Anonymity on the Internet -By Jacob Palme and Mikael Berglund Presented by – Harsha Alagud Abstract How is anonymity used on the Internet? What are the pros and cons of anonymity on the Internet How anonymous is an Internet user? How much anonymity can one aquire? How can the identity of an anonymous user be revealed? Table of Contents Definitions Pros of Anonymity Cons of Anonymity Ways of achieving Anonymity Ways of unveiling the Anonymous user. Definitions Message – Any communication unit used on the Internet. E.g. email, news article, web page, a blog, a comment posted in a discussion thread etc. Anonymity – The real author of a message is not shown. Psuedonymity – Another name other than the real author is shown. Defintions Deception – A person intentionally tries to give the impression that he is someone else. Positive aspects of Anonymity People in a country with a repressive political regime, may use anonymity to avoid persecutions for their opinions. People may openly discuss personal health problems. People may get objective evaluation of their messages, by not showing their real name. Factors like status, gender, race which could influence the evaluation of what they say will not be known. Darker side of Anonymity Anonymity can be used for disruptive activities like terrorism. Anonymity can be used for illegal activities like distribution of computer viruses, fraud etc. Achieving Anonymity Anonymity can be implemented on the Internet, to make it almost impossible or very difficult to find out who the real author is. But Anonymity is never 100%. There is always a possibility to find the perpetrator, especially if the same person uses the same way to gain anonymity multiple times. Achieving Anonymity – Case 1 A person sends email or posts an article/comment using a falsified name. In this case, the security of the anonymous user is not very high. The IP number of the computer is usually logged, often along with the host name (logical name) also. Achieving Anonymity – Case 1 New comment on your post #28 "My first flight" Author : Harsha (IP: 128.111.43.205 , dinah.cs.ucsb.edu) E-mail : itisharsha@yahoo.com URI : Whois : http://ws.arin.net/cgibin/whois.pl?queryinput=128.111.43. 205 Search result from ARIN (American Registry for Internet Numbers) Search results for: 128.111.43.205 OrgName: University of California, Santa Barbara OrgID: UCSB Address: Office of Information Technology Address: North Hall 2124 City: Santa Barbara StateProv: CA PostalCode: 93106-3201 Country: US Achieving anonymity – Case 1 In case of email, the email header contains a trace of the route of a message. The header can be seen from commands like show full header in your mailer. E.g:“Show orginal” in gmail reveals the header. Achieving higher degree of anonymity – Using several computers (case 2) The impostor first connects to computer A, then from this computer to computer B, then from this to computer C, etc. To find the real person, all the steps must be followed backward. It is a tedious process and includes the cooperation of all computer owners involved. Achieving anonymity – Using Anonymity servers (case 3) An anonymity server receives messages and resends them under another identity. There are 2 types Full anonymity servers – where no identifying information is forwarded. Pseudonymous servers – where message is forwarded under a pseudonym. Achieving anonymity – Using Anonymity servers (case 3) There are companies which provide anonymity servers for users who require them. E.g. Anon.penet.fi People who want to achieve high security against being revealed, often use several anonymity servers in sequence. To trace them, each server must assist or be penetrated. Tracing becomes difficult if each anonymity servers are placed in different countries. Anon.penet.fi server was located in Finland. Conclusion There are different ways to achieve anonymity, making it almost impossible to know the real author However, the law enforcement agencies can always find a way to reveal the identity. All anonymity server providers and Internet Service Providers are required by law to cooperate if demanded by the Court. Conclusion Questions? Conclusion Thank You