[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: PRIVACY Internet Hide and Seek: Staying Under Cover (fwd)
>Date: Sun, 11 Apr 1999 01:17:54 +0300 (EEST) >From: Luther Van Arkwright <waste@zor.hut.fi> >To: cypherpunks@toad.com > >http://www10.nytimes.com/library/tech/99/04/circuits/articles/08pete.html > >April 8, 1999 > >STATE OF THE ART / PETER H. LEWIS > >Internet Hide and Seek: Staying Under Cover > > W ASHINGTON -- He did his best to remain anonymous, but within days > after an expert programmer released the Melissa computer virus into > the world late last month, the police reported that his identity had > been cracked. Investigators used a tracking mechanism the Microsoft > Corporation had secretly installed in its Office software to gather > information on its customers surreptitiously. > > In Yugoslavia, meanwhile, messages poured onto the Internet from the > war zone, providing what appeared to be firsthand accounts of Serbian > atrocities against ethnic Albanians in Kosovo. Privacy advocates > realized that if the Serbian authorities were able to trace the > identities of the writers, many lives could be lost. Ominously, > messages from some writers had stopped suddenly. > > The privacy groups moved swiftly to provide the writers with special > access to Anonymizer.com, an Internet service that allows users to be > anonymous and untraceable online, and with information about PGP, a > data encryption program so strong that the United States prohibits > its export. > > These two cases, worlds apart, underscore a growing dilemma that now > confronts the electronic world. "Anonymity has incontestable value in > a huge number of situations, and it is constitutionally protected," > said Philip Reitinger, a prosecutor for the Justice Department, > speaking at a Computers, Freedom and Privacy conference here today. > Moments later, during a panel discussion, he added, "If you're > serious about prosecuting crime on the global communications > infrastructure, you have to have traceability. > > "Should communications on the Internet be traceable in some > circumstances? And if so, what should the rules be?" > > The issue is a broad one because anonymity is not of interest only to > criminals and dissidents, and not available only to the technically > astute. New technologies are emerging that enable even casual > Internet users to be anonymous online for the first time. At the same > time, new technologies are being deployed to gather ever more > personal information from users. > > In recent weeks, a debate has emerged over new technologies that have > been deployed to allow companies to track individual users on the > Internet. The Intel Corporation embedded a unique identification > number in its Pentium III processor that would enable network > operators to identify individual computers on the Internet, and the > Microsoft Corporation designed a "globally unique identifier" that > secretly appears in Microsoft Office documents and can be used to > trace files back to a specific person. The Microsoft Office > identification number was used in the Melissa investigation. > > Some privacy tools are being simplified and made available > commercially to a broad audience, allowing anyone to browse the World > Wide Web and use E-mail without being identified. The technologies > are morally neutral. They could be used, for example, to commit a > crime or to report one anonymously. The tools, like the Anonymizer > (www.anonymizer.com) > , are also useful simply for browsing the Web without having to give > up personal information to marketers, for visiting sex-related Web > sites without potential embarrassment, posting messages on newsgroups > using pseudonyms and for avoiding spam, the bulk-mail advertising > pitches that advertisers send incessantly to E-mail addresses they > have culled from the Net. > > "The Internet has shifted the balance away from privacy, and these > are attempts to bring it back," said David Banisar, an officer of the > Electronic Privacy Information Center (www.epic.org) > . > > There are other anonymity systems in the works. > > AT&T Labs-Research in New Jersey, a system called Crowds is being > tested that operates on the premise, familiar to any New Yorker, that > one can be anonymous in a crowd. In the Crowds system, large groups > of geographically dispersed Internet users would be able to band > together and their individual Web page requests would be randomly > forwarded through a shared computer called a proxy server. The > operator of the Web site would not know which member of the crowd > submitted the request, and neither would anyone else in the crowd. > More information is available at > www.research.att.com/projects/crowds. > ___________________________________________________________________ > > On-line anonymity tools insure privacy as well as shield wrongdoers. > ___________________________________________________________________ > > At the Lucent Corporation's Bell Labs, another anonymity system > called the Lucent Personalized Web Assistant allows a Web user to > create a pseudonym for each Web site; the same pseudonym would be > used on each visit. The Web site operator would not know the > visitor's true identity but could still build a profile of the user's > preferences that could be used to tailor advertisements and content > to the customer on subsequent visits. More information about Lucent's > system is available at www.lpwa.com. > > Yet another anonymity system under development, this one at the > Government's Naval Research Laboratory, is Onion Routing. An Onion > Router (www.onion-router.net) hides not only the content of messages, > but also the very fact that two people are communicating