In this section we will introduce you to some “easy to use” methods to hide your identity. Our guide focuses on personal users who want to keep their private information private. In order to finance our efforts, we receive money from VPN affiliate programs whenever we forward leads to them.
In real life, anonymity is the daily experience. We walk down a street, buy a newspaper without having to identify ourselves, nobody is watching us while reading the newspaper. The surrender of anonymity is an active decision. On the Internet it is exactly the opposite. Profiles are created for each user. Website operators collect information (surfing behavior, e-mail addresses) in order to create buyer personas. Advertising services record the surfing behavior on all websites and secret services collect all the information they receive with their monitoring networks.
Compared to reading newspapers, the data highway is so big that a large number of newspapers are forced on us free of charge. As we read, someone is constantly looking over our shoulders to analyze our interests and personality profile for the insertion of suitable advertising or to sell it (e. g. to future employers). Our contacts with friends are evaluated, our communication is scanned, secret services collect compromising material. In addition to big data companies, governmental measures for monitoring are currently being strongly expanded and must be supported by providers. The measures provided for are not always legally harmless.
How to protect your online identity
The individual levels build on each other! It makes little sense to disguise the IP address if you are uniquely identifiable by cookies. The sending of an anonymous e-mail is also usually more sensible when encrypted.
Beginners level: Avoid sending personal data
Intermediate level: Use encrypted communication
Encrypt personal data and private communications. This prevents unauthorized third parties from gaining knowledge of personal data. Encrypt e-mails, encrypt data and backups, encrypt instant messaging with OTR or OMEMO.
Advanced level: Use decentralized encypted infrastructure
Anonymous peer-to-peer networks such as the “Invisible Internet Project (I2P)” or the GNUnet project offer even greater anonymity. A decentralized and completely encrypted infrastructure hides the contents of the communication and who uses which service. Information providers are also anonymous in these networks.
The Data you leave behind
It is less important to know whether you occasionally encrypt an email or use anonymization services once a week. Consistent, low-trace behavior on the web is crucial. I drew a small example to inspire people to reflect. It is by no means comprehensive or complete. The starting point is a real person with name, date of birth, address, driving licence and bank account. That is the kind of data everyone of use has been using online.
On the Internet, this person uses various online identities:
- Facebook account
- An e-mail address with the real name
- An anonymous e-mail address at a foreign provider
- Pseudonyms in different forums, using the anonymous e-mail address
- For comments in blogs, the person usually uses a uniform pseudonym to gain recognition and reputation
These online identities are linked to various data packets that are stored somewhere and may not always be publicly accessible. To keep it simple, there’s only a minimal selection:
- The Facebook profile contains extensive data: photos, friends, date of birth, and occasionally also addresses.
- When using many web services, small pieces of data are created. E-mails are also evaluated by the data collectors. The IP address of the sender in the e-mail header can be time-correlated to other entries of cookies or user tracking systems and thus the e-mail addresses and real names can be assigned to the surfing profiles.
- From the anonymous e-mail inbox you can find data at the recipients of the e-mails. (Google has most of my emails because it has all of yours.) These data packets also contain a time stamp and often the IP address of the sender. Through temporal correlation, the anonymous e-mail inbox can be linked to the real name mailbox and the surf profile.
- Postings and comments can be found in forums and blogs, often with the same pseudonyms that are used for e-mail addresses.
- As a rule, online buyers require information on account details and a delivery address that can be assigned directly to the person.
The different data packets can be linked in various ways. This data chaining is a new quality for attacks on privacy that is underestimated. Online communities such as Facebook offer many possibilities. In addition to the evaluation of friendship relationships, there are also many photos. This data pool alone is very interesting: Israeli military spies on Facebook
The Facebook profile can be associated with the real name and the most used e-mail addresses by combining it with other data crumbs. Rapleaf is a company that specializes in this, for example. Even pseudonymous Facebook accounts can be de-anonymized. By analyzing the IP addresses stored in the VDS, both e-mail addresses can be assigned to the same person if they match in time. A single matching data record is sufficient. (If anonymization services are not consistently used for the anonymous mailbox.
The connection between anonymous e-mail address and forum account results from the use of the e-mail address when registering in the forum. By comparing statements and words, correlations between different nicknames in forums and blogs can be established. Such correlations have often been obvious to the author and could be verified by demand.
By concatenating the data packets, all online identities could be de-anonymised in the fictitious example. For the collector who holds this data collection in his hand, a complex personality profile of the person P is produced. This data collection could in many respects influence the life of P without making it clear to the person concerned that apparently accidental events are the result of unrelated decisions made by the collectors. The data collected is evaluated with commercial background to manipulate us and influence our purchase decisions.
Looking for a new job?
HR departments also search the Internet for information about applicants. Google is only a first starting point. Better results are provided by person search engines and social networks. A short excerpt from a real interview:
Personnel manager: You certainly don’t mind that there is smoking here. You smoke, too.
Applicant: How do you know?
Head of Human Resources: The photos in her Facebook profile.
It is clear to qualified personnel managers that a short search in social networks does not provide a comprehensive personality profile. The clues found can, however, be the deciding factor for a rejection if you offer used underwear as a woman or if the applicant reveals a proximity to the gothic scene. Companies illegally gain access to communications and banking data to investigate their employees. Identity theft is a rapidly growing offense. Criminals are scouring the web for information about real people and using these identities for crimes. One is suddenly showered with reminders for unpaid services that have never been used.
But I have nothing to hide, or do I?