Protecting Privacy / Anonymity of an Online Identity February 17, 2017Posted by ficial in brain dump, techy.
Here are the easy steps-
1. Don’t say any / give any information that’s in any way connected to your offline identity (including avoiding biometric security)
2. Keep each private identity as separate from all other identities as possible.
3. Don’t use tablets or phones to access your private identity.
4. Use a randomizing service for creating email addresses, security question answers, passwords, etc.
6. Limit what each identity is used for.
As always with security, nothing is ever completely safe. All mitigation efforts should be approached not as guaranteeing privacy, but simply making things a bit harder for an antagonist. Hopefully the antagonists resources and/or attention are limited to the point where the steps you take maintain your privacy.
There are three main actions an antagonist can take to attack the privacy of an online identity:
– coalesce : use overlapping aspects to link one online identity to another (i.e. note that two separate online identities are controlled by the same person), unifying them into a single online identity
– clarify : discover information that links an online identity to an offline one
– cohere : discover information that makes it easier to link one online identity to another; make an online identity ‘stickier’
Each of these actions makes all subsequent actions easier, creating a positive feedback network. Maintaining privacy requires addressing each area of attack. There are two basic approaches to mitigating each action. First, to the extent possible avoid providing information that supports that action. This works directly against the action. Second, provide misleading information to lead an antagonist to incorrect conclusions. This also works directly against the action, and has the secondary benefit of potentially disrupting the feedback network. Since the privacy of a known identity is, by definition, already compromised the remainder of this discussion focuses on anonymous and pseudonymous identities.
All three kinds of actions essentially boil down to adding or marking aspects of those different identities that overlap until one has enough overlap to safely consider them the same. Coalescing is matching non-known identities using various markers. Clarifying is matching an online identity with a (unique) offline one. Cohering is adding more markers thus making the previous two actions possible / more likely. Here are five categories of markers that might be used, from easiest to hardest; interestingly, that’s the both the difficulty for you to mitigate those kinds of markers, and the difficulty for an antagonist to make use of them.
1. ANY offline identity information (not only name, mailing address, demographics, etc., but also any mention at all of local geography, employment, familial connections, social connections, political connections, any biometric info, answers to security questions, etc.). This is probably the easiest sort of marker to manage – simply don’t provide that information. Some of that is easy – e.g. not using your real name – while others might require more self discipline – e.g. not mentioning the local weather, or avoiding passing along a link for some funny cat video. Also of note here is that a biometric security element can increase your data protection while decreasing your identity protection, so for any identity where privacy is tantamount look to security measures other than biometrics.
2. arbitrary information (usernames, passwords, email addresses, answers to security questions, expressed opinions, etc.). This is also fairly easy to manage, though it generally necessitates a bit more work. Where offline identity information can be excluded you can be required to provide arbitrary information. The two keys here are avoiding any connection to your offline identity, and avoiding any connections to any other online identities. The most straightforward way I can think of doing this is by relying on randomizers. Fully arbitrary information can use random strings, while human-readable info (e.g. email addresses) are better generated from syllables or words. The main challenge here is just keeping track of that information for your own use when you need it. NOTE: just in case it wasn’t completely clear, each identity should have a separate email address, password, security answers, etc.
3. passive technical fingerprints (basic browser/computer data, browser cookies, IP address, MAC address, timing of activity, etc.). These are things that your browser/computer sends out either by default or as a necessary part of being online. There are technical and legal barriers to an antagonist getting and/or using some of this information, but it’s also harder for you to manage. As a very simple, minimally disruptive step, get and use the TOR browser, use services that don’t track your info (such as duckduckgo for search), and always use https. Further mitigation can require significant changes in behavior and / or technical skill to deal with, though there are simple things that can help here too. A person with a lot of technical skill/knowledge can get caught up in dealing with these kinds of things and forget about the other kinds of markers that would let an antagonist simply bypass all the measures they put in place – if you have that skill and inclination, be careful not to neglect the other categories. Passive technical information can be broken into two main sub-sections: the device you’re using, and how you’re accessing the internet. For your device itself, that means the settings of the device, and the browser or other software you’re using online. The device and software should both be configured to send out the minimum information required to function, and/or to send out deliberately misleading information. Turn off bluetooth, cell modems, and other such things. Use private / anonymized, independent browser sessions (keeping in mind that your ISP can still see what data your computer sends out and receives). Save as little data as possible in your browser (no passwords, no form auto-fill, maybe even no bookmarks). You have much less control over the information related to accessing the internet, as a lot of that information has to do with the ISP you’re using. The easiest way to deal with that is to add variety. At home, cycling your modem or router may get you new IP addresses (depends on how exactly your ISP works) – do some research to find out before starting to do that on a regular basis, and keep in mind that your ISP will still have records that track your previous information. More broadly, be active in different places, especially in places/ways that are hard to correlate with other things (e.g. pay cash at the cafe where you’re using the wifi). Anywhere there’s free open wifi (or closed wifi where you can use non-identifying info/credentials) is potentially usable: restaurants (fast food , cafe, bar, etc.), transportation hubs, libraries, schools/colleges, museums, etc. If possible vary your activity times as well. For all of this kind of thing, app based devices (tablets, phones, etc.) are harder to secure because of the nature of the software acquisition/installation, the limits to user control of the devices, and the typical way they connect to the internet using a cell network.
4. behavioral fingerprints (word choices, idioms, topics covered, writing style, media subjects, realm of activity, browsing choices, social connections, etc.). This kind of marker is quite hard to mitigate because it’s tied to the heart of who you are and what you do. On the plus side, checking these kinds of markers is relatively hard. These kinds of things can also be a little bit harder for an antagonist to use passively, which means you’re less likely to be compromised by them by accident, but on the flip side if they are being used against an identity it means that identity has already somehow caught the attention of a strong antagonist (and you likely don’t even know, since checking these things generally won’t send any kinds of alerts to you). These markers tend to give probabilistic results rather than direct matches, and even getting those requires quite a bit of knowledge, skill, and work. The simplest mitigation here is compartmentalization – keep an identity focused on one particular thing/area and keep it away from all others, especially ones in which you have a different identity active. Related to that, keep any social connections for this identity separate and different from that of other identities. The second relatively easy thing to do here is to limit what is available to use. Making these kinds of fingerprints requires content, and the more content available the better quality the fingerprint. So, don’t write much / provide much media, and use a plain/standard style as much as you can. Using ephemeral identities can also help a bit for this realm.