Collaboration

Debunk the myth of true Internet anonymity

Anonymous Internet usage is an appealing concept to many people, but whether it's actually possible is a different matter. In this edition of Internet Security Focus, Jonathan Yarden discusses whether true anonymity on the Web is really feasible.

There are several jokes and cartoons out there that play on the idea of the "anonymous" Web, an Internet where you can be whatever and whomever you want. Most mainstream computer users willingly buy into this concept, deceived by the ability to adopt cryptic usernames and e-mail addresses.

Anonymous Internet usage is an appealing concept to many people, but whether it's actually possible is a different matter. Generally speaking, it's relatively simple to intercept—and at the least, monitor—the transmission of digital information.

Every time you transmit data from a computer to or from somewhere else using the Internet, literally dozens of places can exist that are monitoring the transmission. Clear-text protocols offer no built-in protection from eavesdropping. In addition, the transmission leaves traces of "evidence" on your computer—regardless of if you use data encryption or one of those software "evidence eliminator" packages.

An anonymous Internet, if such a thing existed, would be immune to eavesdropping entirely, and it would have no record of a communication ever existing. Anonymous Internet usage is like a "cash" form of communication: It would leave no traceable evidence.

In certain countries, the government restricts and/or controls Internet use. For example, China has one of the most extensive Web proxy server and monitoring capabilities in the world, aptly dubbed the "Great Firewall of China."

The Chinese government controls, monitors, and censors Internet access at will. Dissidents and those opposed to the Chinese government, including other governments, constantly try to bypass the censors, but the Great Firewall soon discovers and blocks these noncensored "anonymous" proxy servers.

So it's understandable why some people see the benefits in leaving no traces of any communication, especially when there's a fear of reprisal from a government or other organizations. It would be as if the transmission never happened. There's no record of it ever occurring, and therefore it doesn't exist.

But, however appealing this concept may be to some, the fact remains that it isn't realistic. Companies and individuals alike need to be aware that there really is no such thing as anonymous Internet usage. If someone wants to determine what a computer is doing on the Internet, there's always a trail to follow.

Computer users leave traces of information with almost every data transmission. In fact, an entire computer subindustry has evolved to deal with removing these traces of information, but these companies can only remove what's on a computer. There are so many other points that can record the "digital footprints" of Internet activity that it's impossible to completely guarantee anonymity.

Whether anonymous Internet usage will ever exist is not important. What is important is that companies become aware that Internet activity is easy to monitor from a variety of locations, even when data encryption is in use.

Miss an issue?

Check out the Internet Security Focus Archive, and catch up on the most recent editions of Jonathan Yarden's column.

Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday.

Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.

0 comments