Droogie's run-in with the AP contains lessons for us all in an era when Internet privacy and freedom is under attack by both governments and multinational corporations like the AP.
Anyone who keeps a blog, writes a dKos diary or comment, or even sends an email is exposing themselves to possible blowback BECAUSE NOTHING YOU DO ON THE INTERNET IS ANONYMOUS.
Let's repeat: NOTHING YOU DO ON THE INTERNET IS ANONYMOUS.
Below the fold is information about some urban myths about Internet privacy and anonymity. Know the facts so that you can speak out AND protect yourself.
- "Anonymous" email
Most "anonymous" email carries the IP address from which you logged on to the email provider. It's right there in the header. This is true for Yahoo and Hotmail, for example. Gmail is one major "anonymous" webmail provider that does not include your IP address in the header though they do record it for their own records.
This means that when you use your Yahoo mail to send a hot complaint email to AP about Fournier or Droogie, all they need to do is to plug the source IP address into Arin.net. If you've logged on from work, chances are your company's name will appear as the owner of that IP address, and you, my friend, are nailed. It will be no problem for those crafty little AP investigators to get your IT manager's email for "abuse" complaints, provide her/him with a copy of your email, and let nature take its course.
If you sent the email from home, then the IP address assigned by your ISP will appear in the email. Using your ISP's abuse email, the email recipient can ask them for your name and address or demand that the ISP shut down your service because of "abuse."
With Gmail, it's a little tougher for them. Using your email's ID number, they will have to register a complaint with Gmail and asked for the source IP from them. If they're smart, they must only complain that the email was spam and ask Gmail to shut down your account. That's happening with increasing frequency these days.
Also beware of some supposedly high anonymity webmail providers like Hushmail. They happily provided the DEA with 3 CDs full of their clients' decrypted emails without even requiring a warrant from them.
The bottom line:
No email is anonymous unless your IP is anonymous.
- Using proxies
I saw some people recommending the use of proxies in the comments to Droogie's diary reporting the blowback from the AP.
As far as they go, proxies offer some protection, but they are becoming less usable and effective every day.
Proxy servers are servers that merely forward the requests of clients--like browsing requests--to other servers. "Anonymous" proxies perform the additional service of substituting their own IP address for that of the client. So far, so good.
The problem is that "anonymous" proxy servers also attach tags to the packets they forward. These tags, like HTTP_VIA and HTTP_X_FORWARD_FOR, make it obvious to servers down the line that the packets have passed through a proxy server. More and more webmasters are testing for these tags and preventing proxy users from logging on to their sites. Google may shut down your Gmail account if they detect you're using a proxy. PayPal will block your account almost immediately. Membership sites like dKos that ban former members may prohibit proxy users to prevent the banned from logging on using a different username.
The bigger threat for proxy users, however, comes from deep packet sniffing. Office network administrators and ISPs are making increasing use of deep capture to monitor all aspects of their users/customers Internet activity. Since a proxy connection does nothing to protect the privacy of the communication between the client/user and the proxy server, employing deep packet sniffing enables the snooper to record and analyze all Internet activity down to the keystroke level.
A better alternative to "anonymous" proxy is Virtual Private Network (VPN), sometimes called "elite proxy." VPNs substitute the VPN server address for your own, but they don't add the identifying HTTP_VIA or HTTP_X_FORWARDED_FOR tags.
More importantly, true VPN services encrypt the connection between the client's computer and the VPN server. This encryption locks out network administrators and ISPs so that they can no longer use deep packet sniffing.
The bottom line:
To preserve anonymity and privacy, use technology geared to combat the "Surveillance Age."
- Deleting Internet posts and emails removes them
Check your terms of use with providers like Blogger and Yahoo. Files are preserved for weeks, even months after you've "deleted" them. The same is true for membership sites like dKos that allow diaries and comments.
Then there are the cached files on Google and other search engines. As the Chinese discovered, it's tough even for an embarrassed government to scrub its files completely.
Even worse, there are many people and organizations who maintain their own archives of others' sites. Even if you get rid of an old blog, they may keep copies of your posts on their site indefinitely. Sometimes, this is done out of admiration like those who preserved parts of Billmon's old site. More frequently, it's done as part of oppo research to preserve potentially damaging posts for future use as Amanda Marcotte discovered earlier in the year when she tried to "scrub" some of her posts and comments at Pandagon after hiring on to the Edwards campaign.
Bottom line:
Assume whatever you post online will survive at least until the next time you go for an interview for your dream job.
The point of these caveats is not to discourage you from speaking out. The Internet may be the last, best hope of democracy and free speech.
But you are entitled to protect yourself and your family from vengeful corporate and government snoops.
Here are some things you should always be doing:
- Anonymize your Web activity using a quality VPN service that employs respected software like OpenVPN.
- Encrypt communication with trusted friends and associates. All you have to do is add a convenient tool like Enigma to an email client like Thunderbird.
- Don't be careless with personal details in posts.
- Support webhosting services that stand up for free speech like The Ohm Project's like CTyme, our webhost. Without these brave souls, who stand up to RIAA and AP thugs, Net freedom of expression is no more than an abstraction.
- Support organizations like the ACLU and the Electronic Frontier Foundation.
The future of democracy in the world depends on people speaking out to inform and inspire others. Don't let bullies shut down online political discussion, but don't let them ruin your life either.
Be smart. Learn more about how Internet technology works. Use the tools available to you.
Don't let them win.