Pay No Attention to that Man Behind the Curtain!
Essaysanonymity / security / Tech Sunday6 Comments
Shades of Gray or, as I like to say, #666666, #333333, and #999999
Today I’d like to talk about anonymity. Should we have it? Why or why not? If you’d like to be anonymous, for good or ill, I’ll talk about ways you can achieve this.
Hypothetical Situation One
A woman writes a blog post in which she expresses opinions about the way gender roles are baked into our thinking and how that perpetuates actions that are harmful to women in their daily lives. People who believe a woman has no business pointing out such things escalate comments with vile language and threats unrelated to any of her theories. The reactions include threats of physical harm, backed up with evidence that some people making these threats have obtained her phone number, address and the addresses of family members.
These threats are easy to make because it is possible to make such contact without the commenter being directly linked his or her real identity. This precise situation has led some to suggest websites and blogs should no longer allow anonymous comments.
Hypothetical Situation Two
A young man in a government job observes misconduct on the part of his government. Human rights violations, lets say. He wants to alert others of the conditions and actions he has observed and documented, but if he does, his government will punish him and suppress the evidence. If he does nothing, egregious wrongs will continue unabated. Because of technology like Tor, he is able to post his evidence of this wrongdoing without his government being able to identify him as the source of the information.
Hypothetical Situation Three
You have reason to believe the government is spying on you solely because you are brown and have a last name that sounds foreign. You’ve never made it through a TSA line without being taken aside for additional searches.
Hypothetical Situation Four
Someone has been kidnapped and the police need access to cell phone information in order to track the location of the missing person. Alas, the missing person has an iPhone 6 and all communications are encrypted natively.
Good or Bad?
If we were to do away with anonymity, people making threats against a woman who dares to speak out would not, the theory is, feel quite so free to engage in campaigns designed to silence her.
If we were to do away with anonymity, the world would not learn about human rights violations or other serious harmful, or criminal misconduct by others, be they companies, governments, or individuals.
Either the government can spy on any calls they want, or they can’t locate kidnapped children.
I feel I should pose the question of whether any situation is really that stark. Feel free to discuss in the comments.
Why You Might Want to be Anonymous
Suppose you are someone with personal knowledge of facts about malfeasance by a company. This company is publicly telling everyone that no such malfeasance is taking place. According to others with personal knowledge, these public statements contradict the facts they have. Further, this company is threatening to retaliate against anyone who reveals such facts.
The US warrantless wiretapping cases currently being litigated come to mind as an example of (alleged) corporate malfeasance, but it’s not hard to imagine other examples where a company denies wrongdoing despite evidence held by others. Eron, perhaps.
Perhaps there is a company that has actually retaliated against people who have pointed out facts that suggest something might be wrong. Again, not too hard to find such situations.
How would someone who wants to express an opinion or share facts about such cases, do so without risking retaliation? Well, anonymity is required.
About How to be Anonymous
Getting your internet traffic behind a service like Tor (The Onion Router) can help people maintain some degree of anonymity. Tor is a set of technologies that allow a user to obfuscate the origination of their traffic. Suppose you are sitting at your computer, and you are connected to the internet. You have an IP (Internet Protocol) address that might be a permanent one or that might be temporarily assigned for a session or series of sessions. In order to go to other sites on the internet, you must contact other IP addresses and say, hey, Hello! I have arrived at your IP address from this IP address and here is a packet header, please acknowledge I am well formed and can talk to you! The server at the other end checks the packet header and if it’s well-formed, agrees to talk to you. Voila. You are surfing Dear Author. You tell DA what page on the site you’d like to see, and DA sends you that page.
Under normal circumstances, your originating IP will come from your Internet Service Provider (ISP) who likely has a very large block of IPs to use. See IANA for a pretty good explanation. (https://www.iana.org/numbers). Quick example, if your IP address begins with 166 you’re traveling on the block of IPs originally assigned to AT&T.
An IP address is a good indication (but not always reliable) of where internet traffic is coming from. If you pay attention to such things, you’ll know that entities who wish to find and punish pirates file legal actions based on an end-user’s supposed IP address. There are lots of reasons why IP address does not provide proof positive. (It does not, for example, prove who was sitting at the computer at the time. Nor does it speak to any malware that might be originating such connections. Or cached data on one end or the other such that the supposed link between the computer and the IP address is, in fact, outdated and therefore identifies the wrong end user.
So, in examining the IP address at one end of an internet connection, you may or may not end up with the person responsible for the traffic. Certain governments may have measures in place that make this more likely.
How to be Anonymous
The challenges shift depending on whether you’re on a computer or a mobile device, and no methods are foolproof. That said, here are some links to get you started:
The EFF has some very good documentation on the subject: Tor and https has a great visualization of what data is visible when you are using Tor and/or https. Worth a click-through if you’re a visual learner.
