Editor’s note: Tomás Touceda is a privacy officer at SpiderOak, a privacy cloud technologies provider.
Some things are best kept secret. But when it comes to your online activities, can you ever truly conceal your identity? A variety of tools and best practices can help you achieve some level of privacy when surfing the web, but it is nearly impossible to ensure that your online activities remain completely anonymous.
While some users will go to great lengths to conceal their identities online, others are content to let cookies and other applications track their activities as they surf the web, only going so far as to delete a questionable link from their browser history every once in a while. Whether you’re intent on evading every government snoop, or just curious about how much information you’re giving out as you visit your favorite sites, it’s important to know just how public your online behavior can be.
“Privacy” Mode Is Not Very Private
Many of the most popular web browsers, such as Chrome, Firefox, Internet Explorer and Safari, offer the option to browse the web “privately” or “incognito.” However, this type of privacy doesn’t extend much further than your own computer. While Safari promises that its “Private Browsing” mode will keep your browsing history private, the reality is that websites you visit will still be able to identify your computer by its IP address – a unique identifier for each of your devices – given by your ISP.
Your ISP (or your employer, if you’re using a work computer) may also keep a log of your browsing history that “Private Browsing” cannot hide or delete. The same is true for Chrome, which in fairness warns users that “going incognito doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit.” In general, these basic privacy modes only help keep your actions private from other users on the same computer.
Cookie Blocking Prevents Many Commercial Trackers, But Leaves Big Openings
Some users may choose to block their browsers from accepting HTTP cookies – small pieces of data sent from websites and stored in your browser – to make it more difficult for organizations to track them while they surf the web. (For more info on how cookies track your behavior online, check out this explainer.) In fact, the “privacy mode” setting in most browsers will delete the cookies your browser picks up during the private session to cover up your tracks. However, blocking or deleting these activity-tracking cookies still leaves major openings for companies to see what you’re up to on the web. Blocking cookies doesn’t prevent websites from logging your IP address. If you log into your Facebook, Google or Yahoo account, no matter where you’re accessing the web, those companies will be able to see your IP address and pinpoint your location. And of course, whatever ISP you’re using can still keep records of the sites you visit.
Furthermore, a recent report by the EFF shows that even when users have blocked cookies, their browsers still put out enough unencrypted information to give the user a unique “fingerprint” that enables organizations to follow you from site to site. While it remains unclear if any organizations are actually taking advantage of this information to track users, Google has reportedly been looking into this type of technology to track users who don’t accept cookies.
Tor and Encrypted Browsing Both Conceal and Highlight Users
To overcome these gaps in online privacy, certain people have turned to forms of encrypted browsing that hide their web-surfing habits from both the websites they visit and their ISPs. The most popular tool, Tor, is a free application that encrypts the original data being transferred to and from your browser through a series of relays, making it extremely difficult for anyone to see which websites you’re visiting or what device you’re using. This also protects against the type of browser “fingerprint” tracking that the EFF recently warned about.
However, searching for privacy-related applications like Tor can trigger spy agencies, such as the NSA, to mark and track users’ IP address (even though it may be impossible for them to monitor your online activities). In some cases, users who want to avoid government scrutiny may prefer to simply avoid privacy preserving tools altogether – the digital equivalent of “laying low” – and choose other methods for surfing the web anonymously (such as using computers at libraries or other public places). Until privacy applications like Tor gain broad adoption, this route may expose users to more scrutiny, undermining their efforts to remain anonymous on the web.
Beyond the Mask of Encryption: Behavioral Giveaways
While Tor and other privacy-focused technologies may protect you from revealing most of your personal details as you surf the web, how you behave online may ultimately expose your true identity. If you think of the web as a public meeting place, then privacy technologies are like a mask or disguise – people won’t be able to recognize your identity on sight. But other details, such as the way you walk or talk, may be enough to tip off a careful observer.
For example, computer scientists have begun to demonstrate how stylometry – the study of someone’s unique style of writing – can be used to identify anonymous posters in online forums. Drexel University researchers last year studied leaked conversations and contributions of hundreds of anonymous users in underground online forums and were able to identify 80 percent of the authors using stylometric analysis to match writing styles to unique identities. Stylometric analysis could become a common tool for law enforcement and government agencies to uncover supposedly anonymous posters on web forums, although this technique requires a large amount of data to be effective (the study required a minimum of 5,000 words for complete analysis).
Even something as simple as posting a photo online may be enough to give away precise details about your identity. One famous example of this came after Vice magazine published a picture on their website of the fugitive tech pioneer John McAfee standing beside one of their journalists. Because the person taking the photo hadn’t turned off the geo-tagging feature that is common on most smartphones, McAfee’s location was exposed, leading to his arrest shortly thereafter.
The bottom line is that while there are many powerful tools that can help conceal your identity online, complete anonymity can be very difficult to achieve. Relying on a few techniques to hide your IP address or block cookies may be enough to hide from most trackers, but every online activity leaves at least some trace, and each trace has the potential to expose your personal identity. How carefully you guard your behavior on the Internet will depend on your desire or need for privacy, but protecting your identity online is impossible without first understanding what information you’re giving away.