over a > public network. > > One of the more intriguing anonymity services under development is > Freedom, a Windows program developed by a Canadian company, Zero > Knowledge Systems (www.zeroknowledge.com). Freedom, which is expected > to be available for public testing next month, is similar to the > Lucent system in that it enables users to establish pseudonyms that > are consistent over time. That would allow a user to participate > freely in a discussion group without worrying about being identified. > > Freedom is expected to cost $50 a year for five separate digital > pseudonyms (extra identities are $10 a year). These on-line personas > cannot be traced to reveal the user's identity. > > The technical details of the system, including strong data > encryption, masked Internet addresses and proxy servers, are hidden > behind a simple user interface, which I've tried in early form. After > a user chooses a persona by clicking on it, all identifying > information is stripped from the original request and replaced by the > information created for the pseudonym. > > Millions of Internet users already employ pseudonyms; America Online, > for example, calls them screen names and allows each subscriber to > have several. But in most cases a pseudonym can be traced to its real > owner, often when the Internet company is compelled by a court order > to divulge the information or is tricked into doing so. > > For example, the giant defense contractor Raytheon Corporation sued > more than 20 employees earlier this year for posting pseudonymous > messages about the company on the Internet. At least two employees > resigned after Yahoo, in response to a court subpoena, revealed the > true identities behind the postings. Ray-theon asserts that the > messages, which contained gossip and criticisms of the company, > divulged proprietary and confidential information. > > With Freedom, not even Zero Knowledge Systems can link the pseudonyms > to a user's real identity. The company knows only that the person has > a Freedom account. > > The oldest commercial service offering anonymity, and the only one > currently available to users of any Internet-connected computer, is > Anonymizer.com. Unlike Freedom, Anonymizer does not require the user > to download or install any special software. For a fee of $5 a month, > users can process Web browsing requests and send messages through > Anonymizer's proxy servers. (There is also an unlimited free browsing > service, but Anonymizer inserts a delay, typically 10 seconds, on > page views in the free service. The paid service has no delays.) For > an extra fee, Anonymizer will also allow users to receive E-mail > responses and set up Web pages. > > In either case, the user types the address of the Web site to be > visited, and the request is sent to Anonymizer's proxy computer. The > proxy strips off the customer's identifying information and forwards > the request to the Web site, which knows only that the request is > coming from Anonymizer. The page or graphics file is then returned to > the user's computer, and the site can be bookmarked for return visits > with the anonymity intact. > > If a company is tracking Web usage by its employees -- which the > courts have ruled is legally permissible, along with reading > employees' E-mail and listening to their phone calls -- it will see > only that the user is connected to Anonymizer.com, but it will not be > able to find out what sites are being visited. For that reason, a > number of companies prohibit employee access to the Anonymizer site. > Other companies use Anonymizer regularly to visit the Web sites of > competitors and gather information, and law enforcement agencies use > it routinely to check up on people under investigation. > > At the other end of the line, some commercial sites do not allow > connections from Anonymizer, either because they require visitors to > provide personal information before granting them access or because > they have had bad experiences with Anonymizer users who abused the > system with bogus credit card scams or harassing messages. Anonymizer > was forced to block its users' access to the White House Web site > because customers were sending threats to the President. > > Anonymizer boots out customers who try to use the system to send > batches of spam, or in response to complaints from people being > harassed through the site. > > As with all of the anonymous services now being developed for the > Internet, the good has to be balanced with the bad. > > "The real world is routinely anonymous," said Lance Cottrell, > Anonymizer's chief executive. "When you drive down the street, > typically there is no one photographing your license plate, no one > keeping track of where you park and how long you stay. What's unusual > about the Internet is that everything is by default logged and > tracked. What's aberrant is not the presence of anonymity on the > Internet, but that you have to take special steps to achieve it." > > State of the Art is published on Thursdays. Click here for a list of > links to other columns in the series. > ________________________________________________________________ > > Related Sites > These sites are not part of The New York Times on the Web, and The > Times has no control over their content or availability. > > * www.anonymizer.com > * www.epic.org > * www.research.att.com/projects/crowds > * www.lpwa.com > * www.onion-router.net > * www.zeroknowledge.com > ________________________________________________________________ > > > Peter H. Lewis at lewis@nytimes.com welcomes your comments and > suggestions. > > Copyright 1999 The New York Times Company
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC