I've become increasingly concerned with this topic. Looking back I feel incredibly stupid.
When I was 16, I was 'paranoid' about computer security. I used gpg, would never dream of giving my real name to any website. I distrusted every website.
Now I'm 31, and you can easily find 5 years of reddit comment history linked to my almost unique real name. Facebook has algorithms that can link my face to my real identity. I carry a location tracking device and microphone in my pocket. I sit in front of a camera all day. Google has all my search history. My ISP knows which sites I visit.
It's just incredible how comfortable I became with sharing this data about myself online. I don't know how it happened. My 16 year old self imagined that I'd have had some awesome technological setup that made me immune to tracking. But the truth is I just got used to the possibility of being tracked, and then forgot about it altogether.
But these NSA revelations have woken me up and I'm now back in that paranoid state and actively seeking ways of protecting myself.
I think many people have had the same experience.
For all the talk about the generations of the future being tracked and recorded from birth, I have to wonder if we're the dinosaurs and our kids will be saying:
"Shit Dad, why did you share all this stuff about yourself, are you stupid or something?"
You are oversimplifying. The thing is that it's good to be part of a community. Feels good to use your real name and it's only natural.
Facebook is an awesome service to find old friends, find new friends with the same interests, exchange visual info (sharing your baby's picture with your family) etc.
Being able to sync devices across is awesome. But try that outside Google/Apple and you're against a wall. Of course it can be done, but not for all applications etc.
Thing is that today's technology offers one hell of an options compared to ten years ago. But more than half of those comes with sharing your real data. Not just out of cunning CEO's or the NSA but out of pure functionality: If you don't use your real name in Twitter/Facebook how are other people suppose to find you?
Try keeping contact with friends via email. It's impossible, especially for the tech-unsavvy, while with facebook everything comes easy.
I would like to erase some of my online past, but it's not important. Not that much. What matters to me is:
* Remove all LEGAL powers for someone to harvest, sell, explore your data without me explicitly knowing about it.
* Prevent and heavily punish data abuse.
* Know the system[1]
[1] If you know how a system works (the internet, surveillance, etc) you can circumvent it, anytime. Tor will not help you if you use it to login into facebook. I mean, your enemy will know instantly that you're using TOR, your exit node etc. Being anonymous online, even without someone tailing you it's very hard but it can be done.
The problem with true online anonymity, is that it's not a one-time thing. It's a policy that needs you to be strict. No more forums, new fake emails all the time, registrations, etc. All of us can do that, but are we willing to do so??? I'm not.
We can't turn the clock back in time and undo what we did (except maybe if we are able to travel at light-speed... but that's not the point I guess). We have to focus on how to make governments and companies much more accountable about what they are doing. Many laws need extra elasticity (copyright) while others need to get much tougher (abuse of power by any authority).
Also some advancements at protocol level like user-predefine packet (path) routing, DNS and internet decentralization (away from USA), would not be a bad start.
It's impossible not to over-simplify without writing a 10,000 word essay on the topic.
I'm not advocating disappearing altogether. There's nothing wrong with keeping in touch with my friends on facebook, sharing the odd picture.
I do disagree that it feels good to use my real name. I wish I'd been more careful peppering my various accounts with references to my real name. I'd really love to be able to press a button and have zero results come up on google for my name.
Why on earth should you, random internet stranger, be a few clicks away from finding photos of my baby son on facebook? Who gave you the authority to know so much about me? Well, I did by sharing it in the first place.
Not that I have anything in particular to hide, but I feel very strongly that it should be me who's in control of that data.
I don't think it can be wholly solved by technology or by laws.
I think it can only be solved by behavioural changes in the way we use the web.
In my opinion, user24, I like being publicly linked to everything I say or do online. It means that the "me" that exists online is in perfect harmony with the "me" that exists in the physical world. Anything I do online has repercussions for my offline life, and vice versa. It makes me more connected with the world.
