Tuesday, February 9, 2010

Still Think You're Anonymous Online

If our class discussions havent disabused you of notion that everyone is anonymous online you should check out Harlan Yu and David Robinson's writing at the Freedom to Tinker Blog. Harlan and David discuss the various legal techniques that can be used to uniquely identify individuals on the Internet.

David discusses the simplest route to uniquely identifying users on the Internet writing
if a plaintiff's lawyer cannot otherwise determine who the poster is, the lawyer will typically subpoena the forum web site, seeking the IP address of the anonymous poster. Many widely used web based discussion systems, including for example the popular Wordpress blogging platform, routinely log the IP addresses of commenters. If the web site is able to provide an IP address for the source of the allegedly defamatory comment, the lawyer will do a reverse lookup, a WHOIS search, or both, on that IP address, hoping to discover that the IP address belongs to a residential ISP or another organization that maintains detailed information about its individual users.

Of course, in many cases, this method won't work. The forum web site may not have logged the commenter's IP address. Or, even if an address is available, it might not be readily traceable back to an ISP account: the anonymous commenter may been using an anonymization tool like Tor to hide his address. Or he may have been coming online from a coffee shop or similarly public place (which typically will not have logged information about its transient users). Or, even if he reached the web forum directly from his own ISP, that ISP might be located in a foreign jurisdiction, beyond the reach of an American lawyer's usual legal tools.
Both David and Harlan point out that even if a user cannot be uniquely identified through these traditional means a number of techniques are still available. Harlan writes
There are numerous third party web services that may hold just enough clues to reidentify the speaker, even without the help of the content provider or the ISP. The vast majority of websites today depend on third parties to deliver valuable services that would otherwise be too expensive or time-consuming to develop in-house. Services such as online advertising, content distribution and web analytics are almost always handled by specialized servers from third party businesses. As such, a third party can embed its service into a wide variety of sites across the web, allowing it to track users across all the sites where it maintains a presence.

Take for example the popular online blog Boing Boing. Upon loading its main page while recording the HTTP session, I noticed that my browser is automatically redirected to domains owned by no fewer than 17 distinct third party entities: 10 services that engage in advertising or marketing, five that embed media or integrate social networking functionality, and two that provide web analytics. By visiting this single webpage, my digital footprints have been scattered to and collected by at least 17 other online entities that I made no deliberate attempt to contact. And each of these entities will likely have stored a cookie on my web browser, allowing it to identify me uniquely later when I browse to one of its other partner sites. I don't mean to pick on Boing Boing specifically—taking advantage of third party services is a nearly universal practice on the web today, but it's exactly this pervasiveness that makes it so likely, if not probable, that all of my digital footprints together could link much of my online activities back to my actual identity.

To make this point concrete, let's say I post a potentially defamatory remark about someone using a pseudonym in the comments section of a Boing Boing article. It happens that for each article, Boing Boing displays the number of times that the article has been shared on Facebook. In order to fetch the current number, Boing Boing redirects my browser to api.facebook.com to make a real-time query to the Facebook API. Since I happen to be logged in to Facebook at the time of the request, my browser forwards with the query my unique Facebook cookie, which includes information that explicitly identifies me—namely, my e-mail address that doubles as my Facebook username.
If you are interested in learning where you are leaving your digital foot and finger prints when you browse the web you should install the 'Ghostery' plug-in for Firefox. Ghostery will notify you when a website utilizes "third-party web bugs, ad networks and widgets."

1 comment:

K Garcia said...

:) Response to Homework Reading :)- Digital Explosion

Have We Reached the Sci-Fi Age?

The increase of technological development in the world never fails to mesmerize me. Sometimes I wonder if the perceived sci-fi reality that we've seen in movies for years is actually soon to come... Or maybe it has already come, just that we haven't realized it yet?? Something that struck me as amazing was a specific line out of the Blown to Bits: Digital Explosion manuscript that made a specific reference to digital cameras. Today when we think of a digital camera we never consider the fact that compared to the cameras of yesterday our digital cameras are like super computers. The manuscript mentions, "We live in a world in which there is enough memory just in digital cameras to store every word of every book in the Library of Congress a hundred time over. " A hundred times over! Really?
When we think on a larger scale to something such as the internet, we have even more reason to be fascinated by the digital explosion. As mentioned in the text, the "Digital Explosion" paradoxically means the loss of information that is not online, but really a loss of infinite is mathematically not a loss at all. And essentially, that is exactly what the internet is. It's an infinite server. With the advancement of the internet, the limitation of bits and files storage becomes non-existent. This alone transcends any physical hardware that may limit the amount storage space. If this is not the sci-fi age, then what is?