How online privacy tools are changing Internet security and driving the (probably quixotic) quest for anonymity in the digital age.
For many of us, the Internet is like a puppy—lovable by design and fun to play with, but prone to biting. We suspect that our digital footprint is being tracked and recorded (true), mined and sold (super true), but we tolerate these teeth marks because, for many of us, the Internet is irresistible, its rewards greater than its risks. In a 2011 Gallup poll, more than half of those surveyed said they worried about privacy issues with Google, yet 60 percent paid weekly visits to the search giant. As long as we clear our search terms, block cookies, use antivirus software and see that our social media presence isn’t too social, we’ll be OK. Right?
Increasingly, this sense of security is an illusion. “I don’t trust anything on the Internet,” says digital whistleblower John Young. “Cybersecurity is a fiction.” He would know: Young was a seminal member of WikiLeaks and runs Cryptome, a website that posts “documents prohibited by governments worldwide”—think FBI files and manuals detailing how Microsoft spies on us. He argues that the tenuous architecture of the Internet prevents it from being truly secure.
Case in point: Mat Honan, the wired.com writer whose entire digital existence was destroyed by hackers within the span of an hour last August. The cyberbaddies broke into Honan’s Gmail, accessed his Apple ID account and deleted data on his MacBook, iPhone and iPad, including photos of his family. The scariest part of this privacy breach—aside from the fact that its victim is a tech writer (ahem)—is that the hackers hijacked his online world using nothing more than his billing address and the last four digits of his credit card, information that’s relatively easy to obtain online if you know the right tricks. Honan’s story served as yet another reminder that THE INTERNET IS NOT SAFE, PEOPLE.
So is it time to go off the grid? That’s one option. Another is to ditch the puppy analogy and view the Internet the way those who demand higher than average levels of security do: as a giant tracking device that can be outsmarted. Countless tools exist to cloak your digital identity: email encryption services, “meta search engines” that promise private browsing and networks and software that offer a degree of anonymity and, in some cases, entry to previously inaccessible websites. Sounds like the stuff of spy novels, but these tools are available to anyone with an Internet connection.
Of course, the idea of online anonymity clashes with the prevailing “share everything” approach to the Internet—and the moneymaking opportunities therein—which makes it a fascinating and complicated topic. Its opponents say it fosters hate and crime (Mark Zuckerberg’s sister, Randi Zuckerberg, who used to head up marketing at Facebook, famously called for the end of online anonymity earlier this year, stating that “People behave a lot better when they have their real names down”), while privacy champions argue that anonymity grants greater security and freedom of expression. The John Youngs of the world will tell you that being truly unidentifiable online is a fairy tale. But every fairy tale has a lesson, and even if you get hives thinking about trading your identity for a more armored online existence, there’s plenty to learn from the heroes, villains and everyday secret-keepers attempting to go John Doe in the digital realm.
Photo by Richard Fleischman.
There’s a famous New Yorker cartoon from 1993 that shows two dogs in front of a computer, one saying to the other, “On the Internet, nobody knows you’re a dog.” This was a novel proposition in the Web’s early days. Liberated from our actual identity, we chatted in forums using ridiculous pseudonyms such as “beaniebabyaddict47” and posted comments as “Anonymous,” our snarky alter ego. Anonymity felt great, even if technically it was just a state of mind. But then social media arrived, and with it the idea that transparency is power. Suddenly, we decided it was important to tell the Internet our real name and what we had for breakfast.
For those who want to keep their breakfast habits a secret, the rise of transparency created new security risks. Enter the digital cloaking device. In 2002, the U.S. Naval Research Lab debuted Tor, one of the more effective “anonymizers” to date. A group of M.I.T. grads developed it with the goal of masking one’s IP address, the string of numbers that reveals a given computer’s physical location (snoops and hacks love your IP because it brings them one step closer to determining the real you).
At the heart of Tor is a concept called “onion routing,” which sends the “packets” of info needed to get from points A to B online on a winding route through a network of randomly selected servers, each one knowing only the packet’s previous and next stops in the chain, thereby hiding the user’s IP and allowing a degree of anonymous Web browsing. Confused? In the simplest terms, Tor separates the origin and destination of your online communication, essentially tunneling you through the Web.
The U.S. Navy financed this tunnel to protect government communications, but its code was released to the public because, as Karen Reilly, development director for the nonprofit Tor Project, puts it, “A Navy anonymity network wouldn’t work. The idea is to have many diverse users so that you can’t tell who somebody is just by virtue of them using Tor.” Using seed money from the Electronic Frontier Foundation, a digital rights advocacy group, the Tor Project formed a decade ago to grow Tor’s user base and maintain and improve its network. Today, Reilly estimates that Tor has about half a million daily users and 3,000 to 4,000 “nodes,” volunteer servers that hopscotch you through the network.
Tor is available as a free download on torproject.org. This software includes a Tor-enabled version of the Firefox Web browser that hides your IP address and forces an encrypted connection where available. Sounds great, but like most anonymizing tools, Tor is flawed. It slows Web browsing and, if someone decided to keep an eye on a large enough swath of the Internet, he could theoretically analyze data patterns to guess where the communication originated.
These weaknesses haven’t stopped hundreds of thousands from downloading the service. Reilly says most people use it to protect their browsing because “they think it’s creepy to be tracked. They don’t like the fact that there’s a file on them somewhere being kept by an advertiser who knows what cereal they like to eat.” And there are more weighty reasons to use Tor: Journalists and activists in oppressive regimes use it to circumvent Internet censorship. It’s been reported that Arab Spring revolutionaries tapped Tor to access Facebook and Twitter, both of which were blocked at various points by Egypt, Iran and others (incidentally, Iran has the second-highest number of Tor users; the United States has the most).
Criminals, trolls and other creeps also love Tor—no surprise given their affinity for the Internet in general. In the mood for some heroin? Silk Road is a one-stop online shop for illegal goods that uses Tor to hide its location from users and, ostensibly, law enforcement. Anonymity haters reference nasty sites like these when stating their case, but Reilly thinks this is misguided. “If Tor didn’t exist, criminals would have other options.”
Other options used by both crooks and law-abiders include virtual private networks, which are faster than Tor and sometimes less secure—and generally not free. Like Tor, VPNs provide a secure connection between computers and can be used as a gateway to websites that would otherwise be inaccessible. VPNs are all the rage in China, where government censorship of the Internet is the norm. Mara Hvistendahl, a Shanghai-based correspondent for Science magazine, has experimented with different privacy tools since moving to the city in 2004. She started with Tor, but found it too slow for regular Web browsing, so she switched to VPNs to access Gmail and Google Scholar, sites that have been blocked by Chinese censors. “Every foreign journalist I know in China uses a VPN,” she says. Another VPN user—a China-based English and journalism teacher who spoke to Sky on the condition of you know what—says she pays for a VPN called Astrill to reach Facebook.