I have to lie in the bed that I make, for better or worse, heh. I'm not trying to sell a philosophy here, though - only state mine. You're perfectly welcome to your own, and I'm not going to think any worse of you for it.
In theory this sounds great, and I try to live by that principle now, but that doesn't mean I'm comfortable having all my instances of viewing adult material, for instance, in my past attached to my public image.
There are some exceptions, to be sure - for example, I don't share (offline or online) when I'm on the toilet, or what the results were.
But in general, if I have an opinion about something, I'm going to publicly and proudly state it - even if I later have to recant. I'd rather admit publicly that I was wrong than hide my views.
I personally felt like the Internet gave us the power of managing several identities, having personas tied to some communities, making it simple to meet new people and yet (sort of) protect our privacy.
Now, I feel like the game has changed and if you want to enjoy anything online, more and more, you'll have to allow access to your life to everyone you ever interact with, unless you spend a lot of time tweaking privacy settings everywhere and live almost like a criminal on the run.
I do not buy the "yeah, but look at all the awesome stuff we've been given in return for our privacy" argument. Not at all.
All the cloud sync stuff is nice, but not that nice. I would much, much rather have to run my own server for backing things up, or just backup locally to different devices, than be in the mess we're in now. We've given up far too much for what amounts, at the end of the day, to convenience.
As for facebook, I'd personally return to the world before it existed in a heartbeat, given the choice.
Strange. I was considered paranoid up to the point when it became clear that I was right all the time. Now I have a kind of "let it go" feeling where I think: your main computer, name, location, interests and so on are probably gone already as well as those of my close relatives. So why bother? I now really think about getting an Facebook and some online shopping accounts...scary ;)
I have an separated and heavy encrypted off-line network for the stuff I really want to keep secret. That won't change ever because seperating data became a part of my life and I can live with that pretty good.
The fact that most of my professional life was very publicly exposed online has now gotten in the way of me being able to land a job. Not because there's anything bad in there. Quite to the contrary. The issue is that you can't dumb-down or narrow your resume when a simple Google search reveals you are far more than the resume says.
Some people are scared (is he after my job?) others are protective (he just wants to get inside to learn the business and then become a competitor) and others think you are over qualified (he's going to get bored and leave in x months).
Short of legally changing your name there's no way to disconnect from your online fingerprint.
At fifty years of age I am in a situation where, after hundreds of resumes over three years I have come to the conclusion I am not employable. It seems my only path will have to be through entrepreneurship. Read my post for details.
Interesting. I'd never have thought of this downside without hearing your story so thanks for sharing.
You say in the other thread that your wife suggested a Bachelor's/Masters but what about MBA or PhD instead? I know of folks who've come into Systems PhDs with diverse backgrounds. I'm sure MBA programs might also look favourably on your experience (though that route probably costs more).
When Georgia Tech widely publicized their online CS Masters program AND they explicitly stated that they'd offer credit for relevant experience I jumped on it. I got in touch with them to learn more. Within days they rescinded their experience-based credit offer and went back to the standard credits-for-classes approach. The reason this was interesting to me (and I am sure lots of others) was that I could fast-track a Masters and then consider doing an MBA either online or in person. That, I reasoned, could possibly open some doors. Not sure. It just seemed that the low cost of the Georgia Tech program coupled with probably being able to pull it off in a year or two could have been worth the gamble.
In general terms, it is disappointing that there seem to be no reputable programs that recognize the value of people's life experience. I've shared some of my code with CS department heads in the process of exploring various options for admissions. A couple came back with praise for the range of work I had done and even went as far as saying they didn't understand half of it. Regrettably that was not enough to work out any deals.
The other aspect of engineering education I despise is the need for credits in non-engineering areas. I'm sorry, I'm fifty years old, I have almost no interest in taking a course in sociology, history, geography or English literature. My self-education was not limited to the technical domain. I've read most of the classics, dozens of business and marketing books and have had skin in the game at all levels for years. I can see asking a 19 year old to take an English composition class as part of the path towards an EE or CS degree. I can't see it as even remotely relevant for people at different stations in life. Just a pet peeve of mine.
