Friday, October 22, 2010

Pseudo-anonymity: Defense

Back to our FIFO queue! Today we have...

pop(Pika):
The other day I made a mistake and left a comment on someone's blog under my own first name instead of the pseudonym. I deleted it as soon as I noticed, but then I got a bit paranoid if anyone could see who I am just from that one single comment. So I googled my first name.

And got the shock of my life.

I am there, my workpage pops up immediately, right on the first page of results... 
How googleable are you? 
I meant to post about this topic months ago, but found myself struggling with how to appropriately discuss it. The problem with me writing a post like this is I could give hints on how to 'out' someone who is blogging/internetting pseudo anonymously, and I don't really want to do that for obvious reasons. The good news is that most of the techniques to de-anonymize bloggers remain firmly in the realm of researchware, but I wouldn't bank on that being the case for too much longer.

Instead, I'd like to suggest a few defensive things pseudo anonymous netizens can do to help maintain their anonymity. Some of these suggestions are social, some are technical, but nearly all are grounded in the privacy literature.

1) Don't tell anyone you know in your open (non-anon) life about your pesudo-anonymous identity/blog. Someone will tell someone, and the next thing you know someone posts something somewhere revealing your real name. People are awful at keeping secrets, and if you ever become a famous (or controversial) blogger you run the risk of someone accidentally (or purposely) outing you.

2) Don't write things that would be devastatingly embarrassing for you if you were outted. As I said, right now it's easy to be a little bit anonymous online, but I would not at all bet on that trend continuing. I saw a paper presented at a conference recently that scared the crap out of me, so do take heed.

3) If you blog, turn on the comment approval settings. If you use facebook or other social networks, even if it's under your pseudonym, turn on the settings to approve your wall posts / picture sharing / etc. Seriously, lock that puppy down. Better to introduce a delay then suffer the consequences of someone commenting, "Great post, Imelda D! See you at lunch tomorrow."

4) Never forget: once it's out there, it's out there. There are no takebacks in the era of RSS feeds and google. There is no ephemerality. Be extra careful when you post something not to sign your real name, discuss something specific about your location, etc. You have absolutely no idea who is subscribed to get a blog's comments, and once their RSS reader grabs it, there's nothing you can do.

5) There is a lot of literature on how people can infer your identity based on your interests, social network friends, etc. (See references in this post). Some people who work in the security/privacy fields make their name on this kind of thing, no pun intended. Again, this supports my first suggestion to keep your pseudo-anonymous life and your non-anonymous life as separate as possible. If you need to share something personal, change some details here and there. You know, say you love dogs instead of cats.

6) Use Tor, or another anoymizer web browsing service when visiting other people's blogs/websites. Definitely anonymize your IP when commenting elsewhere under your pseudonym. While Google Analytics provides a slight layer of anonymity and lets your individuality get lost in the noise, not all trackers are so gracious. Remember, every time you hit a webserver, your IP address is logged. It is trivial to deduce who you are based on your IP. So you are completely relying on the good graces of the website/blog owner not to out you. By using an anonymizer, you can at least protect yourself a bit better.

I think that's it for now. Happy pseudo-anonymous blogging!

6 comments:

  1. You've seriously freaked me out...

    ReplyDelete
  2. Tor is an excellent recommendation.

    One more suggestion, for folks who buy their own domain: don't list your real name in the domain registration (or at least use a service that provides domain registration privacy services you trust).

    If you use email for anything related to blogging, I would also suggest a separate email account for your blogging.

    I study security and privacy in my day job. I wouldn't freak out about it. Some caution is appropriate, but I don't think you need to freak out. If you take some basic precautions (as, e.g., FCS suggests), my guess is that you'll be OK. Possibly the most important and most effective precaution: don't write anything that you would be absolutely horrified to see in the NY Times next to your real name.

    If you are super-concerned, there are some resources that will help provide even better anonymity: the EFF has a guide (http://www.eff.org/wp/blog-safely), and they also link to a guide by Ethan Zuckerman. However I suspect that for most purposes, those recommendations are overkill for academic bloggers who want to remain anonymous -- and some of those recommendations defeat the purpose (by limiting one's audience).

    P.S. Female Computer Scientist, I love your blog.

    P.P.S. Female Computer Scientist, are you aware that your blog is configured in a way that makes it difficult or impossible to post comments from a web browser that is configured for privacy and anonymity? I normally browse with a web browser that turns off third-party cookies, uses a privacy filter that limits tracking cookies, and doesn't send detailed Referer: information. However, from that browser, the "Post a Comment" field does not show up. (I think it's that blogspot.com does not allow anyone to post comments if they block third-party cookies.) I had to take special steps to disable all of my privacy/anonymity protections on my browser just to let me post this comment. This is a bit ironic, given your post recommending people use technology to protect their anonymity.

    ReplyDelete
  3. Oh, one more thing, if you use use email for anything blog-related.

    You can set up a separate email address for your blog-related stuff and receive email there. However I would not recommend sending out any email related to your blogging. Using your separate blog-related email identify to send email is not really safe: many free email services (e.g., Gmail, Yahoo, etc.) will include your IP address in the email under certain conditions, so anyone who receives such an email may be able to recover your IP address -- and this can compromise your anonymity. For instance, do not reply to any email you receive via this email account.

    Also, if you read email for this account, I suggest configuring your mail-reader (or, for webmail, your email account) to turn off automatic loading of inline images, turn off automatic return receipt, turn off Javascript and Java, and enable all privacy settings (so that reading an email does not leak your IP address). If you can disable support for HTML email, even better.

    (As for sending email related to your blogging identity, there are ways to send email anonymously but they are a bit more complicated, and I suspect for most people it's not worth it.)

    So, in short: the easiest, safest way is: don't use email for anything blog-related. Or, if you do want to be able to receive emails, set up a separate email account for blog-related stuff, and only receive email, never send blog-related email, and configure your mail-reader for privacy.

    ReplyDelete
  4. AnonSecurityProf, for some reason your comments aren't showing up, but I did get the emails. I'll try posting them again for you, hope that's ok.

    ReplyDelete
  5. Ah, I figured out the problem. Apparently google has introduced a new spam filtering system into blogger. Comments are sent to me via email, but thrown into a spam bin on the blogger website. I just had to flag your comments as "not spam", and now they're showing up fine. Strangely, some of my test anon comments got posted, but some got flagged as spam. I guess they're still working out the bugs.

    ReplyDelete
  6. Ok, now that the comment housekeeping is done --

    @GMP: I wouldn't freak out, I'd just be a bit careful. After what happened to Pika, I wanted to make sure folks really understood how little control they have over their electronic communications. (And now, due to the nature of RSS and blogs, you really can't easily know who's reading). I think the truth is most people are far too lazy to wade through all their traffic to figure out who said what when, and figure them out via their IP. You get pretty good security through obscurity.

    @AnonSecurityProf, thanks for your helpful comments, especially those regarding mail settings and the EFF links. Maybe you'd like to write a guest post on how to send mail anonymously (or slightly more anonymously than the default) using something like gmail?

    As for your comment regarding my blog's comment settings, I will look into it, but I'm afraid I have very little control over what blogspot does in general. I know they have some internal stuff to prevent spam (such as that spam checker that your comments got stuck in and the word verification stuff), and that may be causing weird behavior. When I have some free time (sadly may be awhile), I'll set up some Vidalia /Chrome goodness and really have at it.

    (I know the other answer is "don't use blogspot", but to be honest I've really grown to like it.)

    ReplyDelete