Both women mentioned pairing VPNs with other privacy tools. Hvistendahl has heard of reporters combining VPNs, multiple SIM cards and the secure email service Hushmail to protect sources. If it’s true that no online cloaking device is totally effective, this bundling strategy might be our best bet for protecting ourselves online—though good luck trying to convince the average Web user to do it.
Most people have a difficult time with far-off risk,” says Ashkan Soltani, a former technologist with the Federal Trade Commission’s privacy division who’s currently a privacy/security researcher and consultant. “That’s why we passed seat belt laws. The likelihood of you getting in a car accident is low, but the harm that you might experience in that accident is potentially high. It’s the same online. We’re bad at figuring out how our data could be used against us in the future, so we don’t care.”
We should care, says Lee Tien, senior staff attorney for the Electronic Frontier Foundation, because data privacy laws are “not incredibly strong.” This is an understatement in countries such as China and Iran, where Web users have little or no online freedom. The US has the Wiretap Act and the Stored Communications Act, both of which address basic privacy issues such as police needing an interception order to tap emails. But these laws fail to look at how private corporations handle our digital footprint, and as a result, we’re at the mercy of, say, Facebook’s data policy or Google’s data policy, and we all know that they have our best interests in mind . . . .
But here’s the real stinger: Let’s say you decide to take control of your digital footprint and start using some of the tools mentioned above. Also, you begin paying closer attention to the privacy policies on the various sites you visit, clicking “do not track” when possible and opting out of initiatives such as Google’s targeted ads program, which is based on the content of your email. Congratulations, responsible netizen, you now have more online security than most—have fun on your cumbersome, hard-to-manage, less optimized version of the Internet!
Ken Berman puts it another way: “If you want to be on Facebook, there are certain things—anonymizing tools that prevent tracking, prevent cookies, prevent identifying behavior—that make some of these social media tools difficult to work with.” Berman, an IT security expert who for years worked at the Broadcasting Board of Governors (the United States’ international broadcasting arm), sees two options for Internet users: “Either you say, ‘I give in. I enjoy the Web, so I’ll put up with walking by a store and getting a text message that says go in this store and you’ll get an immediate 10 percent coupon.’ Or you say, ‘No, I don’t want to play in that world, so I’m going to use Tor or a VPN. I’m going to clean up my session every time I log out and not leave any remnants of my behavior.’ I don’t see how there’s anything in between.”
Soltani is more optimistic. He sees a future where governments pass stronger digital privacy laws and geeks build easier-to-use privacy controls that work seamlessly with the slobbering puppy version of the Internet we all love. In the meantime, he’s doing his best to educate as many people as possible on the virtues of proper digital hygiene, whether that means using anonymity tools or simply being more aware of the fact that you leave a data trail wherever you go these days (don’t even get us started on smartphones).
“My big thing is to demystify I.T.,” says Soltani. “It doesn’t help to think of it as magic or something that’s bringing the world to an end. Tech changes the way we interact with one another and our society—and we should be cognizant of that and adjust accordingly.”
For now, it remains to be seen how these changes will affect online anonymity, a concept that begs important questions about what sort of society we want to live in: Is anonymity a right? Should we be able to engage in discourse anonymously? Should beaniebabyaddict47 be allowed to have such an obnoxious alias? Stay tuned. // With consultation on information systems security from Matt Lange at Milwaukee Area Technical College.
Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user’s real IP/location.
Whonix consists of two machines, which are connected through an isolated network. One machine acts as the client or Whonix-Workstation, the other as a proxy or Whonix-Gateway, which will route all of the Whonix-Workstation’s traffic through Tor. This setup can be implemented either through virtualization and/or Physical Isolation.
Whonix advantages:
All applications, including those, which do not support proxy settings, will automatically be routed through Tor.
Installation of any software package possible.
Safe hosting of Hidden services possible.
Protection against side channel attacks, no IP or DNS leaks possible^3^ To test for leaks, see LeakTests.
Advantage over Live CD’s: Tor’s data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save it’s Entry Guards.
Java / JavaScript / flash / Browser Plugins / misconfigured applications cannot leak your real external IP.
Whonix does even protect against root exploits (Malware with root rights) on the Workstation.
Uses only Free Software.
Building Whonix from source is easy.
Tor+Vidalia and Tor Browser are not running inside the same machine. That means that for example an exploit in the browser can’t affect the integrity of the Tor process.
It is possible to use Whonix setup in conjunction with VPNs, ssh and other proxies. But see Tor plus VPN/proxies Warning. Everything possible, as first chain or last chain, or both.
Loads of Optional Configurations (additional features / Add-Ons) available.
Best possible Protocol-Leak-Protection and Fingerprinting-Protection.
A Spanish researcher demos new satellite-hijacking tricks with cybercriminal potential.
Satellites can bring a digital signal to places where the Internet seems like a miracle: off-the-grid desert solar farms, the Arctic or an aircraft carrier at sea. But in beaming data to and from the world’s most remote places, satellite Internet may also offer its signal to a less benign recipient: any digital miscreant within thousands of miles.
In a presentation at the Black Hat security conference in Arlington, Va., Tuesday, Spanish cybersecurity researcher Leonardo Nve presented a variety of tricks for gaining access to and exploiting satellite Internet connections. Using less than $75 in tools, Nve, a researcher with security firm S21Sec, says that he can intercept Digital Video Broadcast (DVB) signals to get free high-speed Internet. And while that’s not a particularly new trick–hackers have long been able to intercept satellite TV or other sky-borne signals–Nve also went a step further, describing how he was able to use satellite signals to anonymize his Internet connection, gain access to private networks and even intercept satellite Internet users’ requests for Web pages and replace them with spoofed sites.
“What’s interesting about this is that it’s very, very easy,” says Nve. “Anyone can do it: phishers or Chinese hackers … it’s like a very big Wi-Fi network that’s easy to access.”
In a penetration test on a client’s network, Nve used a Skystar 2 PCI satellite receiver card, a piece of hardware that can be bought on eBay ( EBAY – news – people ) for $30 or less, along with open source Linux DVB software applications and the network data analysis or “sniffing” tool Wireshark.
Exploiting that signal, Nve says he was able to impersonate any user connecting to the Internet via satellite, effectively creating a high-speed, untraceable anonymous Internet connection that that can be used for nefarious online activities.
Nve also reversed the trick, impersonating Web sites that a satellite user is attempting to visit by intercepting a Domain Name System (DNS) request–a request for an Internet service provider (ISP) to convert a spelled out Web site name into the numerical IP address where it’s stored–and sending back an answer faster than the ISP. That allows him to replace a Web site that a user navigates to directly with a site of his choosing, creating the potential for undetectable cybercrime sites that steal passwords or installs malicious software.
In his tests on the client’s network, Nve says he was also able to hijack signals using GRE or TCP protocols that enterprises use to communicate between PCs and servers or between offices, using the connections to gain access to a corporation or government agency’s local area network.
