Anonymity and the Internet

Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We’ll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we’ll know who was responsible and take action accordingly.

The problem is that it won’t work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution — knowing who is responsible for particular Internet packets — is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.

Imagine a magic world in which every Internet packet could be traced to its origin. Even in this world, our Internet security problems wouldn’t be solved. There’s a huge gap between proving that a packet came from a particular computer and that a packet was directed by a particular person. This is the exact problem we have with botnets, or pedophiles storing child porn on innocents’ computers. In these cases, we know the origins of the DDoS packets and the spam; they’re from legitimate machines that have been hacked. Attribution isn’t as valuable as you might think.

Implementing an Internet without anonymity is very difficult, and causes its own problems. In order to have perfect attribution, we’d need agencies — real-world organizations — to provide Internet identity credentials based on other identification systems: passports, national identity cards, driver’s licenses, whatever. Sloppier identification systems, based on things such as credit cards, are simply too easy to subvert. We have nothing that comes close to this global identification infrastructure. Moreover, centralizing information like this actually hurts security because it makes identity theft that much more profitable a crime. Continue reading.

Related Posts

How essential is anonymity to peer to peer relationality? How essential is anonymity to peer to peer relationality? I believe answering that question becomes easier if we look at the historical development...
FTC’s exploring privacy roundtable webcast "The Federal Trade Commission will host a series of day-long public roundtable discussions to explore the privacy challenges posed by the vast array o...
Why “Open Source” misses the point of Free Software By Richard Stallman: When we call software “free,” we mean that it respects the users' essential freedoms: the freedom to run it, to study and change ...
Breaking the dependency on proprietary software: A call to nonprofits to refuse Microsoft ... "sinking money and time into proprietary software is inconsistent with the core values of freedom and progress." The Free Software Foundation (FSF)...
Federal Intellectual Property Enforcement Gears Up The Obama Administration has been slowly ramping up its attention to intellectual property issues. Over the past few months, we've seen an IP "summit"...
Enforcement of the GNU GPL in Germany and Europe A. Rationale for enforcement of the GPL - At present, the enforcement of the GPL license conditions is driven by single developers and organizations s...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*