I don't think you need to feel too bad about the information you've shared. For me, the real problem is the way that online companies mine, track and record online behaviour. They can stitch together what may seem like disparate online actions to build a detailed profile of your online habits. If they were not able to do this, then sharing so much information online wouldn't feel so uncomfortable. We could be fairly safe in the knowledge that those disparate actions remained unconnected.
Google in particular has its digital fingerprints all over the web. For example, you visit a site with Google fonts and Google records your IP address, then you go to a site that serves the jQuery library from Google's servers, Google records your IP address again. You visit a site with Google Analytics - another log. Then you sign into GMail. Does Google join up all these actions? We don't really know because Google's vaguely-worded privacy policies don't tell you anything.
This is a company that "designs with data" and has an insatiable appetite to track and record as much online behaviour as it possibly can. They now have an entire OS that could potentially track your every action - even when you print to your desktop printer (because you can't do anything in the OS without being signed into your Google account).
Of course, a lot of people don't find this a problem (including people in the tech community). But many other people simply aren't aware of just how easily their online behaviour can be tracked and recorded.
Google are not evil, but no company, be it Google or Facebook, should be able to track and record such vast quantities of online behaviour without closer and more critical scrutiny. But that scrutiny simply isn't happening, particularly from the tech community who give Google an easy ride on such matters.
What is evil? I don't care for the word, but if anything is evil, isn't it making money off of deceit and manipulation (advertising), and then trying to make even more money off of that by disengenuously giving us "free" stuff so that they can secretly collect ever more information about us so that it can be sold?
I've being trying to make this a HN hit for a long time now, and I will try again as it is related to the topic.
The "name-your-price" web comic The Private Eye: http://panelsyndicate.com/ is a great story on a future world where online anonymity became impossible, then people went for real world anonymity, all of us wearing masks and pseudonyms. It is really interesting and entertaining to follow.
I have no connection of any kind with the authors, just a fan of their work. And I really thought HN crowd would love it. But I submitted it a few times and not a single upvote. Ever. Hope to find them some love now.
I'm guessing it's because the only thing I see when I follow that link is the long list of "buy now" buttons. No teaser for the comic, nothing to let me gauge the comics worth... just a poorly designed webpage that only seems to want to part me and my money.
I closed the website after about 3 seconds, and wouldn't even have commented except for your seemingly genuine puzzlement at why someone wouldn't want to read it.
What you are saying make sense, but that's the thing when you are an author trying to bootstrap in the publishing business. You don't get everything right at first. So I forgive the poor landing page because they are very good on what they do best. I am guessing that if this experiment become profitable, for a next series they might improve the marketing skills or hire someone.
It requires thought for the customer to realize they can do that, and thought equals friction in a transaction, it costs you customers.
You could get the same effect without the friction just by offering the first issue free and then putting the "Buy Now" buttons on the following issues. That lets you put the word "FREE" next to one issue, which will indicate to people that it's safe to click on if they're uncommitted. No thought on their part required, which should translate to more downloads.
The book "The Quantum Thief" had an interesting take on this. In one of the communities in the book reality was mediated through strict and fine-grained privacy controls (iirc at a cognitive level, all run somehow by the state.) You could agree to forget a conversation after having it, you could blur your face and mask your voice, that sort of thing.
Recommended reading, if a little difficult at times.
Reminds me of my favorite webcomic Opplopolishttp://www.opplopolis.com both in the sales model and the theme, except that Opplopolis is free-to-read online with a higher-quality paid download option, and it takes a while before the ubiquitous surveillance theme emerges. Even when it does it's still very covert and mysterious e.g. http://www.opplopolis.com/issues/9/15
Tangential, but one frustration with the "name your price" model (depending on how it's presented) is that I have to pay up-front, without knowing what the value (ie, equality) is.