The Barcelona-based researcher tested his methods on geosynchronous satellites aimed at Europe, Africa and South America. But he says there’s little doubt that the same tricks would work on satellites facing North America or anywhere else.
What makes his attacks possible, Nve says, is that DVB signals are usually left unencrypted. That lack of simple security, he says, stems from the logistical and legal complications of scrambling the signal, which might make it harder to share data among companies or agencies and–given that a satellite signal covers many countries–could run into red tape surrounding international use of cryptography. “Each [country] can have its own law for crypto,” says Nve. “It’s easier not to have encryption at the DVB layer.”
Nve isn’t the first to show the vulnerability of supposedly secure satellite connections. John Walker, a British satellite enthusiast, told the BBC in 2002 that he could watch unencrypted NATO video feeds from surveillance sorties in the Balkans. And the same lack of encryption allowed insurgents to hack into the video feed of unmanned U.S. drone planes scouting Afghanistan, the Wall Street Journal reported in December.
In fact, the techniques that Nve demonstrated are probably known to other satellite hackers but never publicized, says Jim Geovedi, a satellite security researcher and consultant with the firm Bellua in Indonesia. He compares satellite hacking to early phone hacking or “phreaking,” a practice that’s not well protected against but performed by only a small number of people worldwide. “This satellite hacking thing is still considered blackbox knowledge,” he wrote in an e-mail to Forbes. “I believe there are many people out there who conduct similar research. They may have some cool tricks but have kept them secret for ages.”
At last year’s Black Hat D.C. conference, British cybersecurity researcher Adam Laurie demonstrated how he intercepts satellite signals with techniques similar to Nve, using a DreamBox satellite receiver and Wireshark. But Nve argues that his method is far cheaper–Laurie’s DreamBox setup cost around $750–and that he’s the first to demonstrate satellite signal hijacking rather than mere interception.
“I’m not just talking about watching TV,” says Nve. “I’m talking about doing some very scary things.”
Satellite hacking for fun isn’t cheap! One of the sessions I was really looking forward to ahead of the Black Hat DC event this year was Adam Laurie’s session titled – Satellite Hacking for Fun and Profit.
It’s a session that didn’t disappoint, Laurie is always entertaining, but it also revealed how much effort is actually required to try and get at satellite signals.
First off, Laurie prefaced his talk by noting that he wasn’t going to talk about hacking the actual satellite in space itself.
“I’m playing it safe and just looking at what is coming down,” Laurie told the Black Hat audience.
Instead what Laurie focused his talk on was something he called ‘Feed Hunting’ – that is looking for satellite feeds that are not supposed to be found. Laurie claimed that he has been doing satellite feed hunting for years – at least as far back as the untimely demise of the late Princess Diana in 1997. Laurie claimed that he was able to find a non-public feed from a TV broadcaster that had left their transponder on in a Paris hotel room.
Fast forward a dozen years and Laurie commented that the technology to identify satellite feeds has progressed dramatically. Among the reasons why he satellite feed hunting has gotten easier is an open source based satellite received called the dreambox.
Laurie explained that the dreambox has a web interface that makes it easier to find streams and provides information on what the stream includes. Another open source technology also helps to feed hunt satellite content.
A project called dvbsnoop is a DVB (dIgital video broadcasting) and MPEG stream analyzer that lets the user access raw data from DVB card. By sifting through the raw data, Laurie demonstrated that interesting satellite feeds that weren’t intended to be public could be found.
Going a step further, Laurie claimed that he had created his own python based script called dreaMMap that could create a 3d model of satellite frequency transmissions. With the 3D model the user just does a point and click to steer dish to a particular satellite frequency. One memory of the Black Hat audience asked Laurie if what he was doing was legal. Laurie shrugged and commented:
“I’m in the US giving a talk where I’m tunneled to my server in the UK and looking at a satellite in space that is over Africa – so who would get me?”
All told there is a financial cost to Laurie’s satellite feed hunting techniques – and that cost is approximately $785 for the Dreambox hardware, the actual satellite dish and then the motor and the mount for the dish. Well I guess if you’ve got the money to burn…
VPNs and SSH tunnels can both securely “tunnel” network traffic over an encrypted connection. They’re similar in some ways, but different in others – if you’re trying to decide which to use, it helps to understand how each works.
An SSH tunnel is often referred to as a “poor man’s VPN” because it can provide some of the same features as a VPN without the more complicated server setup process – however, it has some limitations.
How a VPN Works
VPN stands for “virtual private network,” – as its name indicates, it’s used for connecting to private networks over public networks, such as the Internet. In a common VPN use case, a business may have a private network with file shares, networked printers, and other important things on it. Some of the business’s employees may travel and frequently need to access these resources from the road. However, the business doesn’t want to expose their important resources to the public Internet. Instead, the business can set up a VPN server and employees on the road can connect to the company’s VPN. Once an employee is connected, their computer appears to be part of the business’s private network – they can access file shares and other network resources as if they were actually on the physical network.
The VPN client communicates over the public Internet and sends the computer’s network traffic through the encrypted connection to the VPN server. The encryption provides a secure connection, which means the business’s competitors can’t snoop on the connection and see sensitive business information. Depending on the VPN, all the computer’s network traffic may be sent over the VPN – or only some of it may (generally, however, all network traffic goes through the VPN). If all web browsing traffic is sent over the VPN, people between the VPN client and server can’t snoop on the web browsing traffic. This provides protection when using public Wi-Fi networks and allows users to access geographically-restricted services – for example, the employee could bypass Internet censorship if they’re working from a country that censors the web. To the websites the employee accesses through the VPN, the web browsing traffic would appear to be coming from the VPN server.
Crucially, a VPN works more at the operating system level than the application level. In other words, when you’ve set up a VPN connection, your operating system can route all network traffic through it from all applications (although this can vary from VPN to VPN, depending on how the VPN is configured). You don’t have to configure each individual application.
SSH, which stands for “secure shell,” isn’t designed solely for forwarding network traffic. Generally, SSH is used to securely acquire and use a remote terminal session – but SSH has other uses. SSH also uses strong encryption, and you can set your SSH client to act as a SOCKS proxy. Once you have, you can configure applications on your computer – such as your web browser – to use the SOCKS proxy. The traffic enters the SOCKS proxy running on your local system and the SSH client forwards it through the SSH connection – this is known as SSH tunneling. This works similarly to browsing the web over a VPN – from the web server’s perspective, your traffic appears to be coming from the SSH server. The traffic between your computer and the SSH server is encrypted, so you can browse over an encrypted connection as you could with a VPN.
However, an SSH tunnel doesn’t offer all the benefits of a VPN. Unlike with a VPN, you must configure each application to use the SSH tunnel’s proxy. With a VPN, you’re assured that all traffic will be sent through the VPN – but you don’t have this assurance with an SSH tunnel. With a VPN, your operating system will behave as though you’re on the remote network – which means connecting to Windows networked file shares would be easy. It’s considerably more difficult with an SSH tunnel.