PC World has a very good article about setting up Tor here.
Tech Republic: Everything you need to know about using Tor
Tor itself has some thorough documentation and discussion here: (https://www.torproject.org/download/download.html.en#warning)
Do you want secure browsing and commenting? Download the Tor browser:
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.
Note: There are important provisos. You MUST pay attention to what you are doing and when and how those actions may circumvent the anonymity of Tor with or without you knowing.
So long as you are aware, you could install the Tor browser and leave an anonymous comment on this post. Please consider giving it a try.
Want to help out with Tor? Run a relay.
VPNs
This 2013 LifeHacker article is a pretty decent overview with some VPN recommendations.
About.com has this article about 2014 VPN applications
As with everything, do your due diligence. VPNs are not free.
For my phone, I’m still very happy with my test of Freedome. The iOS 8 updates make it even easier to use.
Not Free – But worth looking at
If you’re on an Android OS, check out Whispersystems for secure texting, phone calls and local encryption.
For iPhone compatibility, (Android, too) take a look at Silent Circle’s offerings for mobile and desktop. They also offer the Blackphone, which runs a secure fork of Android. I ask you, who wouldn’t want a phone called Blackphone?
The iPhone 6 and iOS 8
Read about the security and encryption baked in to iOS 8 here
So, what do you think? Where do you stand on the issue of anonymity? Let me know in the comments. Anonymously or otherwise.
Unfortunately, the iPhone example is extremely technologically wrong.
1: You can’t encrypt your phone’s identity to the cell towers. The cell towers — and thus, the phone company that owns them — have to know what phone-number is talking to them, so tracking a given cell-phone’s location (via what cell towers it’s been saying, “Hi! I’m here! Send calls to me here!”) can’t be encrypted. Or else it would cease to function as a cell phone, and would be an iPod Touch. So you go to the carrier(s) who own all the local cell towers and hand them the warrant, and say, “Tell us which cell towers have been in contact with number XXX-XXX-XXXX and what the timestamps were for each contact.”
2: iPhones have the option of “Find My iPhone” — keep the PW for that in a secure place that the parents can access (you should always have your kid’s account PW!!), and there’s another way to track an iPhone.
3: All cellphones have some encryption just talking to the cell-tower normally, and that encryption is defined by the carrier (phone-to-tower) and it is not very strong, though it’s better than it used to be. Using Voice Over IP apps can increase that encryption. So phone calls, without a VOIP app, are not going to be hard to crack if you can eavesdrop by picking up the signal to (or from) the tower.
4: What is a potential issue is if the cops think the kidnapper has email on his phone, and can seize the phone, and find out it’s an iPhone with a password lock on it. That is the issue: they can’t get into it without the 4-digit unlock code, and it’s unclear whether they can force the guy to give it up without running into self-incrimination issues (spouse says that there have been varying court decisions on whether giving a PW that allows access to one’s encrypted stuff is “self-incrimination” or not).
I don’t know what happens if you have someone in custody, have their phone with an appropriate warrant, and fail at the password guessing. They would presumably get some number of free tries (9 under some iOS versions, 5 for modern ones) before it locked permanently.
However. They could also get a warrant for the suspect’s computer, which might or might not be password locked, and might or might not be any more secure that way. If the suspect has ever backed up their phone, that’s where the backups will be. (Photos may be in iPhoto, though; those don’t seem to be backed up normally — or weren’t when my kid’s phone had to be replaced because the antenna died.) If you think all the data will be in email, then that would need the password — but there are still ways to get into this if you have the suspect’s apple-ID email.
(Frankly, there might be ways to get into the thing prior to all this, but you’d have to talk to Apple about getting into the apple account, re-setting the password to something the cops can use, and not, say, “accidentally turn on” someone’s phone while they were in custody.)
Here’s a real situation 3.5. I know someone who is a political activist, on Facebook, using a fake name. He has family in a war zone. If his activity was connected to their names, they would be at risk of abduction, torture or death. I don’t always agree with his views – but I support his anonymity. I also follow a couple more similar activists on Facebook, who are using pseudonyms. Facebook has been giving them trouble lately, restricting their accounts etc. I wish we lived in the world where it was not necessary. But I am afraid there are still places and times when it is absolutely essential. And yes, it can make it easier for bad guys to operate as well. But I think a variety of good people who have legitimate causes to for anonymity would be hurt by the strict “true names only” policy a lot more than the bad guys, especially in places where the bad guys have the power of an entire state behind them.
Addressing the actual issue instead of the technical details*… :)
I’m pro-anonymous abilities, too. For instance, while some trolls will be more cautious with their real name out there… a lot won’t be. They’re confident (or overconfident) in their ability to cope with someone finding out their private information, they don’t actually fear their trolled victims showing up with a weapon at their house or job, they don’t think their employer or the cops will care about their behavior, etc. So if some people want to post anonymously to make it harder for casual trolls to get their personal data… Hey. I’ve done it.
