How to Protect Your Identity on the Internet

You may know of anonymous remailers from their somewhat shady association with spammers, terrorists, hackers, Virus writers, etc. But anonymous remailers, tools that let you send e-mail and post messages to newsgroups without revealing your identity, have practical and legitimate applications. For instance, they can be useful when you need to blow the whistle on corrupt practices in your workplace, discuss ideas in a politically oppressed country, ask medical or financial questions on a website, participate in a self-help group, etc.

If you just want to hide your identity from casual observers, a Web e-mail address in another name or "handle" from Yahoo.com, Excite.com, Mail.com, Graffiti.net or US at Advanced Corporate Planning could work.

But this technique won't stop anyone technologically knowledgeable from figuring out who you are. Your message header reveals your IP address-the server through which you connect to the Internet. Using that IP address, a dedicated investigator can obtain your name, address, and phone number. Also, these messages aren't encrypted and can be read as they leave your computer.

Anonymous remailers hide your IP address by removing header information. In its simplest form, a remailer server acts as a go between. You send your message to the remailer, the remailer strips off the header, and then forwards your message to its destination. The receiver sees the remailer's IP address rather than yours.

Years ago, this strategy was used by anon.penet.fi, a widely used anonymous remailer that operated out of Finland from 1993 to 1996. The problems encountered by anon.penet.fi demonstrate the weakness in this approach. The Finnish police forced the owner, Johan Helsingius, to reveal the identities of individuals accused of copyright violation and other crimes. (Helsingius finally closed down the service because of massive abuse by spammers.)

Servers such as these are termed pseudonymous remailers, because their anonymity depends on the willingness and ability of the server administrator to keep the identities of its users confidential. Another now-defunct pseudonymous server, at alpha.c2.org, offered security-enhancing features, such as support for encryption, chained remailing, and reply blocks (a technique that lets people respond to you without learning your identity).

Truly anonymous remailers don't offer any way to reply to the sender. There are two main types: "Cypherpunk" (Type I) and "Mixmaster" (Type II). These are harder to use than pseudonymous remailers, but offer more protection for you. You will need to learn how to use PGP encryption, build the message, and set up the chain of remailers through which your message is transmitted. Cypherpunk messages can be created in Notepad, WordPad, etc., but Mixmaster messages require special software.

Cypherpunk uses nested, encrypted messages to route your message through several remailer servers before it reaches its destination. At each stop, a layer de-scribing the next destination is decrypted and removed before forwarding. Because the messages shrink with each hop, they can be tracked on the Internet using traffic analysis techniques. Mixmaster closes this security gap by rotating the encrypted headers from top to bottom as they are used, so all messages are the same size. Another technique to confuse traffic analysis is inserting a random lag time before messages are forwarded.

Web-based anonymous e-mail services are far more user-friendly but less secure. Hush mail, recently reviewed in PC Magazine, offers free and paid versions. Anonymizer.com's Total Net Shield product provides anonymous e-mail, surfing, and instant messaging. W3-Anonymous Remailer is another free, easy-to-use service.

Web Browsing

Your web browser typically leaks a lot of information about you to the web sites you visit. Information about what web browser you use, Operating system, etc. You can counter this by using an anonymizing web proxy. See below for link to the Electronic Frontiers Georgia Web site, which has a list of over 1,000 anonymizing web proxies, (this is not a comprehensive list by any means).

Buying on the Internet can be done with a credit card, but that is not very secure. It is also not very anonymous. Your credit card company knows what you are buying, and where, and when. The person you are buying from also knows your name, zipcode, etc. just to confirm your identity to the bank and authorize the charge. Unfortunately, while there were several companies organized to provide "Digital Cash", most have gone under in the dot-com crash. There is new work in this field, but there is not at this time anyone using it widely enough to matter.

For example, (from Paypal.com) "If you are a registered PayPal user, your name, e-mail address, date of sign-up, and whether you have verified control of a bank account are displayed to other PayPal customers whom you have paid or who are attempting to pay you through PayPal. However, your credit card number, bank account and other financial information will NEVER be revealed to anyone whom you have paid or who has paid you through PayPal, except if we are required to do so pursuant to a subpoena or other legal process."

"If you are buying goods or services and paying through PayPal, the seller of the goods or services may request that you provide a mailing address that PayPal has confirmed as matching the billing address in the credit card system. You do not have to provide this information. If you do not provide the information, however, the seller may choose not to accept your PayPal payment and not to complete the transaction."

Instant Messaging with a different name from Netscape / AOL, Yahoo, etc. may help protect your Identity. Never use your real name when Instant Messaging.

The Electronic Frontiers Georgia Web site maintains several privacy pages including tools for privacy (mainly software), anonymous remailers, Web Surfing Proxies, etc.