If you’re worried about which is more secure for business use, the answer is clearly a VPN — you can force all network traffic on the system through it. However, if you just want an encrypted connection to browse the web with from public Wi-Fi networks in coffee shops and airports, a VPN and SSH server both have strong encryption that will serve you well.
There are other considerations, too. Novice users can easily connect to a VPN, but setting up a VPN server is a more complex process. SSH tunnels are more daunting to novice users, but setting up an SSH server is simpler – in fact, many people will already have an SSH server that they access remotely. If you already have access to an SSH server, it’s much easier to use it as an SSH tunnel than it is to set up a VPN server. For this reason, SSH tunnels have been dubbed a “poor man’s VPN.”
Businesses looking for more robust networking will want to invest in a VPN. On the other hand, if you’re a geek with access to an SSH server, an SSH tunnel is an easy way to encrypt and tunnel network traffic – and the encryption is just as good as a VPN’s encryption.
Bitcoins are not mere drug currency.
Bitcoins are not failing.
Okay?
Are we clear about that?
Good.
The future of online commerce looks to rely less and less on the physical amount of money you have in your bank accounts and wallets and more on what you could call “digital” wallets: online reservoirs where you store money. Really, we already use some variation of a digital wallet, we just don’t easily acknowledge it. You work, you get paid via direct deposit, numbers change in your checking account, you use debit and credit cards to make transactions, you go back to work. Rinse, repeat. You hardly ever see cash unless you deliberately withdraw it from an ATM. Anymore, our money consists of strings of number values running through some computer located who knows where. We just confidently assume that all that money is actually staying or going where it should be staying or going.
While that describes our current model of commerce, it also serves as a fair portrait of Bitcoins, the emerging currency exclusive to the Internet.
If you’re familiar with Bitcoins and run an online business, how do you feel about accepting this form of currency? Cash currency has never kept somebody from getting ripped off, so what is the main hesitation for you and your business when it comes to accepting an exclusively online currency? If you’re unsteady about it right now, what would you like to see change with Bitcoins (or any type of online currency) before you were more comfortable with using it? Or, are you totally onboard with this form of currency already? Share your thoughts with us and other readers below in the comments.
Essentially, Bitcoins are an intangible currency, really no different in action than the numbers bouncing up and down in your bank account. Alternately, instead of representing sums of physical currency, Bitcoins are literally a majestic sequence of unique numbers that can be traded for goods. Instead of swapping wads of bound fibers and inks that are woven together into this germy thing we call cash, Bitcoins exist in a purely digital tapestry. It’s an experiment in decentralized currency, and while it’s been a good experiment and still has some growing to do, it doesn’t show any signs of disappearing anytime soon.
While it’s still got some time to really appreciate and grow stronger as a currency, a purely online currency will exist in one form or another. It won’t ever replace your tangible currency, but work alongside it for all of your online consumer decisions.
To find out more about the current state of Bitcoins and what will happen with them in the near (and far) future, I got in touch with Gavin Andresen, the Lead Core Bitcoin Developer, about the developments of the past year regarding Bitcoins and why this novel currency could feature prominently in the future of online commerce.
Bitcoins: A Primer
Money as an object is meaningless. It’s paper and and some inks and, thanks to people, lots of bacteria. It’s an arbitrary token that merely represents a commercial promissory value people can earn in exchange for goods or services that can then either be saved or spent on other goods or services. Dollars, euros, yen, pounds, rupees, tobacco leaves, rands – it doesn’t matter what object you invest value into, it’s the idea behind the currency that buttresses its value. The Bitcoin is no different.
The only difference is that, as opposed to physical money that you’ll stuff into your pockets and wallets, you will likely never actually hold a Bitcoin (yes, there are physical versions of Bitcoins if you absolutely must have a real version to thumb around in your palms). Just because you’re likely to never touch one, though, doesn’t mean that Bitcoins are any less valuable than the bills you have folded up in your right pocket. Instead, think of it like this: you are no more likely to hold a Bitcoin in your hand than you are to hold Pythagoras’ theorem in your hand.
What does distinguish this disembodied currency from its corporeal familiars, however, is that Bitcoins are not dependent on anything except the people who produce and use it. No governments, no banks, no organizations – just people. A truly anarchistic, peer-to-peer currency.
For a simplified explanation for how the Bitcoin market works on a consumer level, have a look at this video put together by We Use Coins.
The currency, however, doesn’t just fall into your lap like a prize from a cereal box, nor is it just magically conjured up from the imagination like the latest Internet meme. The production of Bitcoins is best explained through the simile of gold mining. Instead of boring through a mountain to unearth precious metals, new Bitcoins are generated by unlocking a mathematical sequence called a block chain and are doled out in increments of 50. The people that produce these Bitcoins, then, are known as miners (that’s actually the technical term for Bitcoin producers, too, not just a metaphorical descriptor). These miners, however, have traded in their helmets and pickaxes in exchange for loads of GPU firepower and very sophisticated software capable of deciphering the block chains. The software works in tandem across a network to solve these cryptographic proofs and the miner who is the first to solve the block chain will receive the 50 Bitcoins. Once a block chain has been unlocked, it is added to a ledger in order to prevent those Bitcoins from double-spending.
Eventually, as more blocks are solved, fewer Bitcoins will be generated because the block chains will be worth fewer new coins. Solving a block chain today is worth 50 new Bitcoins, but as of this December that reward will be reduced to 25 Bitcoins. Some time off in the future, it will be reduced again to 12.5. The gradual reduction in rewards works to mitigate the generation of new Bitcoins so as to avoid flooding the market, which would result in a devalued currency.
As more miners work to generate Bitcoins, the difficulty in unlocking the block chains increases so as ensure that a new block is generated only every 10 minutes on average. The increased difficulty of unlocking a block chain’s sequence is designed in such a way that, over time, the maximum capacity of Bitcoins that will be generated will be 21 million. Added to the multiplied difficulty of solving subsequent block chains, more and more computer power is required, which some have said could be a deterrent for would-be miners from working on the more difficult block chains. Andresen disagrees with the argument that hardware needs are becoming preventive. “Mining Bitcoins is becoming increasingly energy efficient,” he says. “Bitcoin miners want to pay as little as they can for electricity, so they’re constantly working to make mining more efficient.”
Energy requirements wouldn’t really matter in the grand scheme of Bitcoin production anyways, Andresen explains, as the Bitcoin production process is smart enough to adjust for variations in the miner work force. “The Bitcoin system adjusts itself so that the target number of Bitcoins are created about every 10 minutes, no matter how many miners there are.”
He adds, “The number of Bitcoin miners has almost nothing to do with how quickly Bitcoin transactions are processed, so it doesn’t matter to the Bitcoin system how much energy or how many miners are working – as long as there is one, the system will work.”
