Listen to this story
The New Yorker carried a Peter Steiner cartoon on its July 5, 1993 edition: The caricature of two dogs staring at each other in front of a computer became the defining meme of internet anonymity.
“You can be whoever you want to be. You can completely redefine yourself if you want. You don’t have to worry about the slots other people put you in as much. They don’t look at your body and make assumptions. They don’t hear your accent and make assumptions. All they see are your words,” said sociologist Sherry Turkle about internet privacy.
Sign up for your weekly dose of what's up in emerging technology.
Those days are long gone.
“Online anonymity is a complete myth. Particulars such as your postcode, your date of birth, and your gender can be traded freely and without your permission, because they’re not considered personal, but pseudonymous,” said Madhumita Murgia, European technology correspondent, Financial Times.
Remember the adage, if it’s free, you are the product. Tech giants like Meta and Google monetise user data by selling them to third parties for targeted advertisement. All your movements, purchases, and interactions online are recorded.
In incognito mode, the cookies, browser history and site data will not be saved on the device. Third-party sites cannot easily track your activity in private browsing or incognito mode. But there is a small issue. Your system’s DNS cache will still record your information. The workaround here is to clear the cache, and no one will be able to see the websites you have visited.
Meanwhile, a big disadvantage of private browsing is that data is only removed from your machine. Closing the incognito window will not erase data saved on your ISP server and the servers of the websites you visit. Further, incognito browsing does not protect you against viruses or other online threats.
An anonymous proxy server or Virtual Private Network (VPN) is another option. A virtual private network extends a private network across a public network and allows users to send and receive data across shared or public networks as if their computing devices were directly linked to the private network. The encrypted connection between your computer and the internet is known as a VPN tunnel, and it is, in theory, invisible to other people online.
That said, a VPN service provider always knows where your requests are coming from, where they are going, and what data you eventually send and receive. As a result, your VPN provider effectively becomes your new internet service provider (ISP), with the same level of visibility into your online activities as a traditional ISP.
A tunnel within a tunnel
So why can’t we use two VPNs in sequence? First, encrypt your network traffic for VPN2 to decrypt. And then encrypt it again for VPN1 to decrypt before sending it to VPN1. So VPN1 would know where your traffic originated, and VPN2 would know where it was going, but unless the two providers collaborated, they’d only know half the story.
In theory, you’d be anonymous; anyone attempting to track you down would need to first obtain decrypted traffic logs from VPN2 and then username information from VPN1 to trace you.
However, the catch here is; a pattern will emerge if you are consistently using the same two VPNs and leave behind a digital trail.
The US Navy originally designed the Tor network or onion router to hide your true location on the network while browsing, so servers can’t trace your web browsing requests back to your computer.
A large pool of volunteers from all over the world serves as anonymising relays to provide a randomised, multi-tunnel VPN for Tor network users. Because your computer chooses which relays to use, there is a lot of ever-changing mix-and-match involved in bouncing your traffic through the Tor network and back. Your computer obtains the public encryption keys for each relay in the circuit it establishes and then separates the data you are sending using three onion-like layers of encryption. At each hop in the circuit, the current relay can only remove the outermost layer of encryption before passing the data to the next.
Relay 1 knows who you are but not where you’re going or what you’re doing. Relay 3 is aware of your location but not your identity. And Relay 2 acts as a buffer making it much more difficult for Relays 1 and 3 to collude.
Though Tor’s exit nodes can’t locate you due to entry/guard and middle relay (which changes frequently), it can see your final, decrypted traffic and its ultimate destination because the exit node removes Tor’s final layer of encryption.
And, with limited exit nodes available on average, an attacker who wants to control a significant portion of the exits doesn’t need thousands or tens of thousands of servers – a few hundred will suffice.
Then, there are cyber-attacks. According to a 2003 study, a cyber attack happened every 39 seconds. Ten years down the line, nearly 30,000 new websites got hacked every day. By 2021, 4,145 publicly disclosed breaches exposed over 22 billion records. And according to 2021 IBM data, 44 percent of data breaches had personally identifiable information.