The Traceability of an Anonymous Online Comment

Yesterday, I described a simple scenario where a plaintiff, who is having difficulty identifying an alleged online defamer, could benefit from subpoenaing data held by a third party web service provider. Some third parties—like Facebook in yesterday’s example—know exactly who I am and know whenever I visit or post on other sites. But even when no third party has the whole picture, it may still be possible to identify me indirectly, by combining data from different third parties. This is possible because loading one webpage can potentially trigger dozens of nearly simultaneous web connections to various third party service providers, whose records can then be subpoenaed and correlated.

Suppose that I post an anonymous and potentially defamatory comment on a Boing Boing article, but Boing Boing for some reason is unable to supply the plaintiff with any hints about who I am—not even my IP address. The plaintiff will only know that my comment was posted publicly at “9:42am on Fri. Feb 5.” But as I mentioned yesterday, Boing Boing—like almost every other site on the web—takes advantage of a handful of useful third party web services.

For example, one of these services—for an article that happens to feature video—is an embedded streaming media service that hosts the video that the article refers to. The plaintiff could issue a subpoena to the video service and ask for information about any user that loaded that particular embedded video via Boing Boing around “9:42am on Fri. Feb 5.” There might be one user match or a few user matches, depending on the site’s traffic at the time, but for simplicity, say there is only one match—me. Because the video service tracks each user with a unique persistent cookie, the service can and probably does keep a log of all videos that I have ever loaded from their service, whether or not I actually watched them. The subpoena could give the plaintiff a copy of this log. Continue reading.

Related Posts

Why I Will Not Sign the Public Domain Manifesto By Richard M. Stallman: The Public Domain Manifesto (http://www.publicdomainmanifesto.org/node/8) has its heart in the right place as it objects to so...
In Networks We Trust European researchers are proposing a paradigm-shifting solution to trusted computing that offers better security and authentication with none of the d...
Federal Intellectual Property Enforcement Gears Up The Obama Administration has been slowly ramping up its attention to intellectual property issues. Over the past few months, we've seen an IP "summit"...
Why I Am Against Software Patents The surprise to most people isn’t that I do not believe that software should be patentable. Given my long term interest in and coverage of free and op...
Privacy Risks from Geographic Information In today's world more geographic information is being collected about us, such as where we live, where the clinic we visited is located, and where we ...
No Warrant Necessary to Seize Your Laptop The U.S. Customs may search your laptop and copy your hard drive when you cross the border, according to their policy. They may do this even if they h...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*