The Myth of Anonymity

Does anonymity really exist? I think not.

Do you think you are anonymous, when you read this blog entry? The software that runs this blog know source IP adress of your connection. How diffucult is to find out your Internet Provider? Few queries in public databases. How difficult it might be to resolve the adress further? Maybe few tricks with DNS and I'll know the company you work for or the region you live in. And if you live in the country similar to the one I live in, I may get a bit further. Maybe if I invest some money to a bottle of expensive liquor and invest that bottle in the right person at the ISP, I may experience a sudden "vision" that may reveal part of your customer record.

Do you still think that you are anonymous?

You may use redirectors and anonymizers. But these are still run by somemody. And somebody may be corruptible. Modern cryptography helps a bit, but hey, the IP address in not the only bit of information I have. You have accessed my blog and you are reading this thing about anonymity. Well, you are a techie or researcher or something like that. I have the timestamp of your request. I'll just look in which part of the world is daytime at that moment. I have your UserAgent string - that may reveal your operating system and native language sometimes. I can measure the time difference between request for the HTML page and request for images. If I'm lucky that will give me the estimation on "network distance" to you. And maybe also the estimation of the bandwidth of your connection. And what about a little JavaScript, Java applet or ActiveX control that may look around your computer? Are you sure your browser is secure? I'm sure you've got the idea now.

People that worked with "Orange Book" class-B secure systems (Common Criteria LSPP) may tell you long stories about covert and subliminal channels. And these stories have common moral: you cannot effectivelly fight the leakage of information. You may limit it, but it gets really expensive quite soon. And it limits usability. If you ever worked with class-B system you know what I'm talking about.

If you would like to be absolutely anonymous, you must eliminate all the data that the other side may gather about you. And that's not practical. It will cost fortune, you will barely be able to get the data you want and still there will be a crack that may leak some data about you. Absolute anonymity is a myth, it does not exist in practice. Anonymity is a theory, usable for theoretical research. But not for the Internet. Anonymity is a buzzword, also. Good for selling "privacy" software. But that nice piece of smart software you've just bught may turn out to be just a expertly-packaged snake oil.

I'm not trying to say that there is no privacy on the Internet (or that there might not be). I'm just saying that there is no absoulte anonymity. Part of your identity may be revealed and there is no effective mean to stop it. We should better adopt the approach that works in computer security area for decades: There is no absolute security. We should accept the fact that there is no absolute anonymity, no absolute privacy. One can always break the privacy, given sufficient resources. Only thing that matters is that the cost of breaking the privacy has to be kept really high. That is the primary goal of "privacy" technology.