The Traceability of an Anonymous Online Comment

Yesterday, I described a simple scenario where a plaintiff, who is having difficulty identifying an alleged online defamer, could benefit from subpoenaing data held by a third party web service provider. Some third parties—like Facebook in yesterday’s example—know exactly who I am and know whenever I visit or post on other sites. But even when no third party has the whole picture, it may still be possible to identify me indirectly, by combining data from different third parties. This is possible because loading one webpage can potentially trigger dozens of nearly simultaneous web connections to various third party service providers, whose records can then be subpoenaed and correlated.

Suppose that I post an anonymous and potentially defamatory comment on a Boing Boing article, but Boing Boing for some reason is unable to supply the plaintiff with any hints about who I am—not even my IP address. The plaintiff will only know that my comment was posted publicly at “9:42am on Fri. Feb 5.” But as I mentioned yesterday, Boing Boing—like almost every other site on the web—takes advantage of a handful of useful third party web services.

For example, one of these services—for an article that happens to feature video—is an embedded streaming media service that hosts the video that the article refers to. The plaintiff could issue a subpoena to the video service and ask for information about any user that loaded that particular embedded video via Boing Boing around “9:42am on Fri. Feb 5.” There might be one user match or a few user matches, depending on the site’s traffic at the time, but for simplicity, say there is only one match—me. Because the video service tracks each user with a unique persistent cookie, the service can and probably does keep a log of all videos that I have ever loaded from their service, whether or not I actually watched them. The subpoena could give the plaintiff a copy of this log. Continue reading.

Related Posts

Internet Explorer’s dominant market share eroding Remember when Internet Explorer ruled the Web, to the tune of about 98% of the browser market share? Those were happy days for Internet Explorer. Unti...
Privacy Isn’t Dead – It’s Not Even Sleeping It’s become something of a predictable phenomenon: an article, op-ed, or blog post will surface with an incendiary quote indicating that privacy is de...
Windows 7 Sins now in 9 languages! Our campaign for computer user freedom, Windows 7 Sins, now has 6 language translations available with several more on the way. The translation eff...
The Evil That Apple Does Apple’s new iPad is going to be a laptop supplement for some early-adopters, a laptop replacement for others, and a laptop instead-of for still other ...
Video, Freedom And Mozilla My LCA talk on Friday was about why open video is critically important to free software, and what Mozilla is doing about (plus a discussion of the rel...
Privacy by Design: The 7 Foundational Principles Privacy by Design is a concept I developed back in the 90’s, to address the ever-growing and systemic effects of Information and Communication Technol...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).


Leave a Comment

Your email address will not be published. Required fields are marked *

*