Skip to Content

A More Anonymous Internet

New software would let you shop online without disclosing your identity.

Identity theft and credit card fraud are surging international problems, fueled partly by the need to reveal credit card and Social Security numbers in the course of common Internet transactions. Although most businesses immediately encrypt such numbers, researchers at IBM’s Zurich Research Laboratory and elsewhere are devising ways to avoid having to submit the numbers in the first place.

IBM calls its solution Idemix. The software could, for example, allow you to prove to online merchants that you have a valid credit card with certain spending limits, without actually entering the card number. The software starts by enabling you to get an anonymous digital credential from the bank that issued your credit card. This credential contains a pseudonym you choose, the credit card number and its expiration date, and encoded data from the bank that helps verify the credential later.

Then, let’s say you want to buy a Kenny G. disc online. The Idemix software in your PC sends information encrypted in the credential to the online music store, informing it that you have a valid credit card. At the store’s payment center, another part of the Idemix software reads that information. It uses cryptographic algorithms to confirm bank authorizations and spending limits and to collect payment-all without knowing your actual card number. “This set of techniques is really out in front,” says Ronald Rivest, a computer scientist at MIT and a coinventor of a widely used encryption algorithm. Idemix changes the encrypted version of your credential each time you use it, making it harder for Web sites to track your habits.

Just as banks could issue anonymous credentials, so too could government agencies that issue driver’s licenses, Social Security numbers, and other forms of identification. Consider car rentals: an anonymous credential could allow you to prove you are a licensed driver without your having to hand over your actual license. IBM already has prototypes running and could have a version ready for market in one to two years, says Jan Camenisch, lead cryptographer of the Idemix project in Zurich.

Of course, IBM isn’t the only company trying to provide secure e-commerce. Credentica of Montreal, Quebec, is also working to commercialize digital credentials for broader applications. And many academic and corporate research groups are pursuing strategies for more anonymity on the Internet. There’s good reason for all this research: last year, according to the Federal Trade Commission, 162,000 identities were stolen in the United States alone, and Internet fraud cost consumers more than $122 million. And someone out there knows you love Kenny G.

Keep Reading

Most Popular

A view of clouds illuminated by sunlight
A view of clouds illuminated by sunlight

We can’t afford to stop solar geoengineering research

It is the wrong time to take this strategy for combating climate change off the table.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

Death and Jeff Bezos
Death and Jeff Bezos

Meet Altos Labs, Silicon Valley’s latest wild bet on living forever

Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.

ai learning to multitask concept
ai learning to multitask concept

Meta’s new learning algorithm can teach AI to multi-task

The single technique for teaching neural networks multiple skills is a step towards general-purpose AI.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.