Tuesday, 15 October 2013

Forget About Online Anonymity

Anonymity; and the Internet.

There’s an argument I find myself having with friends at a surprisingly regular rate. They acknowledge me not wanting to join Facebook due to privacy concerns, but they do not understand why I don’t join under false credentials.
I see no point in repeating why I’m not on Facebook here again. The executive summary of those deliberations would tell you the cost to benefit ratio is a poor one, and the blame is on both sides of the equation. In comparison, Twitter gives me tremendous value at a much smaller cost (albeit looking as if that cost would rise, now that Twitter is staring down an IPO).
My friend’s point still remains, though: why can’t I eliminate the privacy cost factor by providing false credentials? The answer there is simple, yet most people seem to refuse to stare it in the eye. The answer is that there is no such thing as anonymity online; false credentials or not, a company like Facebook will be able to identify me for who I represent quickly enough, brushing aside the effects of my false name/gender/age like a tornado does a fart.
Ignoring the fact Facebook has been known to manage “shadow profiles” that include information collected through various dodgy means, it doesn’t take much to figure out that by metadata alone Facebook will clearly be able to know who I am. Looking at today’s news we hear the NSA has the ability to identify and track people who regularly replace their cell phones; Facebook can achieve similar feats using the metadata on its hands. The user does not have to use my name in order to be seen as me; all it takes is for the user to have similar Internet activity background, collect similar cookies along the way as they do their online shopping (to give but one example), and Facebook will take it from there. Not to mention accessing Facebook keeping track of my IP addresses.
Similar fallacies are taking place whenever we are told we should not be concerned with Big Data because it’s all anonymised. These are bullshit claims: take annoymised satnav mapping data as an example. Surely, trips that start or end at my home address can be attributed to me; and if that is the case, then whoever sees where these trips end up at can tell where I work and hangout as well as what times I leave home etc. It does not take much effort to show this example applies elsewhere, too.
But let’s go back to Facebook. Yes, I can trick them a bit by using tools like Ghostery/Disconnect to prevent them from collecting information on my computer browsing habits. But companies such as Facebook are working hard on new tracking techniques. This week alone we heard that Microsoft intends to follow Google up on researching ways to replace the Internet cookie, the most popular online tracking method. No doubt it would seek a tracking measure that is not as easy to avoid. We also heard how a smartphone (or tablet’s) accelerometer can provide unique identification for its user; and once Facebook knows to associate you with that particular accelerometer that would be it.
The “nice” thing about identification by accelerometer is that, for now, there is nothing you can do about it. But if you think such a thing is science fiction, think again: companies are already known to track users by the specific settings of their browsers. As it happens, we all have different browser settings. For example, the one I’m using now happens to be the latest version of Chrome, running on a Mac running the latest version of OS X, with these certain fonts, those certain plug ins, etc. The more unique these settings are, the easier it is to pick me from the rest of the mob; and in my case, tools such as Ghostery/Disconnect/Disconnect Search/NoScripts/Click to Play per-element and more make me quite unique. In fact, the irony is that the more protective measures I add to my browser, the more unique and thus easily identifiable I become.
EFF is running this website, where you can check for the uniqueness of your browsers. My primary browser, Firefox, is identified as a unique one among 40,000. My Chrome browser stands totally unique: nothing in the EFF’s database of more than 4,000,000 browsers matches mine. Now, being able to identify a person with odds of 1:4,000,000 is pretty accurate, I reckon.
It doesn’t matter whether I use Tor or VPN to hide my IP address (and geographical location); my browser’s settings remain the same. Thus my point is made: forget about online anonymity; anyone willing to make the effort will see right through you. Multibillion dollar behemoths like Facebook and Google surely do.
Things come down to this. Anything you do online leaves a footprint, whether it's a Skype call or whether you deal with more dodgy stuff. The question one needs to ask oneself before embarking on such activities is whether the necessary privacy sacrifices are worth it. The problems are twofold: first, we have arrived at a situation where governments, especially the USA, have twisted the Internet on its back and turned it from an information tool into Big Brother's wet dream; many companies, many if not most of them American, follow suit. On the other hand there are the people, the majority of which claim to care for their privacy but are either too ignorant or too short sighted to appreciate what's really going on here.

Image by Stian Eikeland, Creative Commons license

No comments: