I spend a good amount of my time developing anti-anonymity technologies. Becoming anonymous online is easy. You just need to come up with an alias and not link it back to your real identity. Gmail and Yahoo! email accounts are free, and neither MySpace nor Facebook requires any personal information (and they cannot validate anything they ask for). You don't even need to post a real picture of yourself.
Anonymity gives a sense of power. People will do things under the guise of anonymity that they would never do in person. When everyone knows who you are, you will act differently. The rational is that the consequences of acting out will not be traced back to the individual. You can libel the opposition, leak trade secrets, or even make threats without fear of any legal ramifications. Anonymity is what makes online stalking, malware, spam, and denial-of-service attacks possible.
While it is trivial to create an anonymous profile, it is actually difficult to remain anonymous. People like to talk. People want praise for their deeds (even if their deeds are unethical, immoral, or illegal). And most importantly: anonymity only works as long as you don't link back to your real identity. Unfortunately, this is where people screw up. Given enough time, everyone makes mistakes.
There is a saying in the security field: The defender has an impossible mission. They must defend against all possible attacks, while the attacker only needs to find one vulnerability. The same goes for forensics: The attacker has an impossible mission. They must cover all traces that lead back to themselves, while the forensic examiner only needs to find one clue.
With computer security, forensics takes an interesting twist. There is rarely any physical evidence. However,
Locard's Exchange Principle still applies. Everything you touch, every system you connect to, every email you send, and every profile you create still contains a little bit of you.
I've given talks at security conferences on this type of trace evidence. In my presentation on "
You Are What You Type", I demonstrated ways to profile people based on the words they use and the keys they press. In many cases, I can identify attributes such as the type of keyboard, left or right handed, nationality, and education level. My talks on spam tracking and
Evil with Email" demonstrate how to track emails across the network. Similarly, my presentations on digital image analysis identify trace evidence left after image manipulations. Simply creating an anonymous online profile may be enough for someone to identify you.
Stepping Out of the Lab
Recently Eugene Kaspersky (CEO of anti-virus company Kaspersky Lab) was
interviewed by ZDnet. In the interview, he was asked about the problems with the Internet:
[ZDnet] What's wrong with the design of the Internet?
[Kaspersky] There's anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people--hundreds, or maybe thousands. Then it was introduced to the public and it was wrong...to introduce it in the same way.
I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.
Kaspersky's statement is having a ripple effect. It has been picked up by
media outlets and featured on
Slashdot.
I agree with part of his statement. The Internet was never designed for today's use model. Everything from the web and email to IPv4, IPv6, and even TCP were never designed for security. The reason I give talks on email abuse is because the Simple Mail Transfer Protocol (SMTP) has basic security problems. In fact, I consider SMTP to be the poster child for how
not to build a network protocol. Of course, this news about email isn't surprising. Email can be traced to an extension to FTP (another insecure protocol). In
RFC524: Proposed Mail Protocol, the author wrote:
Although one can (I think) and might, implement software on the basis of this document, this REALLY IS a Request for Comments. Comments, questions, position papers are solicited. There are, I'm sure, bugs in the protocol specified here, and I hope that readers will point them out via RFC as they discover them.
As it turns out, nobody really pointed out the issues (well, not exactly nobody... Back in 1975 Jon Postel wrote about the junk mail problem in
RFC706). Unfortunately, email was built on the flawed basis of RFC524. The bugs in the protocol are related to security and anonymity. (Yes, the core security issues around email are based on fundamental design flaws and not due to any problems in the implementations.)
I can understand how Kaspersky formed his opinion. Being an anti-virus vendor, he sees only the abuse side of the equation. However, there is another side...
Desired Anonymity
Many years ago I worked in a cubicle farm at a Fortune-100 company. In the department was a growing rift between the engineers and management. The engineers felt that their needs were not being heard and they were not being given direction. The management was upset about low quality products and technical issues. The real problem was the middle management. A few managers were known to have bad tempers, punish people who questioned their decisions, and established histories of shooting the messenger. The result of dissent would range from a bad review to no raise and placed on probation (the step before being fired).
The department decided to create an internal web site where employees could openly comment about concerns. Unfortunately, nobody used the system. The reason was simple: even though you never typed in your name, there were enough logs and other information that the person could be identified. Eventually I stepped in and implemented an anonymous comment system. The server recorded no logs, randomly delayed posts, and ensured that the submitter could not be identified. The next day, the comments began to come in. A few were insulting or degrading, but the vast majority were extremely constructive. (It wouldn't surprise me if they were still using the system today.)
If there is a fear of punishment, embarrassment, or harassment, then people will not step forward. It is through anonymity that we have whistle blowers and insight into corporate abuses. Without online anonymity, we would not have reports about government violence in China, Iran, and even the United States. Without anonymity, we would not have insider information from "unnamed government sources" and
Wikileaks would be out of business. And without online anonymity, we might never have insightful questions asked to media outlets, politicians, and corporations.
Assuming it was possible, getting rid of online anonymity would be like throwing the baby out with the bath water. Yes, it would reduce spam, malware, and identify theft. However, it will allow many other problems to fester without accountability. There is an absolute need for anonymity. In this regard, I feel that Kaspersky is grossly mistaken. Requiring an online identification system or Internet passport will only lead to more workplace violence (no outlet to report problems) and more crimes as people become afraid to report criminal activity.
Kaspersky misses one other critical element. The Internet was designed to work around blockages. If online identification becomes required then people will just develop new ways to work around the required identification. While we need a way to authenticate online entities, we also need to retain the ability to act anonymously. Removing anonymity means replacing the entire Internet.
