privacy and licensing

Anonymity and the Internet

Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We’ll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we’ll know who was responsible and take action accordingly.

The problem is that it won’t work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution — knowing who is responsible for particular Internet packets — is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.

Imagine a magic world in which every Internet packet could be traced to its origin. Even in this world, our Internet security problems wouldn’t be solved. There’s a huge gap between proving that a packet came from a particular computer and that a packet was directed by a particular person. This is the exact problem we have with botnets, or pedophiles storing child porn on innocents’ computers. In these cases, we know the origins of the DDoS packets and the spam; they’re from legitimate machines that have been hacked. Attribution isn’t as valuable as you might think.

Implementing an Internet without anonymity is very difficult, and causes its own problems. In order to have perfect attribution, we’d need agencies — real-world organizations — to provide Internet identity credentials based on other identification systems: passports, national identity cards, driver’s licenses, whatever. Sloppier identification systems, based on things such as credit cards, are simply too easy to subvert. We have nothing that comes close to this global identification infrastructure. Moreover, centralizing information like this actually hurts security because it makes identity theft that much more profitable a crime. Continue reading.

Related Posts

Windows 7 Sins now in 9 languages! Our campaign for computer user freedom, Windows 7 Sins, now has 6 language translations available with several more on the way. The translation eff...
Unintended Consequences: Twelve Years Under the DMCA Twelve years after the passage of the controversial Digital Millennium Copyright Act (DMCA), the law continues to stymie fair use, free speech, scient...
Celebrating Data Privacy Day I'm assuming most people already know this, but if you did not, today is Data Privacy Day. Given that those in control of the wheels of the digital ma...
How essential is anonymity to peer to peer relationality? How essential is anonymity to peer to peer relationality? I believe answering that question becomes easier if we look at the historical development...
Why free software shouldn’t depend on Mono or C# by Richard M. Stallman Debian's decision to include Mono in its principal way of installing GNOME, for the sake of Tomboy which is an application w...
Google Buzz Privacy Update Over the weekend, Google announced significant changes to its new social networking service, Buzz. Responding to criticism (including EFF's), Google ...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*