Jump to content

Online Anonymity Difficult Despite Evolving Privacy Tools


ZortMcGort11

Recommended Posts

http://techcrunch.com/2014/08/21/are-you-ever-truly-anonymous-online/
While some users will go to great lengths to conceal their identities online, others are content to let cookies and other applications track their activities as they surf the web, only going so far as to delete a questionable link from their browser history every once in a while. Whether you’re intent on evading every government snoop, or just curious about how much information you’re giving out as you visit your favorite sites, it’s important to know just how public your online behavior can be.“Privacy” Mode Is Not Very PrivateMany of the most popular web browsers, such as Chrome, Firefox, Internet Explorer and Safari, offer the option to browse the web “privately” or “incognito.” However, this type of privacy doesn’t extend much further than your own computer. While Safari promises that its “Private Browsing” mode will keep your browsing history private, the reality is that websites you visit will still be able to identify your computer by its IP address – a unique identifier for each of your devices – given by your ISP.Your ISP (or your employer, if you’re using a work computer) may also keep a log of your browsing history that “Private Browsing” cannot hide or delete. The same is true for Chrome, which in fairness warns users that “going incognito doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit.” In general, these basic privacy modes only help keep your actions private from other users on the same computer.Cookie Blocking Prevents Many Commercial Trackers, But Leaves Big OpeningsSome users may choose to block their browsers from accepting HTTP cookies – small pieces of data sent from websites and stored in your browser – to make it more difficult for organizations to track them while they surf the web. (For more info on how cookies track your behavior online, check out this explainer.) In fact, the “privacy mode” setting in most browsers will delete the cookies your browser picks up during the private session to cover up your tracks. However, blocking or deleting these activity-tracking cookies still leaves major openings for companies to see what you’re up to on the web. Blocking cookies doesn’t prevent websites from logging your IP address. If you log into your Facebook, Google or Yahoo account, no matter where you’re accessing the web, those companies will be able to see your IP address and pinpoint your location. And of course, whatever ISP you’re using can still keep records of the sites you visit.Furthermore, a recent report by the EFF shows that even when users have blocked cookies, their browsers still put out enough unencrypted information to give the user a unique “fingerprint” that enables organizations to follow you from site to site. While it remains unclear if any organizations are actually taking advantage of this information to track users, Google has reportedly been looking into this type of technology to track users who don’t accept cookies.Tor and Encrypted Browsing Both Conceal and Highlight UsersTo overcome these gaps in online privacy, certain people have turned to forms of encrypted browsing that hide their web-surfing habits from both the websites they visit and their ISPs. The most popular tool, Tor, is a free application that encrypts the original data being transferred to and from your browser through a series of relays, making it extremely difficult for anyone to see which websites you’re visiting or what device you’re using. This also protects against the type of browser “fingerprint” tracking that the EFF recently warned about.However, searching for privacy-related applications like Tor can trigger spy agencies, such as the NSA, to mark and track users’ IP address (even though it may be impossible for them to monitor your online activities). In some cases, users who want to avoid government scrutiny may prefer to simply avoid privacy preserving tools altogether – the digital equivalent of “laying low” – and choose other methods for surfing the web anonymously (such as using computers at libraries or other public places). Until privacy applications like Tor gain broad adoption, this route may expose users to more scrutiny, undermining their efforts to remain anonymous on the web.Beyond the Mask of Encryption: Behavioral GiveawaysWhile Tor and other privacy-focused technologies may protect you from revealing most of your personal details as you surf the web, how you behave online may ultimately expose your true identity. If you think of the web as a public meeting place, then privacy technologies are like a mask or disguise – people won’t be able to recognize your identity on sight. But other details, such as the way you walk or talk, may be enough to tip off a careful observer.For example, computer scientists have begun to demonstrate how stylometry – the study of someone’s unique style of writing – can be used to identify anonymous posters in online forums. Drexel University researchers last year studied leaked conversations and contributions of hundreds of anonymous users in underground online forums and were able to identify 80 percent of the authors using stylometric analysis to match writing styles to unique identities. Stylometric analysis could become a common tool for law enforcement and government agencies to uncover supposedly anonymous posters on web forums, although this technique requires a large amount of data to be effective (the study required a minimum of 5,000 words for complete analysis).Even something as simple as posting a photo online may be enough to give away precise details about your identity. One famous example of this came after Vice magazine published a picture on their website of the fugitive tech pioneer John McAfee standing beside one of their journalists. Because the person taking the photo hadn’t turned off the geo-tagging feature that is common on most smartphones, McAfee’s location was exposed, leading to his arrest shortly thereafter.The bottom line is that while there are many powerful tools that can help conceal your identity online, complete anonymity can be very difficult to achieve. Relying on a few techniques to hide your IP address or block cookies may be enough to hide from most trackers, but every online activity leaves at least some trace, and each trace has the potential to expose your personal identity. How carefully you guard your behavior on the Internet will depend on your desire or need for privacy, but protecting your identity online is impossible without first understanding what information you’re giving away.
Link to comment
Share on other sites


Hmm... no mention of using alternative search engines like DuckDuckGo, Startpage.com, or Private.me

Because I'm a dial-up user, I have a dynamic (changing) IP address every time I log on. How does that fit into the grand scheme of things.