I'll feel obnoxious if I pay $1, but on the other hand, I don't know if it's worth $5. Or, maybe it's phenomenal, in which case I'd be happy to pay $20 for it.
That said, this looks interesting; I've bookmarked it for later, and will probably end up paying for it at some reasonable price.
Overheard in conversation at a security conference a few years ago: for many people, it's probably likely that the fingerprint you leave just by the top ten websites you visit is quite distinguishing.
Given that - on top of all of the 'obvious' linkages that are out there (friends, email contacts, identity cards/numbers, payment methods), it's imaginable that for a 'suitably advanced' adversary, you have to be extremely vigilant if you want to detach your new identity.
The reality for many people (including in modern witness protection, I'd imagine) is that it simply isn't humanly feasible to be that perfect - so you have to trust your benefactors to a certain extent (and assume that no-one will get access to any correlation information they might build).
I read that in the New York Times during the glory years of The War Against Terror. So yes, our friends at the NSA are on to that one already. So you could go to random cyber-cafes in a big city and still be stalked.
Obviously there is no evidence of them having apprehended an al-qaeda terror operative using this technique, mostly because there is no such thing as an al-qaeda terror operative.
However, there is writing analysis too, 'I'd' imagine that they know you use 'I'd' and you might want to start using 'I would' from now on just to foil their systems. Me, I am going to stop using the phrase 'The War Against Terror'...
You could ten years ago. You could give it a good shot now. But in another ten years it's impossible.
We are living in the last age of anonymity.
We're also living in the last age of personalized history. When I tell a story from my teenage years, in the 1980s, I get to tell the story any way I like. After all, it's my memories. Each of us are able to own our version of reality, which was very human and very comforting.
For kids going through their teenage years in the 2020s? Their entire life is just a big dataset: where they went, who they talked to, what they said, how their opinions evolved. Not only can they never leave their old life because of hueristics and fingerprints, they can't even enjoy their own version of how their life went. That's a major change in the nature of what it means to be human.
The biggest problem is probably going to be preventing other people from putting you back on it (tagging you in photos, writing about you etc.).
I recently went through the Google listing for my name and found dozens of profiles and sites I couldn't even remember signing up for. I was able to get most closed successfully. One site I had particular issues with was FriendFeed. I believe I signed up with my Twitter account, which I have since deleted. In otherwords I can't sign in to shutdown the FriendFeed profile. It also seems impossible to get in touch with them so that profile is stuck on the web when I would rather it wasn't.
Once you remove yourself from the first few pages of Google (time consuming but not difficult) your online life is invisible to most people. The only people that will find anything are those that really dig.
P.S. If anyone knows how to get my profile removed from FriendFeed when I can't login please let me know :)
The interesting thing about the answers given there, is that they seem to assume you can only have one identity at a time. Why not simply have multiple identities?
Anonymising yourself then simply becomes a matter of picking a new name for yourself and never telling anyone what it is and never doing anything under that name. It's a pretty useless form of anonymity of course, but it does suggest that anonymity itself isn't really particularly useful.
Perhaps anonymous acts are what are really desired? The question of how to act anonymously might provide different answers.
The problem is the ease at which the various identities can be identified as belong to the same person.
Very few people have the kind of processes that really protect that online personas from being uncovered.
It's non-trivial to ensure that you always associate cookies , IP addresses, browser signatures, behaviour... with one persona and yet never ever leak that to another.
Bear in mind that computers are so precise in their work here that you only need screw up once to burn that persona forever.
Pseudonymity is achievable, but unless you say nothing and participate in nothing anonymity is incredibly hard to achieve for a single persona.
Anonymity is exponentially harder to achieve when you have multiple personas.
And this is before you get into face recognition of photos, language analysis, gait analysis etc all attempting to to the real you from the very things that are harder to fake.
> Disinformation is intentionally false or inaccurate information that is spread deliberately. It is an act of deception and false statements to convince someone of untruth. Disinformation should not be confused with misinformation, information that is unintentionally false.
