Anonymity and the Internet

Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We’ll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we’ll know who was responsible and take action accordingly.

The problem is that it won’t work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution — knowing who is responsible for particular Internet packets — is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.

Imagine a magic world in which every Internet packet could be traced to its origin. Even in this world, our Internet security problems wouldn’t be solved. There’s a huge gap between proving that a packet came from a particular computer and that a packet was directed by a particular person. This is the exact problem we have with botnets, or pedophiles storing child porn on innocents’ computers. In these cases, we know the origins of the DDoS packets and the spam; they’re from legitimate machines that have been hacked. Attribution isn’t as valuable as you might think.

Implementing an Internet without anonymity is very difficult, and causes its own problems. In order to have perfect attribution, we’d need agencies — real-world organizations — to provide Internet identity credentials based on other identification systems: passports, national identity cards, driver’s licenses, whatever. Sloppier identification systems, based on things such as credit cards, are simply too easy to subvert. We have nothing that comes close to this global identification infrastructure. Moreover, centralizing information like this actually hurts security because it makes identity theft that much more profitable a crime. Continue reading.

Related Posts

The Public Domain Manifesto The public domain, as we understand it, is the wealth of information that is free from the barriers to access or reuse usually associated with copyrig...
FreeBSD and the GPL Linus Torvalds has said Linux wouldn't have happened if 386BSD had been around when he started up. We trace the history of FreeBSD and how it's affect...
Why “Open Source” misses the point of Free Software By Richard Stallman: When we call software “free,” we mean that it respects the users' essential freedoms: the freedom to run it, to study and change ...
No Warrant Necessary to Seize Your Laptop The U.S. Customs may search your laptop and copy your hard drive when you cross the border, according to their policy. They may do this even if they h...
How the Swedish Pirate Party Platform Backfires on Free Software By Richard Stallman: The bullying of the copyright industry in Sweden inspired the launch of the first political party whose platform is to reduce cop...
Privacy by Design: The 7 Foundational Principles Privacy by Design is a concept I developed back in the 90’s, to address the ever-growing and systemic effects of Information and Communication Technol...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).


Leave a Comment

Your email address will not be published. Required fields are marked *

*