The production of Bitcoins isn’t infinite, though. In fact, there is a fixed amount that will ever be produced: 21 million. Although that peak Bitcoin mark isn’t expected to be reached until 2140, the number of Bitcoins generated will begin to taper off toward zero well before that, at which point miners will then be compensated with Bitcoin transaction fees. As the generation of Bitcoins decreases over time, the cost of a transaction using Bitcoins will increase, which these blocks exist to verify. In lieu of transaction fees, though, Andresen postulates that miners could also be compensated by a “more complicated arrangement between merchants that want their transactions confirmed quickly and securely.” One way or another, though, the monetary reward for generating Bitcoins will always be present.
As of this year, over 8 million Bitcoins have been generated. The first block of Bitcoins to be unlocked was completed by Satoshi Nakamoto, who could be considered the progenitor of Bitcoins. As Wired Magazine’s Benjamin Wallace covered extensively in a piece about bitcoins last year, Nakamoto might be best understood as the Tyler Durden of the Bitcoin culture. An effluvium of mystery envelopes Nakamoto as no one is certain of who he is or where he came from or, most intriguing, where he disappeared to following his last public communication near the end of 2010. It’s rumored the name was a pseudonym or that Nakamoto was actually a collective of developers. It’s even been suggested that Nakamoto was a nom de guerre for assorted bodies of the United States government. Nobody knows, and every major player in the Bitcoin industry denies being Nakamoto.
At this point, though, as the Bitcoin system is beginning to become more stabilized and the project is on the cusp of transcending any one person, does the origin of Bitcoins really matter anymore? It’s been around long enough to confidently assess that dealing in Bitcoins is likely not some kind of Faustian gamble. Besides, one of the prominent features of Bitcoins is its near-anonymity of the users who deal with it, a quality celebrated by Bitcoin proponents. If the currency users are mostly anonymous, why then shouldn’t the progenitor of Bitcoins be anonymous, too? If the shoe fits, right? We could all be Nakamoto and none of us would be Nakamoto. To obsess over the origin of Bitcoins threatens to belie the hard work that the currency’s current legion of developers are doing in order to bolster Bitcoins into a formidable, viable option for online commerce.
The Problem With Bitcoins
The Bitcoin has had a tumultuous twelve months. Perhaps its biggest mainstream debut to date happened in June 2011 when Gawker’s Adrian Chen published a piece about the underbelly of the Internet, the Silk Road, where you can buy, among other things, any fashion of drugs (drugs I didn’t even think existed anymore) one desires. Because of the anonymity that accompanies the use of Bitcoins, the Silk Road trades exclusively in the currency. As Gawker’s story was many people’s introduction to Bitcoins, the piece carelessly marginalized it as The Currency for underground drug trafficking on the Internet.
Regardless of Gawker’s oversights, Bitcoins blew up. The value of Bitcoins skyrocketed after Chen’s piece began to circulate and inspire interest in legions of new potential customers of Silk Road. Consequently, Senator Chuck Schumer called for a federal investigation into the Silk Roadin order to hopefully shut it down. Now that the Bitcoin market had attracted the attention of the United States government, the popularity of the currency continued skyward.
The boom was short-lived, though, as it was not an organic and sustainable growth. It was an artificial trend born from a sudden onslaught of sensational media attention that ballooned the value of the currency. Being at the mercy of the public’s caprice, though, the value of Bitcoins crashed back to Earth a month later. By August, it had returned to its pre-Gawker levels.
Five months after the Gawker piece, Wired was preparing the toe-tags for Bitcoins, citing the currency’s sustainability problems and increasing lack of interest in the continued production of Bitcoins.
Andresen concurs that Bitcoins were pushed out onto the main stage long before the system was ready to handle that kind of attention. “We had a press avalanche last year,” he says, “Where the first couple of mainstream articles about Bitcoin caught the attention of other reporters, who in turn also wrote about it, which then triggered even more press.”
He continues, “That was both great and terrible for the project: great because it drew a lot more technical and business talent to look at Bitcoin and start Bitcoin-related projects, but terrible because when people realized that Bitcoin still has a lot of growing up to do, the speculative bubble popped.”
It’s misleading to say that Bitcoins failed because of that popped bubble. True, investing in Bitcoins currently isn’t as profitable as it was for a brief period last year, but that kind of inflation was artificially generated and really should never have happened in the first place. More, it’s probably not the last time the Bitcoin will encounter some heavy turbulence. “I think it is very likely the same thing will happen again sometime in the next few years as other parts of the world discover Bitcoin or it is re-discovered in Europe and the U.S.,” Andresen says. “I expect the wild price fluctuations to diminish over time as Bitcoin infrastructure grows up and speculators start to get a better idea of the real value of Bitcoin.”
That’s Money 101 for you, though: the potent volatility of supply and demand working upon, for better or worse, the unpredictable engines of human interest. Adding to the uncertainty is the fact that, most obviously, people already have a form (if not multiple forms) of currency, which has likely created an erroneous impression for the laity that Bitcoins are a second-class currency.
Then again, Bitcoins were never really intended to launch like an unstoppable money-missile into the future. Nakamoto, Andresen, and other Bitcoin developers have always cautioned investors that Bitcoins should at best be considered an experiment. “I tell people to only invest time or money in Bitcoin that they can afford to lose,” Andresen says. “There are a lot of things that could possibly derail it, ranging from some fundamental flaw in the algorithm that everybody has missed (he doesn’t see this as a likely possibility at this point) to world-wide government regulation (also unlikely, he says) to some alternative rising up and replacing Bitcoin.”
In a way, the story thus far of Bitcoins as an unpredictable investment is the quintessential story of the Internet as a whole. Every prominent company that currently claims a seat among the pantheon of technology giants – Apple, Google, Facebook, Twitter, IBM, et al. – has come into that position due to the rise and fall of previous online ventures. The lessons gleaned from the decline of previous companies like the Myspaces and Friendsters and Lycos is likely the only reason the current generation of tech leaders have managed to prevail for so long. In the end, the diminished presence of these companies is less a woeful tale of failure and more a triumphant testament to how resilient and efficient the evolution of ideas has been on the Internet, especially in such a short amount of time.
With Bitcoins, it remains to be seen if it will eventually be minted as a mainstay in online culture or merely serve as an early milestone in the continuing evolution of online currency. Andresen is optimistic, though, that Bitcoins are here to stay even in light of competing online currencies possibly popping up in the future. “I think to overcome Bitcoin’s head-start, an alternative will either have to have a large company or government backing it and marketing it. Or else, it will have to be radically better in some way,” he says.
“There seems to be a perception that Bitcoin is in a winner-take-all race against other currencies; either everybody in the world will be using it for all of their online purchases in 50 years or it will not exist. I think the online payment world will like our current world of currencies – different currencies used in different places. The online payments won’t be divided by geography, though it might be divided by language or culture or social network.”
As it were, the currency network’s public image may have taken a bruising last year, but the reports of Bitcoin’s demise appear to have been exaggerated.
The Currency of the Future?
