Security Corner

Feb 18 2010   2:30AM GMT

Anonymity and the Internet



Posted by: Ken Harthun
Tags:
anonymity
Internet
onion routing
Secure Computing
Security
Security policy

There’s a faction that believes the solution to all our security woes on the Internet is a universal identification scheme. Anonymity is a bad thing in their book and if we get rid of it, we’ll know where all the bad stuff is coming from. We’ll be able to identify the spammers, the phishers, the source of all the DDoS attacks, malware mongers and the predators who threaten our children. We’ll achieve Internet Utopia!

Only, it won’t work. To eliminate anonymity would mean that every single packet on the Internet be tagged with the identity of the sender. The bandwidth cost would be astronomical, for one thing, not to mention the cost of implementing an infrastructure to certify the identity of every user and computer on the Internet. Besides that, it’s just too easy to re-anonymize a packet. I have to agree with Bruce Schneier’s position in the essay Schneier-Ranum Face-Off: Should we ban anonymity on the Internet? Here’s an excerpt of a key point:

Even if everyone could trace all packets perfectly, to the person or origin and not just the computer, anonymity would still be possible. It would just take one person to set up an anonymity server. If I wanted to send a packet anonymously to someone else, I’d just route it through that server. For even greater anonymity, I could route it through multiple servers. This is called onion routing and, with appropriate cryptography and enough users, it adds anonymity back to any communication.

The push for universal identification on the Internet, besides being an impossible task, is a concept almost as ridiculous as banning the killing of certain animals we use for food on the grounds that it’s cruel.

Well, maybe it’s not quite that bad, but it’s close.

What do you think?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: