The Traceability of an Anonymous Online Comment

Yesterday, I described a simple scenario where a plaintiff, who is having difficulty identifying an alleged online defamer, could benefit from subpoenaing data held by a third party web service provider. Some third parties—like Facebook in yesterday’s example—know exactly who I am and know whenever I visit or post on other sites. But even when no third party has the whole picture, it may still be possible to identify me indirectly, by combining data from different third parties. This is possible because loading one webpage can potentially trigger dozens of nearly simultaneous web connections to various third party service providers, whose records can then be subpoenaed and correlated.

Suppose that I post an anonymous and potentially defamatory comment on a Boing Boing article, but Boing Boing for some reason is unable to supply the plaintiff with any hints about who I am—not even my IP address. The plaintiff will only know that my comment was posted publicly at “9:42am on Fri. Feb 5.” But as I mentioned yesterday, Boing Boing—like almost every other site on the web—takes advantage of a handful of useful third party web services.

For example, one of these services—for an article that happens to feature video—is an embedded streaming media service that hosts the video that the article refers to. The plaintiff could issue a subpoena to the video service and ask for information about any user that loaded that particular embedded video via Boing Boing around “9:42am on Fri. Feb 5.” There might be one user match or a few user matches, depending on the site’s traffic at the time, but for simplicity, say there is only one match—me. Because the video service tracks each user with a unique persistent cookie, the service can and probably does keep a log of all videos that I have ever loaded from their service, whether or not I actually watched them. The subpoena could give the plaintiff a copy of this log. Continue reading.

Related Posts

Enforcement of the GNU GPL in Germany and Europe A. Rationale for enforcement of the GPL - At present, the enforcement of the GPL license conditions is driven by single developers and organizations s...
The Toyota recall and the case for open, auditable source code Public Safety is not a matter of Private Concern In a recent article, Slate's Farhad Manjoo attempts to play down fears of faulty software in car bra...
Proposed guidelines for open government plans Open Source for America (OSFA) represents more than 1,600 businesses, associations, non-governmental organizations, communities, and academic/research...
A Bill of Privacy Rights for Social Network Users Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connection...
Internet Explorer’s dominant market share eroding Remember when Internet Explorer ruled the Web, to the tune of about 98% of the browser market share? Those were happy days for Internet Explorer. Unti...
Good Artists Copy, Great Artists Steal In 2003, after I unveiled a prototype Linux desktop called Project Looking Glass*, Steve called my office to let me know the graphical effects were “s...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

Leave a Comment

Your email address will not be published. Required fields are marked *