How to Protect your Internet Anonymity and Privacy/Threat Models

Threat Models


Trace Back

edit

You don't want the website you visited having the ability to trace your real life identity, or just to build a long term profile of you. Internet connections are like phone networks in which everybody has a phone number, known as IP addresses. You can block your caller ID but the phone operator has to disclose your information under court orders. Your ISP has to do the same given your IP address.

The first step of remaining anonymous is to use a proxy, a server that is willing to forward your web request without disclosing your IP. This is little more than subscribing a magazine using a P.O. box, which by US law the post office have to keep your verified address on record. So depending on who and where is the proxy, protection is not guaranteed.

Middleman Observer

edit

Your data packets pass through many hops before arriving at destinations. Unless your connection is end-to-end encrypted, using https protocol typical for banking, anybody sitting in the middle can see what you see together with your IP address, even when you are using proxies. Powerful adversaries can simply use keyword detection to identify you as their enemy.

Spying

edit

You may be a random victim of spyware infection, or someone plants custom software or device to spy specifically on you. In any case, it is as bad as that your ISP is your adversary, monitoring your every data packet.

Data Retention

edit

Many countries in the world have Data Retention Laws in place, requiring Internet operators to store server logs typically for six months to two years. So by correlating server logs after the fact under court orders, law enforcement can find out who you talked to and when, even if you use a chain of proxies. This creates another level of threat as even banks and governments regularly leak personal data.

Traffic Analysis

edit

A resourceful adversary with the ability to observe the traffic in many points of the internet can compromise your anonymity. For low-latency traffic, such as posting on a message board, if attackers can observe the traffic into message board websites, and observe users at their ISPs, they can determine the identity of users and their handles by correlating the timing of web traffic.