For now, the Bitcoin experiment appears to have weathered the Great Media Blitzkrieg of 2011. Bitcoins’ value is once again growing at the organic rate it was intended to grow at. So… to 2140 and beyond, right?
“I’m not even going to try to predict what will happen in the year 2140,” Andresen is quick to say. His focus is more attuned to the more immediate future of Bitcoins. “In December of this year, the Bitcoin will be 4 years old and the number of new Bitcoins produced will be cut in half. I think we will learn a lot when that happens and that will give some insight into what will happen over the years as Bitcoin production slowly drops to zero.”
Like any model of currency, it’d be a risk to really put all of your eggs into the Bitcoins basket. The currency could have long-term staying power. Then again, it could exist as a prototype that ends up producing a more advanced model of online currency and eventually be supplanted by something like a Bitcoin 2.0, for lack of a better term. Either way, some version of Bitcoin will continue to grow and become a part of our future experience with online commerce.
“I think there will eventually be one dominant currency that is used for 80% of worldwide online transactions,” Andresen predicts, “but I think there will always be alternatives. The most likely outcome in my lifetime, the next 40 years or so, is most people will use their national currencies when purchasing goods and services from other people in their own countries but will use something else for international payments.”
Naturally, as Bitcoins continue to evolve, developers like Andresen are working hard at ensuring the private security of Bitcoin users. Andresen says his past six months have been spent building “multi-signature transactions” for the Bitcoin network. He explains the multi-signature security feature as thus: “They are kind of like if you took all of the paper money in your wallet and then tore it in half and put half in your safe deposit box and kept the other half in your house. A robber would have to break into both your house and your safe deposit box to steal your money.”
You’d be hard pressed to find that kind of security with your current stash of cash if for nothing else but because it would be ungodly inconvenient for the consumer, to say nothing of the ambitious thief. Andresen says that’s one of the major advantages Bitcoins will have over our current terrestrial currency: you can conjunctively store your Bitcoins in two places at once so that in order to use them, a person would need access to both storage sites. One location where you might store your Bitcoins could be a secure website run by a bank which acts as the proverbial safe deposit box for Bitcoins whereas the other could be your computer or smartphone.
“To steal your Bitcoins, thieves would have to break into both your computer or smartphone andyour bank. And, it would be impossible for anybody at the bank to steal them without first breaking into your computer.”
The infrastructure for this multi-signature security technology is still in production, he says, but he expects that by the end of this year “there will be easy-to-use, incredibly secure and convenient solutions for storing and spending Bitcoins.”
With that kind of unprecedented level of security, it’s even possible that in the future Bitcoins might become a wise means for stashing your savings.
While the security advances will likely be a strong draw for future Bitcoin investors, perhaps of equal importance to the gradual growth of Bitcoins will be its acceptance as a form of payment with more online businesses, but that’s all in due time. As the reliability and legitimacy of Bitcoins is developed over time, don’t be surprised to see more online businesses begin accepting it. For now, though, the goal is to nurse the Bitcoin economy to a level where it will persevere the next blizzard of media attention the developers anticipate in the coming years. It’s possible Bitcoins may endure another “rise-and-fall” inflation in the future, but hopefully it won’t so easily shake the faith of the masses, at least as badly as last year’s roller coaster appears to have done.
In the meantime and in-between time, reconsider what those figures in your bank account really mean to you. You might see dollars or whatever your country’s currency happens to be, but the reality is that what you’re using these days intrinsically isn’t so far removed from Bitcoins. The Bitcoin experiment may or may not survive to 2140 but even if the Bitcoin itself were to disappear, the very idea of it is powerful enough that the development of an online currency will undoubtedly continue.
Bitcoin is not inherently anonymous. It may be possible to conduct transactions is such a way so as to obscure your identity, but, in many cases, users and their transactions can be identified. We have performed an analysis of anonymity in the Bitcoin system and published our results in a preprint on arXiv.
The Full Story
Anonymity is not a prominent design goal of Bitcoin. However, Bitcoin is often referred to as being anonymous. We have performed a passive analysis of anonymity in the Bitcoin system using publicly available data and tools from network analysis. The results show that the actions of many users are far from anonymous. We note that several centralized services, e.g. exchanges, mixers and wallet services, have access to even more information should they wish to piece together users’ activity. We also point out that an active analysis, using say marked Bitcoins and collaborating users, could reveal even more details. The technical details are contained in a preprint on arXiv. We welcome any feedback or corrections regarding the paper.
Case Study: The Bitcoin Theft
To illustrate our findings, we have chosen a case study involving a user who has many reasons to stay anonymous. He is the alleged thief of 25,000 Bitcoins. This is a summary of the victim’s postings to the Bitcoin forums and an analysis of the relevant transactions.
We consider the user network of the thief. Each vertex represents a user and each directed edge between a source and a target represents a flow of Bitcoins from a public-key belonging to the user corresponding to the source to a public-key belonging to the user corresponding to the target. Each directed edge is colored by its source vertex. The network is imperfect in the sense that there is, at the moment, a one-to-one mapping between users and public-keys. We restrict ourselves to the egocentric network surrounding the thief: we include every vertex that is reachable by a path of length at most two ignoring directionality and all edges induced by these vertices. We also remove all loops, multiple edges and edges that are not contained in some biconnected component to avoid clutter. In Fig. 1, the red vertex represents the thief and the green vertex represents the victim. The theft is the green edge joining the victim and the thief. There are in fact two green edges located nearby in Fig. 1 but only one directly connects the victim to the thief.
Fig. 2: An interesting sub-network induced by the thief, the victim and three other vertices.
Interestingly, the victim and the thief are joined by paths (ignoring directionality) other than the green edge representing the theft. For example, consider the sub-network shown in Fig. 2 induced by the red, green, purple, yellow and orange vertices. This sub-network is a cycle. We contract all vertices whose corresponding public-keys belong to the same user. This allows us to attach values in Bitcoins and timestamps to the directed edges. Firstly, we note that the theft of 25,000 BTC was preceded by a smaller theft of 1 BTC. This was later reported by the victim in the Bitcoin forums. Secondly, using off-network data, we have identified some of the other colored vertices: the purple vertex represents the main Slush pool account and the orange vertex represents the computer hacker group LulzSec (see, for example, their Twitter stream). We note that there has been at least one attempt to associate the thief with LulzSec. This was a fake; it was created after the theft. However, the identification of the orange vertex with LulzSec is genuine and was established before the theft. We observe that the thief sent 0.31337 BTC to LulzSec shortly after the theft but we cannot otherwise associate him with the group. The main Slush pool account sent a total of 441.83 BTC to the victim over a 70-day period. It also sent a total of 0.2 BTC to the yellow vertex over a 2-day period. One day before the theft, the yellow vertex also sent 0.120607 BTC to LulzSec. Theyellow vertex represents a user who is the owner of at least five public-keys:
Like the victim, he is a member of the Slush pool, and like the thief, he is a one-time donator toLulzSec. This donation, the day before the theft, is his last known activity using these public-keys.
