Do you have a right to know who’s spamming you or talking to you? The short answer, ‘yes’, the long answer- It’s almost impossible to implement anything that could give you a www identification to prove you really are who you say you are, yet protect your privacy from stalkers/rapists/con men/ax murderers/employers/creditors/ex’s etc. And yet you want to make sure that friend you’ve been speaking to on a forum for years or the person behind a website that although shows photos and has been around for years (like… ummm… this one) is really the person they claim to be. And with every ‘solution’ we can think of, there’s always going to be those asses out there who find a way to be the bane of society and bypass what ever is put in place.
So- do we trust and assume, do we find comfort behind a cloak of anonymity or do we have absolutely nothing to hide and try to urge people to not hide behind the keyboard and reveal who they really are. Most people I know like to keep themselves hidden, in that case- pick up a hard copy book and go to a meet and greet? I’d like to maintain some sort of privacy (if you don’t want people to know what you do behind your closed doors offline keep it that way) but I’d like to at least keep my banking information, credit score, and SSN away from devious hands. Other than that- I rarely floss, I have sex outside of marriage, I live in a mansion with 12 roommates who are giant bodyguards, I own 13 attack dogs and my house is equipped with automatic machine guns that sadly go off even if a butterfly trespasses. See, my life is an open book.
I’d like to know the people behind places I’m visiting sometimes, or knowledge of who is sending me communications. “Is that comment from a spam bot or is it legit? Can we freaking do away with spam bots once and for all?” (I don’t think that’s in the article but OMG). No one reads spam these days and no one follows those damned links.
On the other hand. I’d rather not have identity theft, people collecting public knowledge about me via status updates or posts and forming an assumption about me based on what I felt like exposing at that moment in time (I could always refrain if I wanted to). If you’re going to be flouncing around the net, be prepared for some humiliations or repercussions I guess or be careful with your www imprint.
What brought this question up? I was on my lunch hour at work (yes, I have a ‘me’ lunch hour for now- first time in 4 years- sadly I can’t access my website to update at my peak energy time) and I came across this article on Forbes that resurfaced previous thoughts on the matter and generated some new ones:
The Internet: Anonymous Forever
Bruce Schneier, 05.12.10, 6:00 PM ET
Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We’ll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we’ll know who was responsible and take action accordingly.
The problem is that it won’t work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution–knowing who is responsible for particular Internet packets–is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.
Imagine a magic world in which every Internet packet could be traced to its origin. Even in this world, our Internet security problems wouldn’t be solved. There’s a huge gap between proving that a packet came from a particular computer and that it was directed by a particular person. This is the exact problem we have with botnets, or pedophiles storing child porn on innocents’ computers. In these cases, we know the origins of the distributed denial-of-service packets and the spam; they’re from legitimate machines that have been hacked. Attribution isn’t as valuable as you might think.
Implementing an Internet without anonymity is very difficult, and causes its own problems. In order to have perfect attribution, we’d need agencies–real-world organizations–to provide Internet identity credentials based on other identification systems: passports, national identity cards, driver’s licenses, whatever.
Sloppier identification systems, based on things such as credit cards, are simply too easy to subvert. We have nothing that comes close to this global identification infrastructure. Moreover, centralizing information like this actually hurts security because it makes identity theft that much more profitable a crime.
And realistically, any theoretical, ideal Internet would need to allow people access even without their magic credentials. People would still use the Internet at public kiosks and at friends’ houses.
People would lose their magic Internet tokens just like they lose their driver’s licenses and passports today. The legitimate bypass mechanisms would allow even more ways for criminals and hackers to subvert the system.
On top of all this, the magic attribution technology doesn’t exist. Bits are bits; they don’t come with identity information attached to them. Every software system we’ve ever invented has been successfully hacked, repeatedly. We simply don’t have anywhere near the expertise to build an airtight attribution system.
Not that it really matters. Even if everyone could trace all packets perfectly, to the person or origin and not just the computer, anonymity still would be possible. It would just take one person to set up an anonymity server. If I wanted to send a packet anonymously to someone else, I’d just route it through that server. For even greater anonymity, I could route it through multiple servers. This is called onion routing and, with appropriate cryptography and enough users, it adds anonymity back to any communications system that prohibits it.
Attempts to banish anonymity from the Internet won’t affect those savvy enough to bypass it, would cost billions, and would have only a negligible effect on security. What such attempts would do is affect the average user’s access to free speech, including those who use the Internet’s anonymity to survive, such as dissidents in Iran, China and elsewhere.
Mandating universal identity and attribution is the wrong goal.
Accept that there will always be anonymous speech on the Internet.
Accept that you’ll never truly know where a packet came from. Work on the problems you can solve: software that’s secure in the face of whatever packet it receives, identification systems that are secure enough in the face of the risks. We can do far better at these things than we’re doing, and they’ll do more to improve security than trying to fix insoluble problems.
The whole attribution problem is very similar to the copy protection/digital rights management problem. Just as it’s impossible to prevent specific bits from being copied, it’s impossible to know where specific bits came from. Bits are bits. They don’t naturally come with restrictions on their use attached to them, and they don’t naturally come with author information attached to them.
Any attempts to circumvent this limitation will fail, and will increasingly need to be backed up by the sort of real-world, police-state measures that the entertainment industry is demanding in order to make copy protection work. That’s how China does it: police, informants and fear.
Just as the music industry needs to learn that the world of bits requires a different business model, law enforcement and others need to understand that the old ideas of identification don’t work on the Internet. For good or for bad, whether you like it or not, there’s always going to be anonymity on the Internet.
Bruce Schneier is a security technologist and the chief security technology officer of BT. Read more of his writing at www.schneier.com.
