In my introduction to this series of articles I gave an overview of the broad areas that the series will be exploring. The Article following is the first in our explorations of Technique and Technology in use in Piracy: we discuss anonymity.
There is anonymity of person; and there is anonymity of transfer; and there is anonymity of content. We would say anonymity of person is achieved by one being unidentifiable; of data transfer, by data being untrackable; of data content, to all intents and purposes, we would call hidden data-content encrypted
Simply stated, perfect anonymity means data being encrypted, together with the data handler being wholly unidentifiable and the history of his activities completely untrackable. In the context of the state of current technology we are unable in truth to consider any of these aspects of anonymity in absolute terms. There is available at best a qualified quasi-anonymity. This is what is presently in common use and for the most part it takes its effects by its use of various forms of cryptography.
To date several Technologies have been developed which offer a level of quasi-anonymity in the action of various techniques for file transfer. The most famous of these perhaps, is the Tor which is widely used and allows one’s browsing the web to become relatively unidentifiable and untrackable.
The reason for my use here of the qualifications “quasi” and “relatively” can be instanced by the fact that Tor is notorious for being reasonably easily tracked when its users are not skilled in its proper usage and full potential. There are besides other areas of doubtfulness about the quality of anonymity protection offered by Tor, one major concern to the circumspect being that the entire funding and resources for its original development were provided by the US Navy (see also here).
This means that by intention, Tor is a purpose-built means to anonymity created by spooks for spooks. (I am aware indeed that Tor has been open sourced and that this fact ought to be able to eliminate at least some of the reservations held about its provenance. But for many ‘techies’ like me this mitigation still does not eliminate entirely a cautious doubtfulness concerning its origins.)
Tor’s US Navy origins however, can by some be considered to be its selling point (because, they say, who would know better than an organisation expert in espionage how to hide away data and at the same time cover one’s tracks?) But, conservatively-speaking, I consider there are risks attached to using Tor (in that few persons have sufficient ‘embedding’ for them to attain to the full potential of Tor; few are initiated in this specialist knowledge required to use Tor to optimum effect).
These considerations then cast us out into waters of controversy. I might add that much heat has been generated over these issues surrounding the trustworthiness of Tor.
One other drawback with Tor (because it uses onion routing) transmissions involves one of its design features known as ‘exit nodes’. Tor (and all onion routing) transmissions relay between communicants by using other Tor users’ ports as relay stations. One aspect of these ports when they are being used as relay stations are known as exit nodes. Exit nodes manage requests for data content which is being transmitted. Some users whose computers were being used as exit nodes and so involved during Tor onion routing transmissions have in the past been implicated in legal notifications and threats of action simply because they have been part of this relay path for another user’s transmission.
The National Security Agency (NSA) also uses Tor. In fact it controls tens of thousands of ‘exit nodes’ (and also of Tor’s ‘relay nodes’) across the globe. This means that NSA has opportunity to ‘listen in’ to transmissions and to trace their origins. Even if one’s message is encrypted so that its content is unavailable to NSA, its source and destination would be vulnerable to exposure, should it come under NSA consideration.
However once all this has been said, the concept behind Tor (i.e. onion routing) has real merit as a means of producing an amount of anonymity. Another avenue which has been exploiting the ideas behind onion routing is known as the Tribler project . This project has been especially useful in the field of partially anonymizing a prevalent form of technology used in piracy and called: bittorrent. However Tribler compromises speed of data transfer against any secured anonymity and so involves some deficit in its securing an onion router type anonymity for a web user. But it does not use Tor.
What the future holds for perfecting anonymity is a prospect of incremental improvement, both in the application current various anonymity technologies and in their distribution also. Exactly what and to what extent enhanced anonymity might become available remains not wholly certain.
(We should always bear in mind when we reflect on the future the revelations we have seen in recent years exposing NSA, as well as the Canadian government. These have concerned their – and their allied Nation States – intrusive monitoring of citizens going about daily life. When we use the web we should beware that the world’s security services want to know what we are doing – and that they possess and maintain plenty of ways by which they can figure out how to pry into our affairs).
Nonetheless, in their civilian dress, these improving means for anonymity on the web will certainly pose issues for companies and corporations who are monitoring their products so as to combat piracy etc. In future non-governmental entities like these – especially maybe the small to medium sized enterprises – will be coming up against the basic challenge that handling well the technologies for tackling anonymity will require much more than average expertise. To countermand anonymity at its level best one will need to be exceptional in one’s field.
Whereabouts data is being stored is an issue for anonymity which doesn’t get thought about as often as it ought At present, file downloads are carried on most often via file sharing companies. Such companies host the data themselves in their own virtual space. Because of this they are major sources of content for online pirates.
But there subsists an inherent weakness in this form of data storage, because it works by means of providing centralized, locatable aggregates of data and content. For the enforcer of law as well as for pirates such a set of definite attributes makes identifying an account and a file location very easy. The next step for the enforcer, which is to block the account and the data flow, or to delete it, is remarkably easy.
But what if that storage could be dissipated and made amorphous? But we are getting ahead of ourselves a little now and have begun to move into territory reserved for the next article on piracy and anonymity; that of data storage.