0

There are various technologies for anonymity online, most notably TOR, but also I2P and VPNs, as well as simply using one-shot email addresses.

What are the specific use cases for anonymity? I'm not concerned about the morality or legality of the use cases, but I do want specific cases. So "selling contraband online" would be ok, but "doing illegal stuff" would not be specific.

Some ideas to get you started:

  • Whistleblowing, where the whistleblower doesn't trust the authority they are reporting to.
  • Discussing personal issues in public forums (e.g. drug addiction rehab).
  • Selling contraband online

This question was inspired by LamonteCristo's question.

paj28
  • 32,906
  • 8
  • 93
  • 130

1 Answers1

1

I start off by giving general cases, but then use specific examples for each case.

Protecting Personal Information:

Virtual Private Networks ("VPNs") and proxies are most commonly used to encrypt traffic and hide one's IP address.

There are two main reasons why others would want to use them:

  1. To access or use a service that would not normally be available to them

    • Example: Jonas lives in Germany and wants to watch a music video on YouTube. However, when Jonas clicks on the video, YouTube displays a message that the video is only available in certain countries because of copyright issues. To watch the video, Jonas connects to YouTube through a proxy server located in America.
  2. To prevent others from recording their actual IP address (a legitimate concern at times, not always paranoia or to get away with cyber crime)

    • Example: John is a married man, but he is not so faithful... He uses Ashley Madison to find friends (if you would call them that). John used a random alias and email when he signed up, but he also only connects to the website through a VPN. When John learned that Ashley Madison got hacked, he was not so scared.

Check out this CBS article on data brokers, it does a decent job of explaining how the personal information that you use to sign-up on various websites and services is sold.

You can easily avoid having your personal information sold by simply using fake information when signing up. Just make sure that you are using fake information, not valid information that actually belongs to someone, even if it is a stranger.

Using TOR or I2P:

While many use TOR and I2P to help protect personal information and to safely browse the internet (myself included), a good number of TOR and I2P users are cyber-criminals. We can use TOR/I2P "illegal" marketplaces as an example. In theory, criminals can buy and sell items such as 0day exploits, credit card numbers, weapons, and drugs while remaining anonymous using Bitcoin. Law enforcement cannot find hidden service IP addresses without using some type of exploit. If they were to gain access to the hidden service, they would most likely just shut it down because unmasking it's users could prove to be a difficult task.

Using Numerous Random Emails:

As far as using "one-shot" email addresses, it is not really that bad of an idea. Here is a great example of why it is, in fact, a good idea.

Alice uses one, main email for everything she does including but not limited to social media, paying bills, receiving transcripts of tax returns, sending scans of personally identifiable items such as her social security number and driver license, and online shopping. She used an extremely, insecure password while signing up and never bothered to change it. Not to mention, Alice never deletes her emails. Her email is eventually compromised after five years of use, and the attacker now at least knows the following about Alice: full name, date of birth, address records, phone records, mother's maiden name, social security number, federal ID, state ID, driver license number, driver license issue date, driver license expiration date, private social media messages (private and direct messages), full credit card numbers along with their expiration dates (Amazon shows you the credit card issuer, last 4 digits, and expiration date while a credit reports shows you everything except the last 4 digits) , and everything that was in Alice's "sent" folder. Alice now has a huge mess to clean up.

This could be avoided by making an email for each type of online activity.

Bob does a lot online, in fact, he does everything that Alice does (paying bills, shopping, and receiving important documents in his inbox). However, there are quite a few differences between them. Bob uses five different emails while Alice only uses one. Instead of using an insecure, single password, Bob uses a different, secure, randomly generated password for each email. He writes the passwords down in a notebook, so that he does not forget them. Bob also deletes all emails that receives, if he needs to save something, he downloads the email/attachment or writes the important information down in a notebook. Even if an attacker did somehow gain access to one of Bob's emails, they would not find anything because Bob is smart and deletes his emails.

  • Thanks for taking the time to answer my question. Not exactly what I was after, but some interesting thoughts. – paj28 Aug 10 '15 at 08:50