Privacy & Anonymity Concepts

This is going to be a quick lesson to ensure we all understand the difference between privacy, anonymity and a few other terms.

Why is this important? Certain tools help you achieve certain objectives. VPN’s and encryption help with privacy / security, while Tor helps with anonymity. Just like in the Internet 101 lesson, you have to understand the digital battlefield in order to choose the correct security profile.

We all have an intuitive understanding of what Privacy versus Security means when talking about the physical world. Since 9/11, our right to personal privacy (physical as well as informational) has been under extreme and perverse erosion in the name of providing some fictitious national “security”.

Bruce Schneier, an internationally renowned cryptographer, security and privacy expert, succinctly said:

“The debate isn’t security versus privacy. It’s liberty versus control.”

And there you have it – Liberty v. Control – The People v. The State.

 

So, what does that mean for FreeFor Information Operations? First, break apart privacy from anonymity. They are not the same.  Privacy is nobody seeing what you do, but potentially knowing who you are. Anonymity is nobody knowing who you are, but potentially seeing what you do.

In military terms, Anonymity is a Covert Operation and Privacy is a Clandestine Operation.

From Weaponsman

Covert Operation (Anonymous):

“An operation that is so planned and executed as to conceal the identity of or permit plausible denial by the sponsor.”

Clandestine Operation (Private):

“An operation sponsored or conducted by governmental departments or agencies in such a way as to assure secrecy or concealment. A clandestine operation differs from a covert operation in that emphasis is placed on concealment of the operation rather than on concealment of the identity of the sponsor.”

 

Let’s dig into this a little bit as it relates to your electronic presence. Privacy deals with the content of your communication, while anonymity deals with identity. “Identity” can be exposed or inferred by patterns or characteristics of communication without needing the content of the communication.

Here is a simple example of privacy and no anonymity. If you mail a letter to someone, the content of the communication is private, inside the envelope. However, your identity, the metadata and associations are not private. There is a destination and return address. They know who you are, who your friend is, and that you are communicating with him. They may even extract other information based on the envelope itself without ever looking at the content (fingerprints, dust, etc).

This letter is private (secure), but not anonymous. In the digital world, it is even worse. Unless you are using encryption, your emails aren’t even protected by an envelope. If you think this does not matter, take a look at this post on Social Network Analysis of Paul Revere (Lessson ID 0006).

An example of anonymity is a suggestion box. Everyone can eventually see what you wrote for a suggestion, but not discover who wrote it.

In the data information realm, we often use terms like privacy, control, security, anonymity, pseudonymity, and trust.   Privacy is sometimes described as the combination of Control + Trust. If you control access to your data, or you trust others who control access to your data, you have privacy.

Anonymity is when your identity is completely unknown. Pseudonymity is when you construct an alias or fake identity. There is a known association, but only to you or a small group. Tor allows you to be anonymous, it does not create a fake identity for you. When you post online under a fake name, you are pseudonymous. They are not the same thing.

Privacy can be controlled individually with certain techniques. Client side software delivers privacy by using encryption. It cannot create anonymity. With help of cryptography, many privacy issues can be solved. Cryptography is especially well suited for enabling data and communication privacy. In addition to providing confidentiality, cryptography can also provide integrity, identification and can enable authorization and non-repudiation (proof of authorship).

Anonymity generally requires a crowd, or network to hide in (Tor), there is no one-man anonymity system. Anonymity, on the internet, is to blend in with the crowd so that your activities are not attributable to you. It means that it necessarily requires the participation of others.  You can’t be anonymous if you exhibit uniqueness – by IP, by MAC address, by Browser Fingerprint, by metadata or by traffic patterns.

You will see this in later lessons on Tor. The more Tor users there are, the more anonymity is available to all users. Make the haystack bigger.

To wrap this up, we’ll leave you with yet another good reason to be as anonymous and private as possible. Remember 3 felonies a day?

Let’s take a not-so-hypothetical example – Parallel Construction, otherwise known as reverse-engineering a crime scene. Data of unknown specificity (metadata or content) is provided to LE agencies, who then use it to apprehend you, manufacture probable cause, get warrants and then get the data they really need to continue prosecution…

From Reuters

‘Agents of a secretive DEA unit routinely receive tips from US intelligence agencies, including NSA intercepts, a report states. The sources are then concealed with “parallel construction” of evidence – a troubling practice that many call unconstitutional.

A document obtained by Reuters “specifically directs” the agents of the Special Operations Division (SOD) to cover up their information sources from investigative reports, affidavits, discussions with prosecutors and courtroom testimony.

Such sources may include intelligence intercepts, wiretaps, three-letter-agencies’ informants and a massive database of telephone records – all of which could reportedly be used to help the authorities launch criminal investigations of Americans.

“Remember that the utilization of SOD cannot be revealed or discussed in any investigative function,” reads the document, which is said to be presented to the agents of this Drug Enforcement Administration (DEA) unit.

SOD is comprised of two dozen partner agencies, which include the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security, and much of the unit’s work is classified.

The unit is said to be offering at least three services to federal, state and local law enforcement agents: coordinating international investigations; distributing tips from overseas NSA intercepts, informants, foreign law enforcement partners and domestic wiretaps; and circulating tips from a massive database known as DICE.

Instead of revealing the agencies’ part in any launch of a criminal case, the agents are instructed to use “normal investigative techniques to recreate the information provided by SOD.”

This in effect means certain “tips” might be given to the agents and the police on condition they never talk about them in court.

A former US federal agent who received such tips from SOD described the process to Reuters. “You’d be told only, ‘Be at a certain truck stop at a certain time and look for a certain vehicle.’ And so we’d alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it.”

Following the arrest, the agents would then pretend the investigation started with the traffic stop, he said.

This process, referred to as “parallel construction,” is a routine practice used by the agents, two senior DEA officials told the news agency, speaking on condition of anonymity. ‘

 

The lesson here? Don’t be singled out as electronically interesting. Don’t make it easy for the bastards.

~ffio

2 comments on “Privacy & Anonymity Concepts
  1. LastBox says:

    Something else: deniable / forward-secret comms.
    Important to consider going forward. A lesson for much later.

    https://otr.cypherpunks.ca/
    https://en.wikipedia.org/wiki/Deniable_encryption

  2. ffio says:

    Good add, LastBox. We can work that in. Thanks for reading and commenting.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Current Versions
Looking Glass Secure Email
Version: Latest Beta
Tor Browser: 04.09.15: Version: 4.0.8
Tails : 03.31.15: Version: 1.3.2
Gpg4win: 03.18.15: Version: 2.2.4

We suggest you do NOT follow us with your real email address. Do Lesson #2, get a new anon email, then follow us.

Join 46 other followers