of information. You may limit it, but it gets really expensive quite soon. And it limits usability. If you ever worked with class-B system you know what I'm talking about.
If you would like to be absolutely anonymous, you must eliminate all the data that the other side may gather about you. And that's not practical. It will cost fortune, you will barely be able to get the data you want and still there will be a crack that may leak some data about you. Absolute anonymity is a myth, it does not exist in practice. Anonymity is a theory, usable for theoretical research. But not for the Internet. Anonymity is a buzzword, also. Good for selling "privacy" software. But that nice piece of smart software you've just bught may turn out to be just a expertly-packaged snake oil.
I'm not trying to say that there is no privacy on the Internet (or that there might not be). I'm just saying that there is no absoulte anonymity. Part of your identity may be revealed and there is no effective mean to stop it. We should better adopt the approach that works in computer security area for decades: There is no absolute security. We should accept the fact that there is no absolute anonymity, no absolute privacy. One can always break the privacy, given sufficient resources. Only thing that matters is that the cost of breaking the privacy has to be kept really high. That is the primary goal of "privacy" technology.