A Flow and Temporal Analysis
In addition to visualizing the egocentric network of the thief with a fixed radius, we can follow significant flows of value through the network over time. If a vertex representing a user receives a large volume of Bitcoins relative to their estimated balance, and, shortly after, transfers a significant proportion of those Bitcoins to another user, we deem this interesting. We built a special purpose tool that, starting with a chosen vertex or set of vertices, traces significant flows of Bitcoins over time. In practice we have found this tool to be quite revealing when analyzing the user network.
Fig. 3: A visualization of Bitcoin flow from the theft. The size of a vertex corresponds to its degree in the entire network. The color denotes the volume of Bitcoins — warmer colors have larger volumes flowing through them. We also provide an SVG which contains hyperlinks to the relevant Block Explorer pages.
Fig. 4: An annotated version of Fig. 3.
In the left inset, we can see that the Bitcoins are shuffled between a small number of accounts and then transferred back to the initial account. After this shuffling step, we have identified four significant outflows of Bitcoins that began at 19:49, 20:01, 20:13 and 20:55. Of particular interest are the outflows that began at 20:55 (labeled as 1 in both insets) and 20:13 (labeled as 2 in both insets). These outflows pass through several subsequent accounts over a period of several hours. Flow 1 splits at the vertex labeled A in the right inset at 04:05 the day after the theft. Some of its Bitcoins rejoin Flow 2 at the vertex labeled B. This new combined flow is labeled as 3 in the right inset. The remaining Bitcoins from Flow 1 pass through several additional vertices in the next two days. This flow is labeled as 4 in the right inset.
A surprising event occurs on 16/06/2011 at approximately 13:37. A small number of Bitcoins are transferred from Flow 3 to a heretofore unseen public-key 1FKFiCYJSFqxT3zkZntHjfU47SvAzauZXN. Approximately seven minutes later, a small number of Bitcoins are transferred from Flow 3 to another heretofore unseen public-key 1FhYawPhWDvkZCJVBrDfQoo2qC3EuKtb94. Finally, there are two simultaneous transfers from Flow 4 to two more heretofore unseen public-keys:1MJZZmmSrQZ9NzeQt3hYP76oFC5dWAf2nD and 12dJo17jcR78Uk1Ak5wfgyXtciU62MzcEc. We have determined that these four public-keys — which receive Bitcoins from two separate flows that split from each other two days previously — are all contracted to the same user in our ancillary network. This user is represented as C.
There are several other examples of interesting flow. The flow labeled as Y involves the movement of Bitcoins through thirty unique public-keys in a very short period of time. At each step, a small number of Bitcoins (typically 30 BTC which had a market value of approximately US$500 at the time of the transactions) are siphoned off. The public-keys that receive the small number of Bitcoins are typically represented by small blue vertices due to their low volume and degree. On 20/06/2011 at 12:35, each of these public-keys makes a transfer to a public-key operated by the MyBitcoin service. Curiously, this public-key was previously involved in another separate Bitcoin theft.WikiLeaksWikiLeaks recently advised its Twitter followers that it now accepts anonymous donations via Bitcoin. They also state that “Bitcoin is a secure and anonymous digital currency. Bitcoins cannot be easily tracked back to you, and are a [sic] safer and faster alternative to other donation methods.” They proceed to describe a more secure method of donating Bitcoins that involves the generation of a one-time public-key but the implications for those who donate using the tweeted public-key are unclear. Is it possible to associate a donation with other Bitcoin transactions performed by the same user or perhaps identify them using external information?
Fig. 5: A visualization of the egocentric user network of WikiLeaks. We can identify many of the users in this visualization.
Our tools resolve several of the users with identifying information gathered from the Bitcoin Forums, the Bitcoin Faucet, Twitter streams, etc. These users can be linked either directly or indirectly to their donations. The presence of a Bitcoin mining pool (a large red vertex) and a number of public-keys between it and WikiLeaks’ public-key is interesting. Our point is that, by default, a donation to WikiLeaks’ ‘public’ public-key may not be anonymous.
Conclusion
This is a straight-forward passive analysis of public data that allows us to de-anonymize considerable portions of the Bitcoin network. We can use tools from network analysis to visualize egocentric networks and to follow the flow of Bitcoins. This can help us identify several centralized services that may have even more details about interesting users. We can also apply techniques such as community finding, block modeling, network flow algorithms, etc. to better understand the network.
Feedback
We are excited about the Bitcoin project and consider it a remarkable milestone in the evolution of electronic currencies. Our motivation for this work has not been to de-anonymize any individual users; rather it is to illustrate the limits of anonymity in the Bitcoin system. It is important that users do not have a false expectation of anonymity. We welcome any feedback or comments regarding the preprint on arXiv or the details in this post.
This January 28marks International PrivacyDay. Different countriesaroundtheworld are celebrating this day with their own events. This year, we are honoring the day by calling attention to recent international privacy threats and interviewing data protection authorities, government officials, and activists to gain insight into various aspects of privacy rights and related legislation in their own respective countries.
—
Throughout history, there have been a number of reasons why individuals have taken to writing or producing art under a pseudonym. In the 18th century, James Madison, Alexander Hamilton, and John Jay took on the pseudonym Publius to publish The Federalist Papers. In 19th century England, pseudonyms allowed women–like the Brontë sisters, who initially published under Currer, Ellis, and Acton Bell–to be taken seriously as writers.
Today, pseudonyms continue to serve a range of individuals, and for a variety of reasons. At EFF, we view anonymity as both a matter of free speech and privacy, but in light of International Privacy Day, January 28, this piece will focus mainly on the latter, looking at the ways in which the right to anonymity–or pseudonymity–is truly a matter of privacy.
Privacy from employers
Human beings are complex creatures with multiple interests. As such, many professionals use pseudonyms online to keep their employment separate from their personal life. One example of this is the Guardian columnist GrrlScientist who, upon discovering her Google+ account had been deleted for violating their “common name” policy, penned a piece explaining her need for privacy. Another example is prominent Moroccan blogger Hisham Khribchi, who has explained his use of a pseudonym, stating:
When I first started blogging I wanted my identity to remain secret because I didn’t want my online activity to interfere with my professional life. I wanted to keep both as separate as possible. I also wanted to use a fake name because I wrote about politics and I was critical of my own government. A pseudonym would shield me and my family from personal attacks. I wanted to have a comfortable space to express myself freely without having to worry about the police when I visit my family back in Morocco.
Though Khribchi’s reasoning is two-fold, his primary concern–even stronger than his need for protection from his government–was keeping his online life separate from his employment.
Even Wael Ghonim–the now-famous Egyptian who helped launch a revolution–conducted his activism under a pseudonym…not to protect himself from the Egyptian government, but rather because he was an employee of Google and wanted to maintain an air of neutrality.
