A View from Erica Naone
How to Build Anonymity Into the Internet
Could Internet service providers help provide basic privacy services to all users?
Most people leave a trail when surfing the Web. Information such as a computer’s IP address can be traced back to users, or used to reconstruct a profile of browsing habits. Search engines amass large quantities of data on individuals. Though they don’t store this along with usernames, researchers have previously shown that individuals can still be identified using this data.
People who want to avoid leaving this trail can turn to services such as Tor, an open-source system designed to muddy the path a user’s data travels over the Internet (see “Dissent Made Safer”). But Tor struggles with slow network performance, and the service might be overwhelmed if too many users adopted it without also contributing resources.
Last week, at the 9th annual Privacy Enhancing Technologies Symposium, researchers described some more robust protections. They wondered if privacy protection could come from the ISPs responsible for the backbone of the Internet.
One project, anon.next, presented by Matthew Wright, who co-directs the iSec research lab at the University of Texas at Arlington, looks ahead to next-generation deployments of the Internet itself. In the event of a redesign of Internet architecture, Wright argues, proxies that help preserve anonymity could be built in. He envisions working with ISPs to determine points in the network where the proxies would be effective both in terms of protection and performance.
Other researchers are looking for solutions that could work on the Web as it is today. Barath Raghavan, a visiting assistant professor at Williams College in Massachusetts, along with researchers from the University of California, San Diego, and the University of Washington, suggest a protocol that could effectively hide a user’s IP address within the rest of an Internet service provider’s traffic. The researchers say that adding their system wouldn’t hurt performance, and would work in conjunction with Tor and other privacy-protection services. They suggest that ISPs might be willing to add the protocol as a benefit to attract customers, similar to services offered by telephone companies that prevent users from being identified by called ID.
While ISPs are a logical place to turn for privacy help, events such as the passage of the Patriot Act in the United States, which made it possible for the authorities to demand information without a subpoena, make ISPs uncertain allies. The bottom line is, they’re only likely to help if there’s a large customer demand for privacy.
Most people think of online privacy as something most important for citizen journalists in countries with oppressive regimes. However, the number of business models that rely on the collection and sale of user data may for some people in this country to reconsider taking steps to protect it.