Site Meter

Privacy vs. Security vs. Anonymity

You may also like...

11 Responses

  1. Ken Rhodes says:

    Security + anonymity: Attending a St. Louis Cardinals baseball game. Assuming you’re not from St. Louis, you are very secure and totally unknown to everyone around you.

    Security + anonymity + privacy: A Pittsburgh Pirates game.

    Seriously, though, the first example is quite illuminating, I think. We can achieve security + anonymity by going in a very large crowd of strangers.

  2. Sasha Romanosky says:

    Heh, thanks Ken. ;)

    Sure, that’s a great example: anonymity from the crowd. That’s the basis for a number of privacy enhancing technologies. (And even some computer games like Assassin’s Creed.)

  3. Dean Procter says:

    The puzzle is solved and the diagram isn’t applicable.

    I am not centralised.
    I don’t know who you are.
    I know you are someone.
    I can prove who you are without knowing.
    We share a secret no-one else knows.
    We have never spoken.
    You trust me.
    I know someone who knows who you are.
    They trust me.
    They’ll never tell me.
    You have privacy and are safe, anonymous, authenticated.

  4. Adam says:

    I like the post. I think you should add Obi-Wan’s comment: “Your sister remained safely anonymous.”

    ;)

  5. chr1s shea7s says:

    I do not believe that your definition of anonymity and example of such match. Stealing a laptop, changing your MAC address, using an open wireless network in a residential area that is nowhere near where you live and work, using TOR, and sending an email using a one-time-use email service to send a message to someone -could- be anonymous, if the patterns of speech in your email can’t be matched to previous writing. Oh, and ditching the stolen laptop. Riding a bus is very much an action, and either the passengers on the bus or the camera on the bus will see your physical profile and could later match that information back to you if they so needed.

    I suppose you could wear a ski mask and wear gloves when handling your money that’s given to the bus driver. But you still provide information of your general profile to people that see you.

    I think your privacy and security examples are good.

    Using an SSH VPN to surf the Web, paid for by a stolen credit card through a VPN hosting provider that does not retain connectivity information, could prove to be secure, private and anonymous. 100% security is never possible when juxtaposed to theoretical scenarios. Even the pope in an armored car is not safe from a semi-trailer truck traveling at 100 mph and colliding with the pope.

    Camping in the woods is an action that requires your physical self to work, aka your identity. So I am not sure how camping is partly anonymous. Whatever is anonymous, even in part, requires complete privacy. In other words, anonymity is a super-position of privacy. The other matter is what kinds of information you reveal by not being present. If you go somewhere (like camping) and your friends know that you are not at home when they try to visit you, that information is revealing.

    One rather large problem is that privacy and anonymity are one and the same in many instances. You cannot remain anonymous without privacy, unless you are anonymous to some and private to others. In that case, where you abandon relatively-absolute scenarios, you would increase the complexity of this analysis immensely.

  6. Ken Rhodes says:

    {{Using an SSH VPN to surf the Web, paid for by a stolen credit card through a VPN hosting provider that does not retain connectivity information, could prove to be secure, private and anonymous.}}

    I think you exaggerate. I can go into Best Buy and purchase a brand new laptop for a few hundred bucks cash. The transaction is trivial, and does not require any identification.

    The computer comes bundled with Windows, which includes Internet Explorer, and also a 30-day trial version of MS Office. So I can walk into a Starbucks, plunk down a couple of bucks for a coffee, and sit there surfing the web in total anonymity, as well as pretty good security and privacy. Not to mention, create documents, spreadsheets, etc., which I can broadcast out to the Web in total anonymity.

  7. clarinette says:

    I do like these diagrams. If I could make them 3D, I would add a ‘magnifying glass’ to the first one that would enable the ‘de-anonymisation’ function- I’m thinking of tools such as facial recognition software or geo-location tracking surreptitiously revealing information. Then, stick in the depth of the intersection of the 3 elements to add the ‘control’ function.

  8. Sasha says:

    Clearly this exercise will be fraught with exceptions and nuances, so I caution anyone from taking the examples too literally.

    That being said, if one wanted to be more specific, what you might consider is this: replace the 2D venn diagram with 3 perpendicular axes (x, y, z) where each axis represents privacy, security or anonymity. The scale on each axes could be labeled ordinally from 0-10 or just low, medium, high. (Doing this along a cardinal scale doesn’t seem practical. The purpose is to illustrate that one example provides either ‘more’ or ‘less’ privacy relative to another example, and not to say that it provides twice or three times as much.). You could then do two things:

    For each example or situation described, plot it in this 3D space. The more examples the more points plotted. Soon you might discover a “cloud” of points. What would this shape look like? Does a pattern emerge? If one is plotting examples from their daily activities (i.e. their digital trail) would the ‘cloud’ look materially different between people? If so, how?

    Another use could be this: take a few of the points plotted and introduce some change, either caused by the individual (e.g. a privacy enhancing technology) or the environment (e.g. surveillance). For example, some one starts paying with credit at a retail store but then switches to cash. Certainly this would have an effect on privacy and anonymity (security, too?) and so how would those initial points in 3D space change? i.e. which direction would they move? Applying such changes to a collection of related examples would produce a series of directional arrows, similar to a wind map. There could be many kinds of interesting patterns revealed. For example, does the same change (converting from cash to credit) cause the same directional change in every case, for every person, at all times (i.e. are there dominant behaviors?) Would it be possible to measure the magnitude of these changes?

    I should state again that the exercise may be dependent on one’s definitions of privacy, security or anonymity. And so, the first task, as I mentioned, is to settle on an appropriate definition to suit your purpose.

    If anyone decides to explore this, I’d love to see the results.

    sasha

  9. Stephen L. Robinson says:

    It seems, to me, that the definitions must include context. Key issues arise when you think of, for example, participating in a public protest against a government. You cannot expect it to be private. Indeed, the very reason for it is public. Still, you would hope to receive some protection from being anonymous.

    Is there any right to legal anonymity? Yes … there are whistle blower protections. How far does a right to anonymity go? It depends on context.

  10. I’m not sure this visual representation is a systematicly fair representation of the reality ;-)
    At one point I wonder if you’re just seduced by the idea of integrating theses concepts on to other concepts for the beauty of it (the visual representation tools you’re using). But what’s the point of the demonstration ?
    Cheers !

  11. Sasha says:

    Donnees, I wasn’t trying to be systematic about it. It was just meant to highlight similarities and differences. Nothing more, nothing less.