> Unlike traditional propaganda techniques designed to engage emotional support, disinformation is designed to manipulate the audience at the rational level by either discrediting conflicting information or supporting false conclusions. A common disinformation tactic is to mix some truth and observation with false conclusions and lies, or to reveal part of the truth while presenting it as the whole (a limited hangout).
> Another technique of concealing facts, or censorship, is also used if the group can affect such control. When channels of information cannot be completely closed, they can be rendered useless by filling them with disinformation, effectively lowering their signal-to-noise ratio and discrediting the opposition by association with many easily disproved false claims.
yes, that's the way I would do it, use pictures of people that looks like you, start tagging yourself in such pics, also change your online behavior gradually, create several online alter egos, and try to erase your old online presence, after a while the online information about you should be worthless.
> Shops know what you buy in what amounts, because nobody buys all the same brands you are getting fingerprinted constantly. This is used for targeted advertising, but it can also theoretically be used to track you.
I live in france and I wonder if this is even legal here.
Even if you change you name, if you start buying some sort of the same combination of grocery article, it can lead back to you if they do some statistics on every people shopping on the globe. Even if you use cash, they can still know that someone bought the same combination of articles somewhere.
Not using a smartphone will reduce how you're located. A classic GSM phone can still be located being around a cellphone tower (and more precisely by using triangulation, but it's painful), but smartphones have a tendencies of communicating your GPS coordinates, which allows to track everyone's location at the same time. The amount of hardware required to store all that information must be quite astronomical, but still, a latitude and longitude will be precise and just take 16 bytes at most, which is ridiculous.
This is quite an interesting topic. For me, the thing is, I have no idea what I am going to be up to in the coming decades. What if I want to serve in some local comminity position? Or create my own company? All of the sudden, that hasty from-the-hip comment I posted to a forum years ago might actually matter. I find it quite tiring to stress over my online "brand". Locking down my Facebook profile has helped, I will say. Using my real name on HN, especially as someone recently trying to pivot into web dev, has definitely affected the way I post. I am more considerate, which is good. But I also self censor more.
The never-forgetful nature of the web definitely changes things.
It all really comes down to how far you want to take anonymity.
I think the first thing to do is dox yourself, and methodically go through the websites and both change all info to random unrelated information, and then delete or deactivate, whatever is possible.
The next step without taking drastic measures such as new identity, is to simply stop using the internet.
And remember to not be included in digital pictures.
The abstinence from the internet is what I think is the hardest part, especially if the internet has become an integral part of your life.
That means not owning a cell phone. Maybe not using a phone at all. Even possessing a land line or using pay phones might not work.
You also need to use cash. But possibly only make withdrawals directly from a human bank teller, and not an ATM. You'll still show up on bank cameras though. Maybe check cashing and pawn shops is the way to go. Just having a bank account could be problematic, because oft he transaction register.
Using paper cash, you'll still have to consider serial numbers on bills as clues in the long run. Like it or not, the paths of exchange that bills follow can be traced to a degree, using the same imaging software that post offices use on mail, and banks use on paper checks. It's not as reliable for the smaller bills, but for larger denominations, they tend to take short paths exiting the bank (mostly via ATM) and then immediately returning to the bank through business deposits.
So even if you float through space, absorbing all light like a black hole, your gravity will still influence the light-emitting bodies around you.
Even if someone can successfully go "off the grid" never using a cellphone or computer, and paying for everything with cash you keep stuffed under your mattress, mentions of your name and images of you will inevitably appear in others' emails, Facebook posts, and whatever else.
In addition, eventually with facial recognition and the high density of security cameras, going anywhere other than the middle of the nowhere will be building a database of your movements.
This is all more than enough to build an accurate profile of you.
I think that the question is "How can I mitigate the risk my online identity poses?"
Once on the web I dont think you can get off, the tag I use on HN is one I have used for years, but in those past years I was always a lurker almost never ever commenting (until recently). Now when I search my tag on google HN comments come up, my NSA comments could label me as anti-govt, but thats not the case.
