Who are you? Non? Anon?

"The Caterpillar and Alice looked at each other for some time in silence: At last the Caterpillar took the hookah out of its mouth and addressed her in a languid, sleepy voice. "Who are YOU?" said the Caterpillar. This was not an encouraging opening for a conversation." -- "Alice's Adventures in Wonderland" by Lewis Carroll

Indeed ... what a good question: Who are you?

And for that matter, who am I?

Last week I began a discussion on privacy and distinguished factual privacy ("static" facts about you like the color of your hair) from "lifestream" privacy (information about what you do, where you go and who you communicate with).

IN THE NEWS: LinkedIn hurries to address privacy spat

Before I follow up, as threatened, by discussing how businesses abuse their knowledge of your lifestream data, this week we need expand on our discussion of privacy by delving into the issue of identity.

Identity is always a tricky issue in the real world, let alone online. For example, you might think you have some reasonably sound idea about who I am IRL (In Real Life) such as -- and I'm just, as they say, "spit-balling" here -- an expostulator of opinions, a butcher of tech products, an international man of mystery, someone whose middle name is "Danger" and a doctor of divinity (I am available for weddings). But what do you really know about me? What can you verify?

If we were to meet in "meatspace" (a.k.a., face-to-face or FTF), you'd be able to make all of those amazingly quick monkey-brain judgments about my "friend or foe-ness" that a million years of evolution have equipped us to do (of course, if you've read "The Sociopath Next Door: The Ruthless vs. the Rest of Us," or "The Psychopath Test: A Journey Through the Madness Industry," you might be a little more cautious about your reflexive conclusions).

But in today's online business and social worlds, we might never meet FTF, and online many people often choose to hide their identities to a greater or lesser degree.

If you don't want your identity known online then you have to consider online anonymity. In meatspace, anonymity is like standing behind a curtain and having a conversation with your voice disguised.

While there's a similarity between online and offline anonymity, being anonymous online is somewhat simpler than in the real world. That said, should you attract the attention of certain powerful people, there's a chance that how you implement your anonymity might not be effective. Even more crucially, that chance will be modified by the technical lengths you are willing to go to ensure your anonymity.

Online anonymity comes in two flavors: what you might call "shallow anonymity" and "deep anonymity."

Shallow anonymity is what you get when, for example, you read this column online and post a comment without logging in. This is allowed in many forums such as those run by Network World and maximizes the possibility of getting feedback but also occasionally leads to such evils as comment spam and incivility.

DEBATE: Argh! Another Facebook Zuckerberg wants to kill off anonymity

While the spam can be administered away, incivility is often harder to deal with and not all uncivil comments are truly meant. I've seen several occasions where anonymous commentators have revised their position after their response was challenged and a useful conversation was the result. It appears that many people, when they make anonymous comments, simply don't consider the implications of what and how they express themselves.

I suspect that the simple rivalrous impulses we all experience and the presumed lack of accountability that comes from simple anonymous commenting makes it easy for some people to expose those aggressive drives to a greater or lesser degree.

But the real problem with shallow anonymity for people hiding their identity is that it means bupkis if someone or some group with power wants to know who they really are.

Here in the U.S. anyone with an ax to grind can, for example, subpoena your ISP to find out what location your IP address maps to. There is (or should be) due process involved, but in many other countries the identification process doesn't require any legal formalities; the first time you know you're "of interest" you'll probably be in prison.

It's obvious that shallow anonymity is, in some circumstances, not a good idea where serious matters are involved (such as civil disobedience or whistle-blowing), so the alternative for those who want to truly protect their identity is deep anonymity.

But to use deep anonymity you're going to have to get technical and resort to, for example, an "onion routing" service such as the Tor network or the recently publicized Telex stealth proxy system.

While there's been some discussion of how the anonymity provided by these services isn't completely bulletproof (for example, the Tor network could be breachable), the reality is that for you and your activities to be monitored and decoded, you would have to be of huge interest to people with serious computing and surveillance resources ... which is something that would place you, presumably, in bed with terrorists and people selling stolen nuclear weapons. But the possibility of generally effective anonymity exists.

Finally, there is another side of anonymity we haven't yet addressed: Pseudonymity, the use of false names to protect or obfuscate one's identity. But we're out of space. We'll slice and dice that issue next week.

Gibbs is completely nonymous in Ventura, Calif. Share your identity with backspin@gibbs.com.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags CaterpillarsecurityLinkedIn

More about Caterpillar of AustraliaFacebookLANWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Gibbs

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place