When the Internet was formed, it was hard enough to get it to work, let alone secure properly. That’s not to say security wasn’t a high priority, it was just understood entirely differently than it is today: security meant resilience against war.
The Internet’s prime objective in the 1960s was to remain functional even after a devastating nuclear attack. No single point of failure was allowed to exist, and no matter how few computers remained intact after a strike, they had to continue communicating with each other. Anonymity and privacy were not priorities.
Missed Chances
Packet switching was invented in 1968 and deployed over the following years. The process chops information into smaller packets, which can be more efficiently routed along shared data lines than single blocks of data.
As packet switching was deployed, ideas spread on how to encrypt the contents of each package, similar to IPSec (which wasn’t around until nearly 20 years later). Though encryption failed to be deployed for a number of reasons, one being that engineers feared limitations in computing speed would make the early Internet unnecessarily slow and inefficient. But much like today, it was the National Security Agency (NSA) that opposed encryption most vociferously — they feared they could lose out on valuable data, if it were encrypted.
Encryption techniques like IPSec and OpenVPN, today most commonly offered by VPN providers, prevent any snoop on the network from seeing the contents of the data packages.
However, this only protects the connection between the user and the VPN network. It might still be possible to intercept messages on the other side of the connection, be it a website or a peer-to-peer connection.
The Solution: End-to-End Encryption
The most promising way to achieve privacy online is end-to-end encryption, most commonly deployed with TLS (formerly SSL). TLS is now used by sites of all kinds, but is crucial where any kind of identifying or sensitive information, such as passwords, credit card details, or personal information is being exchanged.
Another widely deployed protocol is the Signal Protocol, developed by OpenWhisper Systems, which, amongst other things, encrypts the contents of messages from over a billion worldwide WhatsApp users.
WhatsApp calls are encrypted with this technique too, and the privacy gains are tremendous compared to regular phone calls or text messages, where it is trivial for a moderately sophisticated malicious actor to intercept and alter the contents of a conversation.
Anonymity is More Than Just Encryption
But privacy does not mean anonymity. Even in end-to-end encrypted services there is still plenty of data for an attacker to analyze and intercept. This superfluous data is called metadata, and can be as revealing as the contents of the message itself. An observer of metadata can easily see who you are in contact with and which websites you visit.
It’s not hard to connect metadata. For example, If someone knows that you just got off the phone after a lengthy conversation with a doctor, then saw you connected to Google and before opening a website of a self-help group for cancer patients, your personal medical status is no longer private — even if the call and all of your browsing were made through encrypted channels.
Anonymity Is Important For An Open Society
There are a vast number of potential scenarios where lack of anonymity can become a problem for you, such in cases of addiction, unwanted pregnancies, oppressed faith or political orientation.
When we cannot be anonymous on the phone, protecting the contents of our conversations might be meaningless. The effectiveness of a suicide helpline depends on the confidentiality of the contents of the conversation, but if the existence, time, and duration of a call is easily observable, do the contents still matter?
The range of reasons why metadata needs to remain secret is broad. A free society has to enable people to break out of whatever repressive family or religious structures they might find themselves in. To be effective, organisations that offer help to young homosexuals struggling to find acceptance, or those seeking to escape cults, have to completely disguise those that reach out to them, not just the contents of their conversations.
Hide Your IP
The first step to anonymity on the Internet is to disguise your IP address. While open networks like Tor provide the strongest anonymity, they can be slow and frustrating to use. VPNs and proxy services usually have high speeds, but it can be difficult to find a provider that you trust with your data. If the provider keeps logs or worse, sells user data, your privacy will be hurt.
Beyond your IP address, there is plenty of other information exchanged between your computer and the Internet that can be damaging to your privacy. Cookies and tracking code embedded in many websites, for example from Facebook or Twitter, allow advertising giants to follow your movements across the Internet.
Tech Companies Need To Step Up
There has been a tremendous amount of progress when it comes to online privacy in recent years, some of it thanks to the Snowden revelations that started in 2013. We have regained a big portion of privacy that we didn’t even know we had lost in the years before.
Browsers need to be built for privacy, and not just speed. Google’s Incognito Window made a great first step in making it easy to open a new tab that does not permanently save cookies ort show up in the history, but this affects largely only the local computer. A real incognito window would hide your IP address behind a proxy, block third-party trackers, and prevent even more sophisticated deanonymization attacks, such as browser fingerprinting (Tor is currently the only browser with this capability).
Messaging services like Whatsapp or Telegram have done a great service by enabling us to communicate privately, but by tying the signup process to a mobile phone number, they have made anonymity a de-facto impossibility.
An effective messaging and calling system needs to provide users the ability to reach a service anonymously. To combat spam, providers could charge a small payment to be rendered either through captchas or small Bitcoin transfers, similar to a virtual pay phone.
The organizations whose users rely on anonymity, such as the media, NGOs, and even governmental services need to recognize how essential privacy is and adjust their services accordingly.
British police watchdog Netpoleaks recently created a Tor portal through which anybody can submit information on police misconduct. It’s possibly the first of its kind and serves as a great example of how such technology can be deployed so that even someone unfamiliar with the process won’t accidentally reveal their own identity and become a target for the kind of misconduct they are reporting on.
To build a more open and just society, we need easily useable anonymity tools to become the norm rather than the exception. VPN Software needs to become the bare minimum for anonymity online, and we need to contribute to projects like Tor to better hide our metadata when browsing. Our need for anonymity and privacy needs to be built into our devices, rather than a privilege of the few and tech-savvy.
Read more: Protect Your Online Privacy at All Costs