Anonymity on the Internet Presented by – Harsha Alagud

advertisement
Anonymity on the Internet
-By Jacob Palme and Mikael Berglund
Presented by – Harsha Alagud
Abstract
 How is anonymity used on the
Internet?
 What are the pros and cons of
anonymity on the Internet
 How anonymous is an Internet user?
 How much anonymity can one aquire?
 How can the identity of an anonymous
user be revealed?
Table of Contents





Definitions
Pros of Anonymity
Cons of Anonymity
Ways of achieving Anonymity
Ways of unveiling the Anonymous
user.
Definitions
 Message – Any communication unit
used on the Internet.
E.g. email, news article, web page, a
blog, a comment posted in a
discussion thread etc.
 Anonymity – The real author of a
message is not shown.
 Psuedonymity – Another name other
than the real author is shown.
Defintions
 Deception – A person intentionally
tries to give the impression that he is
someone else.
Positive aspects of Anonymity
 People in a country with a repressive
political regime, may use anonymity to
avoid persecutions for their opinions.
 People may openly discuss personal health
problems.
 People may get objective evaluation of their
messages, by not showing their real name.
Factors like status, gender, race which could
influence the evaluation of what they say
will not be known.
Darker side of Anonymity
 Anonymity can be used for disruptive
activities like terrorism.
 Anonymity can be used for illegal
activities like distribution of computer
viruses, fraud etc.
Achieving Anonymity
 Anonymity can be implemented on
the Internet, to make it almost
impossible or very difficult to find out
who the real author is.
 But Anonymity is never 100%. There
is always a possibility to find the
perpetrator, especially if the same
person uses the same way to gain
anonymity multiple times.
Achieving Anonymity – Case 1
 A person sends email or posts an
article/comment using a falsified
name.
 In this case, the security of the
anonymous user is not very high.
 The IP number of the computer is
usually logged, often along with the
host name (logical name) also.
Achieving Anonymity – Case 1
 New comment on your post #28 "My
first flight"
Author : Harsha (IP: 128.111.43.205
, dinah.cs.ucsb.edu)
E-mail : [email protected]
URI :
Whois : http://ws.arin.net/cgibin/whois.pl?queryinput=128.111.43.
205
Search result from ARIN (American
Registry for Internet Numbers)
 Search results for: 128.111.43.205
OrgName: University of California, Santa
Barbara
OrgID: UCSB
Address: Office of Information Technology
Address: North Hall 2124
City: Santa Barbara
StateProv: CA
PostalCode: 93106-3201
Country: US
Achieving anonymity – Case 1
 In case of email, the email header
contains a trace of the route of a
message.
 The header can be seen from
commands like show full header in
your mailer. E.g:“Show orginal” in
gmail reveals the header.
Achieving higher degree of
anonymity – Using several
computers (case 2)
 The impostor first connects to
computer A, then from this computer
to computer B, then from this to
computer C, etc.
 To find the real person, all the steps
must be followed backward. It is a
tedious process and includes the cooperation of all computer owners
involved.
Achieving anonymity – Using
Anonymity servers (case 3)
 An anonymity server receives
messages and resends them under
another identity.
 There are 2 types
 Full anonymity servers – where no
identifying information is forwarded.
 Pseudonymous servers – where message
is forwarded under a pseudonym.
Achieving anonymity – Using
Anonymity servers (case 3)
 There are companies which provide
anonymity servers for users who require
them. E.g. Anon.penet.fi
 People who want to achieve high security
against being revealed, often use several
anonymity servers in sequence.
 To trace them, each server must assist or
be penetrated.
 Tracing becomes difficult if each anonymity
servers are placed in different countries.
Anon.penet.fi server was located in Finland.
Conclusion
 There are different ways to achieve
anonymity, making it almost impossible to
know the real author
 However, the law enforcement agencies can
always find a way to reveal the identity.
 All anonymity server providers and Internet
Service Providers are required by law to cooperate if demanded by the Court.
Conclusion
Questions?
Conclusion
Thank You
Download