How far can you remain totally anonymous online?

* It’s not difficult to know where you are online

I’d like to begin a discussion on anonymity as it relates to identity and technology. As noted last month (see “The ability to lie about yourself and get away with it”), anonymity and privacy are frequently confused. One difference though is that privacy is almost always absolute (either something is private or it is not) while anonymity can be relative. If you look up “anonymity” at answers.com, you’ll find some variations in definition:

* “The quality or state of being unknown or unacknowledged.” (The American Heritage Dictionary of the English Language, Fourth Edition)

* “The quality or state of being obscure.” (Roget's II: The New Thesaurus, Third Edition)

As the security experts will tell you, there’s a wide gap between “unknown” and “obscure”!

But even “unknown” can lend itself to a range of relationships and should probably be extended to read “unknown within a given namespace.” When speaking of the Internet and digital anonymity, I’ve never seen a system that provides totally anonymous transactions. Even services such as Anonymizer try to provide anonymous services but can only, at best, obscure identity not totally hide it. That doesn’t mean that your identity is known to all you interact with, just that the ability to identify you is present. An example from the non-digital world might help.

Suppose, on your way to work each morning, you stop by the coffee shop for a gigantic latte and invariably pay with a $20 bill. Over time you may pass small talk with the baristas but they don’t really know who you are, do they? Well, they do know your appearance. So when the police investigating a ring of counterfeiters known to pass $20 bills in the city stops by and asks about people frequently passing out twenties, the clerks describe you. One clerk goes to the station and views mugshots of known counterfeiters and picks out your picture. The police wait at the coffee shop the next day and arrest you. Your picture, name, address, place of business, etc., all appear in the newspaper the following day. Your relative anonymity is lost. The joining together of two namespaces - one in which you were obscure (known counterfeiters) and one in which your identity was unknown (coffee shop customers) - removed any trace of anonymity you may have thought you had.

If I join a chatroom where I’m only known as “SillyGrrl” I may think I’m anonymous because I think no one knows my true identity. But the chatroom has the IP address I use to converse and my ISP knows who was using that IP address at that time. Even if I go to a library terminal or an Internet café, there are records of who used which machine and IP address at any given time. Privacy considerations may lead to those records being destroyed periodically - monthly, weekly, daily - even hourly. But anyone with the wherewithal to be watching while I connect (just as the police were watching outside the coffee shop) can shatter the façade of anonymity and connect the activity to me.

Just because someone can know, though, doesn’t mean that everyone should. That’s where privacy comes in and there were some interesting (and potentially dangerous) developments on that front last week. More on that next issue.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)