Loose anonymity can also be used to separate one’s life a bit. If I post with my full name, I’m trying to avoid using too many emoticons, lolspeak, and such. If I’m using my nickname, which isn’t that hard to link to my real name, then I’m either very casual, or discussing stuff relating to my gaming works; I’ve had that nickname for over 20 years now, and in some circles, people’d know it better than my actually-horribly-common real name. (HOW many people have this name on Pinterest? And Twitter? Gah! Late to the party and all the good account-names are taken!)
Not to mention the use of anonymity if one is concerned about a litigious entity threatening or filing lawsuits against people who comment on posts that criticize them. E.g., various hotels, restaurants, etc.
* My spouse says that I got the 5th Amendment defense wrong, and it’s been ruled that your password is not protected via 5th Amendment, any more than a combination to a safe would be, if there’s a warrant to get into the safe. (I suppose you could make your PW an admission of guilt — “iKilledTheWalrus” — but then either the PW would not be admissible in court as evidence, or your court-appointed lawyer could be told it in confidence and enter it for you.)
I think that the failure of the Real Name policy at Blizzard should have opened more eyes (coughFacebookcough) to why it is harmful to just insist that people must use their real names because it silences minorities, and as Elizabeth McCoy says above, people who are NOT already oppressed are much more willing to use their real names to spew hateful and threatening comments. Just look how many public and private officials have gotten slapped on their official Twitter accounts because they feel they have the right to express to the world why they think x type of minority is disgusting.
The answer to community behaviour is not taking away anonymity, it’s creating the community you want. If you leave comments on free-for-all with no moderation or flagging process, the cream doesn’t rise to the top — the most vocally abusive do, and everyone else either flees or just doesn’t speak up and make themselves a target. The rule for the internet doesn’t have to be “don’t read the comments”, but the only places I see the comments as being not only worthwhile but a very good addition to the site content are places where there are clear policies, moderation, and the community has been built to not accept that kind of behaviour. This is one of those sites. :)
There are a few others I read that deal with comments in different ways, from just deleting their comments to “kittening” them and changing every comment of the offender to talk about how much they love kittens, to deleting the comments with an explanation as to WHY they were deleted but not immediately banning the offender but refusing to argue and after that one warning they’re out. I’ve never found disemvoweling to be terribly useful although it can serve as a warning to that person that their behaviour is not okay.
I’ve also seen sites where the policies looked good in theory, but where people could be shouting awful racial slurs in the comments, saying “You sound white” would get you immediately banned. So it also depends on having good moderation that you can trust. A site I follow but refuse to read the forums just had a blow-up because one of the forum moderators was sexually harassing women commenting, and it took the site owners (who generally don’t participate in the forums) to get involved and for them to realize wow, our community is toxic and leaving them to themselves has not worked at all, we need to be a lot more involved as to what is acceptable because we do not at all want to be associated with these people.
We Google job-seekers. If we see racist, sexist, homophobic stuff in their tweets or facebook or whatever (open to the public, we don’t ask for access), they’re immediately blacklisted, because our company culture is something we have built and we don’t need people poisoning our waters. You’d be shocked how many people are totally confident using their real name to express these opinions because they’ve been taught that they are superior and have a huge vocal backup to shout down others so nothing they say is wrong or not okay. These are not the people who are harmed by real-name policies, and who honestly benefit from them because it makes their potential targets even more vulnerable.
I think we should still have anonymity. The benefits of it for the “good guys” outweigh the negatives, even if it may not seem like it at times.
I have stopped posting reviews for Android apps as Google no longer allows people to post without their full name. I have an unusual last name so its not like commenting as Jane Smith. They may think it cuts down on trolling or dishonest reviews, but I am sure I am not the only one who would rather leave no feedback than comment using their real name.
And Facebook’s idea that everyone must only use their real name isn’t reality. I know plenty of people using fake names there.
I have been interested in, but hesitant about, tor for quite a while. These links will be helpful for learning more and finally making a decision, thanks.
Tangentially related, I do use the free software from Albine- DoNotTrackMe. It is a browser plug-in and blocks some (but not all I am assuming) trackers/cookie/etc on many sites, generally without interfering with function. Even more helpfully, it provides masked emails, which creates a new email address for each site at which you need to enter one. It then forwards any emails sent to that fake email to your normal account, and if you are ever finished communicating with those people, or start receiving spam, you can block the fake email, and voila, no spam. I love love love it.
On an unrelated note, if you’re taking requests, any chance you could do a more in-depth article about password managers, especially in light of the Bash bug?