Advertisement

Active Hackathon

Can you really be anonymous on the internet?

The US Navy originally designed the Tor network to hide the location of the browser on the network.
Listen to this story

The New Yorker carried a Peter Steiner cartoon on its July 5, 1993 edition: The caricature of two dogs staring at each other in front of a computer became the defining meme of internet anonymity.

“You can be whoever you want to be. You can completely redefine yourself if you want. You don’t have to worry about the slots other people put you in as much. They don’t look at your body and make assumptions. They don’t hear your accent and make assumptions. All they see are your words,” said sociologist Sherry Turkle about internet privacy.

THE BELAMY

Sign up for your weekly dose of what's up in emerging technology.

Those days are long gone.

“Online anonymity is a complete myth. Particulars such as your postcode, your date of birth, and your gender can be traded freely and without your permission, because they’re not considered personal, but pseudonymous,” said Madhumita Murgia, European technology correspondent, Financial Times. 

Remember the adage, if it’s free, you are the product. Tech giants like Meta and Google monetise user data by selling them to third parties for targeted advertisement. All your movements, purchases, and interactions online are recorded.

Go incognito?

In incognito mode, the cookies, browser history and site data will not be saved on the device. Third-party sites cannot easily track your activity in private browsing or incognito mode. But there is a small issue. Your system’s DNS cache will still record your information. The workaround here is to clear the cache, and no one will be able to see the websites you have visited.

Meanwhile, a big disadvantage of private browsing is that data is only removed from your machine. Closing the incognito window will not erase data saved on your ISP server and the servers of the websites you visit. Further, incognito browsing does not protect you against viruses or other online threats.

If your system is connected to the workplace network, system administrators can see what you are doing even if you are browsing in incognito mode.

VPN maybe?

An anonymous proxy server or Virtual Private Network (VPN) is another option. A virtual private network extends a private network across a public network and allows users to send and receive data across shared or public networks as if their computing devices were directly linked to the private network. The encrypted connection between your computer and the internet is known as a VPN tunnel, and it is, in theory, invisible to other people online.

That said, a VPN service provider always knows where your requests are coming from, where they are going, and what data you eventually send and receive. As a result, your VPN provider effectively becomes your new internet service provider (ISP), with the same level of visibility into your online activities as a traditional ISP.

A tunnel within a tunnel

So why can’t we use two VPNs in sequence? First, encrypt your network traffic for VPN2 to decrypt. And then encrypt it again for VPN1 to decrypt before sending it to VPN1. So VPN1 would know where your traffic originated, and VPN2 would know where it was going, but unless the two providers collaborated, they’d only know half the story.

In theory, you’d be anonymous; anyone attempting to track you down would need to first obtain decrypted traffic logs from VPN2 and then username information from VPN1 to trace you.

However, the catch here is; a pattern will emerge if you are consistently using the same two VPNs and leave behind a digital trail. 

Enter Tor!

The US Navy originally designed the Tor network or onion router to hide your true location on the network while browsing, so servers can’t trace your web browsing requests back to your computer.

A large pool of volunteers from all over the world serves as anonymising relays to provide a randomised, multi-tunnel VPN for Tor network users. Because your computer chooses which relays to use, there is a lot of ever-changing mix-and-match involved in bouncing your traffic through the Tor network and back. Your computer obtains the public encryption keys for each relay in the circuit it establishes and then separates the data you are sending using three onion-like layers of encryption. At each hop in the circuit, the current relay can only remove the outermost layer of encryption before passing the data to the next.

Relay 1 knows who you are but not where you’re going or what you’re doing. Relay 3 is aware of your location but not your identity. And Relay 2 acts as a buffer making it much more difficult for Relays 1 and 3 to collude.

Though Tor’s exit nodes can’t locate you due to entry/guard and middle relay (which changes frequently), it can see your final, decrypted traffic and its ultimate destination because the exit node removes Tor’s final layer of encryption.

If you use Tor to access a non-HTTPS (unencrypted) web page, the Tor exit node that handles your traffic can snoop on and modify your outgoing web requests and any responses that come back.

And, with limited exit nodes available on average, an attacker who wants to control a significant portion of the exits doesn’t need thousands or tens of thousands of servers – a few hundred will suffice.

Then, there are cyber-attacks. According to a 2003 study, a cyber attack happened every 39 seconds. Ten years down the line, nearly 30,000 new websites got hacked every day. By 2021, 4,145 publicly disclosed breaches exposed over 22 billion records. And according to 2021 IBM data, 44 percent of data breaches had personally identifiable information.

More Great AIM Stories

Sri Krishna
Sri Krishna is a technology enthusiast with a professional background in journalism. He believes in writing on subjects that evoke a thought process towards a better world. When not writing, he indulges his passion for automobiles and poetry.

Our Upcoming Events

Conference, Virtual
Genpact Analytics Career Day
3rd Sep

Conference, in-person (Bangalore)
Cypher 2022
21-23rd Sep

Conference, in-person (Bangalore)
Machine Learning Developers Summit (MLDS) 2023
19-20th Jan, 2023

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
21st Apr, 2023

Conference, in-person (Bangalore)
MachineCon 2023
23rd Jun, 2023

3 Ways to Join our Community

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Telegram Channel

Discover special offers, top stories, upcoming events, and more.

Subscribe to our newsletter

Get the latest updates from AIM
MOST POPULAR
[class^="wpforms-"]
[class^="wpforms-"]