Who Are You? Non? Anon?

"The Caterpillar and Alice looked at each other for some time in silence: At last the Caterpillar took the hookah out of its mouth and addressed her in a languid, sleepy voice. "Who are YOU?" said the Caterpillar. This was not an encouraging opening for a conversation." -- "Alice's Adventures in Wonderland" by Lewis Carroll

Indeed ... what a good question: Who are you?

And for that matter, who am I?

Last week I began a discussion on privacy and distinguished factual privacy ("static" facts about you like the color of your hair) from "lifestream" privacy (information about what you do, where you go and who you communicate with).

IN THE NEWS: LinkedIn hurries to address privacy spat

Before I follow up, as threatened, by discussing how businesses abuse their knowledge of your lifestream data, this week we need expand on our discussion of privacy by delving into the issue of identity.

Identity is always a tricky issue in the real world, let alone online. For example, you might think you have some reasonably sound idea about who I am IRL (In Real Life) such as -- and I'm just, as they say, "spit-balling" here -- an expostulator of opinions, a butcher of tech products, an international man of mystery, someone whose middle name is "Danger" and a doctor of divinity (I am available for weddings). But what do you really know about me? What can you verify?

If we were to meet in "meatspace" (a.k.a., face-to-face or FTF), you'd be able to make all of those amazingly quick monkey-brain judgments about my "friend or foe-ness" that a million years of evolution have equipped us to do (of course, if you've read "The Sociopath Next Door: The Ruthless vs. the Rest of Us," or "The Psychopath Test: A Journey Through the Madness Industry," you might be a little more cautious about your reflexive conclusions).

But in today's online business and social worlds, we might never meet FTF, and online many people often choose to hide their identities to a greater or lesser degree.

If you don't want your identity known online then you have to consider online anonymity. In meatspace, anonymity is like standing behind a curtain and having a conversation with your voice disguised.

While there's a similarity between online and offline anonymity, being anonymous online is somewhat simpler than in the real world. That said, should you attract the attention of certain powerful people, there's a chance that how you implement your anonymity might not be effective. Even more crucially, that chance will be modified by the technical lengths you are willing to go to ensure your anonymity.

Online anonymity comes in two flavors: what you might call "shallow anonymity" and "deep anonymity."

Shallow anonymity is what you get when, for example, you read this column online and post a comment without logging in. This is allowed in many forums such as those run by Network World and maximizes the possibility of getting feedback but also occasionally leads to such evils as comment spam and incivility.

DEBATE: Argh! Another Facebook Zuckerberg wants to kill off anonymity

While the spam can be administered away, incivility is often harder to deal with and not all uncivil comments are truly meant. I've seen several occasions where anonymous commentators have revised their position after their response was challenged and a useful conversation was the result. It appears that many people, when they make anonymous comments, simply don't consider the implications of what and how they express themselves.

I suspect that the simple rivalrous impulses we all experience and the presumed lack of accountability that comes from simple anonymous commenting makes it easy for some people to expose those aggressive drives to a greater or lesser degree.

But the real problem with shallow anonymity for people hiding their identity is that it means bupkis if someone or some group with power wants to know who they really are.

Here in the U.S. anyone with an ax to grind can, for example, subpoena your ISP to find out what location your IP address maps to. There is (or should be) due process involved, but in many other countries the identification process doesn't require any legal formalities; the first time you know you're "of interest" you'll probably be in prison.

It's obvious that shallow anonymity is, in some circumstances, not a good idea where serious matters are involved (such as civil disobedience or whistle-blowing), so the alternative for those who want to truly protect their identity is deep anonymity.

But to use deep anonymity you're going to have to get technical and resort to, for example, an "onion routing" service such as the Tor network or the recently publicized Telex stealth proxy system.

While there's been some discussion of how the anonymity provided by these services isn't completely bulletproof (for example, the Tor network could be breachable), the reality is that for you and your activities to be monitored and decoded, you would have to be of huge interest to people with serious computing and surveillance resources ... which is something that would place you, presumably, in bed with terrorists and people selling stolen nuclear weapons. But the possibility of generally effective anonymity exists.

Finally, there is another side of anonymity we haven't yet addressed: Pseudonymity, the use of false names to protect or obfuscate one's identity. But we're out of space. We'll slice and dice that issue next week.

Gibbs is completely nonymous in Ventura, Calif. Share your identity with backspin@gibbs.com.

Read more about wide area network in Network World's Wide Area Network section.

Subscribe to the Security Watch Newsletter

Comments