Dear Author

Pay No Attention to that Man Behind the Curtain!

Shades of Gray or, as I like to say, #666666, #333333, and #999999

Today I’d like to talk about anonymity. Should we have it? Why or why not? If you’d like to be anonymous, for good or ill, I’ll talk about ways you can achieve this.

Hypothetical Situation One

A woman writes a blog post in which she expresses opinions about the way gender roles are baked into our thinking and how that perpetuates actions that are harmful to women in their daily lives. People who believe a woman has no business pointing out such things escalate comments with vile language and threats unrelated to any of her theories. The reactions include threats of physical harm, backed up with evidence that some people making these threats have obtained her phone number, address and the addresses of family members.

These threats are easy to make because it is possible to make such contact without the commenter being directly linked his or her real identity. This precise situation has led some to suggest websites and blogs should no longer allow anonymous comments.

Hypothetical Situation Two

A young man in a government job observes misconduct on the part of his government. Human rights violations, lets say. He wants to alert others of the conditions and actions he has observed and documented, but if he does, his government will punish him and suppress the evidence. If he does nothing, egregious wrongs will continue unabated. Because of technology like Tor, he is able to post his evidence of this wrongdoing without his government being able to identify him as the source of the information.

Hypothetical Situation Three

You have reason to believe the government is spying on you solely because you are brown and have a last name that sounds foreign. You’ve never made it through a TSA line without being taken aside for additional searches.

Hypothetical Situation Four

Someone has been kidnapped and the police need access to cell phone information in order to track the location of the missing person. Alas, the missing person has an iPhone 6 and all communications are encrypted natively.

Good or Bad?

If we were to do away with anonymity, people making threats against a woman who dares to speak out would not, the theory is, feel quite so free to engage in campaigns designed to silence her.

If we were to do away with anonymity, the world would not learn about human rights violations or other serious harmful, or criminal misconduct by others, be they companies, governments, or individuals.

Either the government can spy on any calls they want, or they can’t locate kidnapped children.

I feel I should pose the question of whether any situation is really that stark. Feel free to discuss in the comments.

Why You Might Want to be Anonymous

Suppose you are someone with personal knowledge of facts about malfeasance by a company. This company is publicly telling everyone that no such malfeasance is taking place. According to others with personal knowledge, these public statements contradict the facts they have. Further, this company is threatening to retaliate against anyone who reveals such facts.

The US warrantless wiretapping cases currently being litigated come to mind as an example of (alleged) corporate malfeasance, but it’s not hard to imagine other examples where a company denies wrongdoing despite evidence held by others. Eron, perhaps.

Perhaps there is a company that has actually retaliated against people who have pointed out facts that suggest something might be wrong. Again, not too hard to find such situations.

How would someone who wants to express an opinion or share facts about such cases, do so without risking retaliation? Well, anonymity is required.

About How to be Anonymous

Getting your internet traffic behind a service like Tor (The Onion Router) can help people maintain some degree of anonymity. Tor is a set of technologies that allow a user to obfuscate the origination of their traffic. Suppose you are sitting at your computer, and you are connected to the internet. You have an IP (Internet Protocol) address that might be a permanent one or that might be temporarily assigned for a session or series of sessions. In order to go to other sites on the internet, you must contact other IP addresses and say, hey, Hello! I have arrived at your IP address from this IP address and here is a packet header, please acknowledge I am well formed and can talk to you! The server at the other end checks the packet header and if it’s well-formed, agrees to talk to you. Voila. You are surfing Dear Author. You tell DA what page on the site you’d like to see, and DA sends you that page.

Under normal circumstances, your originating IP will come from your Internet Service Provider (ISP) who likely has a very large block of IPs to use. See IANA for a pretty good explanation. (https://www.iana.org/numbers). Quick example, if your IP address begins with 166 you’re traveling on the block of IPs originally assigned to AT&T.

An IP address is a good indication (but not always reliable) of where internet traffic is coming from.  If you pay attention to such things, you’ll know that entities who wish to find and punish pirates file legal actions based on an end-user’s supposed IP address. There are lots of reasons why IP address does not provide proof positive. (It does not, for example, prove who was sitting at the computer at the time. Nor does it speak to any malware that might be originating such connections. Or cached data on one end or the other such that the supposed link between the computer and the IP address is, in fact, outdated and therefore identifies the wrong end user.

So, in examining the IP address at one end of an internet connection, you may or may not end up with the person responsible for the traffic. Certain governments may have measures in place that make this more likely.

How to be Anonymous

The challenges shift depending on whether you’re on a computer or a mobile device, and no methods are foolproof. That said, here are some links to get you started:

The EFF has some very good documentation on the subject:  Tor and https has a great visualization of what data is visible when you are using Tor and/or https. Worth a click-through if you’re a visual learner.

PC World has a very good article about setting up Tor here.

Tech Republic: Everything you need to know about using Tor

Sending Anonymous email

Tor itself has some thorough documentation and discussion here: (https://www.torproject.org/download/download.html.en#warning)

Do you want secure browsing and commenting? Download the Tor browser:

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.

Note: There are important provisos. You MUST pay attention to what you are doing and when and how those actions may circumvent the anonymity of Tor with or without you knowing.

So long as you are aware, you could install the Tor browser and leave an anonymous comment on this post. Please consider giving it a try.

Want to help out with Tor? Run a relay.

VPNs

This 2013 LifeHacker article is a pretty decent overview with some VPN recommendations.

About.com has this article about 2014 VPN applications

As with everything, do your due diligence. VPNs are not free.

For my phone, I’m still very happy with my test of Freedome. The iOS 8 updates make it even easier to use.

Not Free – But worth looking at

If you’re on an Android OS, check out Whispersystems for secure texting, phone calls and local encryption.

For iPhone compatibility, (Android, too) take a look at Silent Circle’s offerings for mobile and desktop. They also offer the Blackphone, which runs a secure fork of Android. I ask you, who wouldn’t want a phone called Blackphone?

The iPhone 6 and iOS 8

Read about the security and encryption baked in to iOS 8 here

So, what do you think? Where do you stand on the issue of anonymity? Let me know in the comments. Anonymously or otherwise.