I'm glad this article mentions the lack of true privacy "cleaning programs" provide. It's more like they offer an illusion of privacy. They basically remove your history of recent documents from view, that's all. You know, it's like so your mom can't find out you're looking at nudie pictures. That's all. Meanwhile, your browsing habits are in the open for websites to save.

I wonder if always having javascript disabled slows down potential snoopers?

What about using outdated hardware or lesser used operating system, not to mention completely avoiding Google, Facebook, Yahoo, etc?

The part about John McAfee only makes me appreciate my old 3 Megapixel cameras even more, since they have no "Geo Location" on them.

My car is 40 years old too... no button for the police to switch it off or track it.

Older is better ;-)

Edited by LostInSpace2012
Link to comment
Share on other sites

Go to Panopticlick, do the test and ponder. Even if one's machine cannot be traced personally to one, machine fingerprinting may be enough to destroy any reasonable hope of true privacy, let alone true anonymity. Add to that stylometry, and that's how we are. However, when IPv6 becomes the only way to connect to the net, then things will be even worse, because changing deliberately dynamic IP address can provide some long term privacy due to PEBCAK on the part of the provider (incompetency or neglect to keep records). But in the US, EU, Japan and many other places, even that may not work, and it's possible they really may know which telephone line got which IP number, say, at noon, twelve years ago... but my point is: human incompetence (on the part of those in the middle) is one's best bet at some degree of privacy.

Link to comment
Share on other sites

Thanks, Dencorso, for the link. Okay here are the current results:

Within our dataset of several million visitors, only one in 892,222 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 19.77 bits of identifying information.

The measurements we used to obtain this result are listed below. You can read more about our methodology, statistical results, and some defenses against fingerprinting in this article.

Bear in mind, I'm using Windows ME (not a virtual computer, or dual partition setup, but an actual 14 year old computer) using K-Melon no javascript.

I wonder how that stacks up against the latest greatest computer security. Is it bad because it's unique and I have a bullseye on my back, or is it good because it's too old to be susceptible to modern spying devices?

Either way, it's not going to dissuade me from using this system. As I prefer it for many other reasons besides security.

Anyway, thanks for link.

Maybe some other folks will post their data too :-)

Edited by LostInSpace2012
Link to comment
Share on other sites

Look at it on the brighter side: you're almost anonymous if compared to:

 

Your browser fingerprint appears to be unique among the 4,461,184 tested so far.

Currently, we estimate that your browser has a fingerprint that conveys at least 22.09 bits of identifying information.

 

Bold red is mine. The above quotation refers to my XP SP3, using FF esr 24.7... The plugins I use are the source of most of the uniqueness.

 

One's best bet at anonymity seems to be to use a totally plain vanilla (preferably heavily sandboxed) IE or FF installation. Go figure!

Even then, stylometry can identify one, and make no mistake, 5000 words is needed for singling one very adept at hiding one's style, not average users.

Link to comment
Share on other sites

I got my score up to 21 bits by also disabling cookies. My uniqueness went to 2.5 million or so.

Here's a Tech Republic article about the Panopticlick test:

http://www.techrepublic.com/blog/it-security/panopticlick-your-web-browsing-is-less-anonymous-than-you-think/

^ A brief explanation, without needing to download the PDF from panopticlick website.

Edited by LostInSpace2012
Link to comment
Share on other sites

LostInSpace ... Thanks for posting this information. I also use K-Meleon ... have KM v1.6.0.2.6 by JamesD but just in the last few days found a newer version by  adodupan ... K-Meleon 1.8. build 24. Many web pages look and read better ... I just added a new User Agent to it a few minutes ago. I have this UA also added to KM v1.6.

 

It is ...

 

Googlebot

 

Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

 

It not 100 % but it does cut down on some information being shown ... I'm still looking for something better for just surfing. I have a Firefox 25 UA ID string since it works with my banking and other secure sites.

 

It's funny, when I go to the site that dencorso posted ... if I have JavaScript off then the site does nothing ... it only reads my information with JavaScript on. I usually surf around with JavaScript off unless it's needed for secure sites ... banking, Amazon, eBay and such or sometimes a general web page "demands" that JavaScript be turned on.

 

Interested in more input about having a Googlebot (or other bot crawler) as a UAgent and also keeping JavaScript off as much as possible ! Seems to be the way to go ... no JavaScript unless needed.

 

I also have Proxomitron running most of the time which also changes some ID information ... sometimes I have to put it on "Bypass", but not often ... using the Sidki filter set. It makes the Google Search Page very usable and pleasant to look at ... no ads and a Dark Blue color ... the only way to go into Google Search ... there is also a choice of Dark Gray and Light Blue for the Google page color ... Dark Blue is the default color.

 

Also to add ... I have many UA / Browser information websites saved in a folder but I had not heard of those posted by dencorso or DosProbie ... both very good for details.

Edited by monroe
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...