Privacy from the political scene
In 2008, an Alaskan blogger known as “Alaska Muckraker” (or AKM) rose to fame for her vocal criticism of fellow Alaskan and then-McCain-running-mate Sarah Palin. Later, after inveighing against a rude email sent to constituents by Alaska State Representative Mike Doogan, AKM was outed–by Doogan–who wrote that his “own theory about the public process is you can say what you want, as long as you are willing to stand behind it using your real name.”
AKM, a blogger decidedly committing an act of journalism, could have had any number of reasons to remain anonymous. As she later wrote:
I might be a state employee. I might not want my children to get grief at school. I might be fleeing from an ex-partner who was abusive and would rather he not know where I am. My family might not want to talk to me anymore. I might alienate my best friend. Maybe I don’t feel like having a brick thrown through my window. My spouse might work for the Palin administration. Maybe I’d just rather people not know where I live or where I work. Or none of those things may be true. None of my readers, nor Mike Doogan had any idea what my personal circumstances might be.
Though Doogan claimed that AKM gave up her right to anonymity when her blog began influencing public policy, he’s wrong. In the United States, the right to anonymity is protected by the First Amendment and must remain so, to ensure both the free expression and privacy rights of citizens.
Similarly, in 2009, Ed Whelans, a former official with the Department of Justice, outed anonymous blogger John Blevins–a professor at the South Texas College of Law–in the National Review, calling him “irresponsible”, and a “coward.” Blevins took the fall gracefully, later explaining why he had chosen to blog under a pseudonym. Like Khribchi, Blevins’ reasons were numerous: He feared losing tenure and legal clients, but he also feared putting the jobs of family members in the political space at risk.
Privacy from the public eye
A friend of mine–let’s call him Joe–is the sibling of a famous celebrity. But while he’s very proud of his sibling, Joe learned early on that not everyone has his best interests at heart. Therefore, Joe devised a pseudonym to use online in order to protect the privacy of himself and his family.
In Joe’s case, the threat is very real: celebrities are regularly stalked, their houses broken into. His pseudonym keeps him feeling “normal” in his online interactions, while simultaneously protecting his sibling and the rest of his family from invasions of privacy.
Achieving anonymity online
Anonymity and pseudonymity may seem increasingly difficult to achieve online. Not only do companies like Facebook restrict your right to use a pseudonym, but even when you do think you’re anonymous, you might not be–as blogger Rosemary Port found out in 2009 after Google turned over her name in response to a court order.
While we should continue to fight for our privacy under the law, the best thing we can do as users to who value our right to anonymity is to use tools like Tor. Anonymous bloggers can use Global Voices Advocacy’s online guide to blogging anonymously with WordPress and Tor. And all Internet users should educate themselves about what is–and isn’t–private on their online accounts and profiles.
Occupy Wall Street has called for a global day of action on October 15, and protesters are mobilizing all over the world. In the United States, the Occupy Wall Street movement has already spawned sizeable protests in New York, Washington DC, Boston, Seattle, San Francisco, Oakland, Austin, and other cities. Several of these movements have faced opposition from their local police departments, including mass arrests.
Protesters of all political persuasions are increasingly documenting their protests — and encounters with the police — using electronic devices like cameras and cell phones. The following tips apply to protesters in the United States who are concerned about protecting their electronic devices when questioned, detained, or arrested by police. These are general guidelines; individuals with specific concerns should talk to an attorney.
1. Protect your phone before you protest
Think carefully about what’s on your phone before bringing it to a protest. Your phone contains a wealth of private data, which can include your list of contacts, the people you have recently called, your text messages, photos and video, GPS location data, your web browsing history and passwords, and the contents of your social media accounts. We believe that the police are required to get a warrant to obtain this information, but the government sometimes asserts a right to search a phone incident to arrest — without a warrant. (And in some states, including California, courts have said this is OK.) To protect your rights, you may want to harden your existing phone against searches. You should also consider bringing a throwaway or alternate phone to the protest that does not contain sensitive data and which you would not mind losing or parting with for a while. If you have a lot of sensitive or personal information on your phone, the latter might be a better option.
Password-protect your phone – and consider encryption options. To ensure the password is effective, set the “password required” time to zero, and restart phone before you leave your house. Be aware that merely password-protecting or locking your phone is not an effective barrier to expert forensic analysis. Some phones also have encryption options. Whispercore is a full-disk encryption application for Android, and Blackberry also has encryption tools that might potentially be useful. Note that EFF has not tested these tools and does not endorse them, but they are worth checking into.
Back up the data on your phone. Once the police have your phone, you might not get it back for a while. Also, something could happen, whether intentional or not, to delete information on your phone. While we believe it would be improper for the police to delete your information, it may happen anyway.
2. You’re at the protest – now what?
Maintain control over your phone. That might mean keeping the phone on you at all times, or handing it over to a trusted friend if you are engaging in action that you think might lead to your arrest.
Consider taking pictures and video. Just knowing that there are cameras watching can be enough to discourage police misconduct during a protest. EFF believes that you have the First Amendment right to document public protests, including police action. However, please understand that the police may disagree, citing various local and state laws. If you plan to record audio, you should review the Reporter’s Committee for Freedom of the Press helpful guide Can We Tape?.
3. Help! Help! I’m being arrested
Remember that you have a right to remain silent — about your phone and anything else. If questioned by police, you can politely but firmly ask to speak to your attorney.
If the police ask to see your phone, you can tell them you do not consent to the search of your device. They might still legally be able to search your phone without a warrant when they arrest you, but at least it’s clear that you did not give them permission to do so.
If the police ask for the password to your electronic device, you can politely refuse to provide it and ask to speak to your lawyer. Every arrest situation is different, and you will need an attorney to help you sort through your particular circumstance. Note that just because the police cannot compel you to give up your password, that doesn’t mean that they can’t pressure you. The police may detain you and you may go to jail rather than being immediately released if they think you’re refusing to be cooperative. You will need to decide whether to comply.
4. The police have my phone, how do I get it back?
If your phone or electronic device was illegally seized, and is not promptly returned when you are released, you can file a motion with the court to have your property returned. If the police believe that evidence of a crime was found on your electronic device, including in your photos or videos, the police can keep it as evidence. They may also attempt to make you forfeit your electronic device, but you can challenge that in court.
Cell phone and other electronic devices are an essential component of 21st century protests. Whether at Occupy Wall Street or elsewhere, all Americans can and should exercise their First Amendment right to free speech and assembly, while intelligently managing the risks to their property and privacy.
For many of us, the Internet is like a puppy—lovable by design and fun to play with, but prone to biting. We suspect that our digital footprint is being tracked and recorded (true), mined and sold (super true), but we tolerate these teeth marks because, for many of us, the Internet is irresistible, its rewards greater than its risks. In a 2011 Gallup poll, more than half of those surveyed said they worried about privacy issues with Google, yet 60 percent paid weekly visits to the search giant. As long as we clear our search terms, block cookies, use antivirus software and see that our social media presence isn’t too social, we’ll be OK. Right?
satellite_hacker said…