Without going RMS I dont think you can really get off-web if you still want to use the internet in any fashion.
You know the answer might be to, you know, not worry about it? I mean it's a two part process (1) are people coming after you with the internet? If no, then (2) pay some attention to your local politics, be wary of advocating for discriminatory policies when it suits you, and remember no man is ever an island.
If yes, well, you kind of did the wrong thing posting on StackExchange about it.
The hard part is that in the next decade or so, there is going to no longer be an "off-web".
Your face, walk, voice and probably the pattern of places you go and the smell of your breath will be just another set of tracking cookies for which you will be unable to switch browsers to be rid of.
then get a fake identity in the same ways that have been possible for hundreds of years now...
that big trail of data on the internet is useless if it points nowhere.
what i never understand is why anyone wants to do this unless they want to do something wrong and get away with it. i also think we all collectively need to get over privacy - if its not about being caught out doing wrong things then all you get is embarassment potentially? i'm not sure i really understand...
i had to fill out a voter registration form recently, its a legal requirement and there was a big part of me that wanted to not do it on principle. however, weighing up the advantages of being a legal member of society over not quickly changed my mind...
This brings up an interesting question: who are you on the web anyways? Take my case: I have never signed up for a social networking account on the likes of facebook, myspace, etc. I just don't like to give up that much control about my personal information. To me, just putting it out there, even without the govt snooping on it is giving up WAY too much control over it. Many websites I used to visit have become "social" over the years though but no matter, I don't use my real name there, or real personal email account. On my android phone I purposely created another gmail account, not linked to my real personal one. I have avoided google+ like a plague and I have seen first hand how nuclear they have gone in order to make people enable the goddamn + account. But the question still remains, who am I online? I'm still signing up to sites and email accounts that even if they don't represent the whole picture they still have parts of it. It struck me that it may not matter if those accounts don't particularly link to my real name: it is still me doing all that stuff online. Am I just my name or what I do? (Google probably doesn't care that much about my "name", they're still getting a lot of information from "me". To them all of us are probably just a unique ID on their servers.
I'm not a tinfoil hat kind of guy or anything like that. My efforts are still limited by the convenience of the internet once you sign up to the many services available. People somewhat skilled in tracking people online can probably still track the real me: just because I haven't made much effort in actively learning all I would need to do in order to really hide myself online. I still think that I at least have mitigated it a bit so that not any Joe Schmoe can track me.
First I couldn't review apps on the play store, now I can't comment on youtube wtf?? but still, you will have to do more than that to get me on, google. I still think that they will end up forcing everyone to g+ in the end, at that point I will seriously consider just leaving google altogether.
You can't erase what you've already done online. Moving forward, you could live like a person from 1950. No mobile phone, no internet, pay cash for stuff. That's about as close to anonymous as you can get, if it's worth the pain.
It's probably easier to change your offline identity. Bureaucracy can be dealt with, plastic surgery results are in continuous improvement... And you can even start a new family, damnit.
When I was 16, I was 'paranoid' about computer security. I used gpg, would never dream of giving my real name to any website. I distrusted every website.
Now I'm 31, and you can easily find 5 years of reddit comment history linked to my almost unique real name. Facebook has algorithms that can link my face to my real identity. I carry a location tracking device and microphone in my pocket. I sit in front of a camera all day. Google has all my search history. My ISP knows which sites I visit.
It's just incredible how comfortable I became with sharing this data about myself online. I don't know how it happened. My 16 year old self imagined that I'd have had some awesome technological setup that made me immune to tracking. But the truth is I just got used to the possibility of being tracked, and then forgot about it altogether.
But these NSA revelations have woken me up and I'm now back in that paranoid state and actively seeking ways of protecting myself.
I think many people have had the same experience.
For all the talk about the generations of the future being tracked and recorded from birth, I have to wonder if we're the dinosaurs and our kids will be saying:
"Shit Dad, why did you share all this stuff about yourself, are you stupid or something?"