June 1, 2004
Under the Radar
Would you be embarrassed (or worse) if Websites could personally identify you as a visitor? Well, they can if they have the muscle to subpoena your Internet service provider (ISP). Most people assume that firewalls or general security software — or even turning off cookies — will shield their identities from Websites; you may even put a phony name in your browser. But none of that hides you from the Websites you visit. You give up an Internet protocol (IP) address to get a Web page: part of the IP address points to your ISP and part points to your connection. It’s done behind the scenes and beyond your control.
To combat this, a class of services and software called anonymizers can step between you and the Websites. You type a Web address into an anonymizing Web form such as The Cloak (www.the-cloak.com). The Cloak goes to the Website for you, giving its own address, and then it passes the Web page to you. The Website you visit never sees you.
Software packages do the same thing as Web forms, and software would seem to offer more privacy than going through someone’s Website. But the software is “just routing the connection through an anonymizer to accomplish that, and then you have the same problem,” says Robert Dinse, president of Eskimo North (www.eskimo.com), a national ISP.
Anonymizers also say that they will turn over records if subpoenaed. “The most trusted anonymizers have already been forced by authorities to reveal users’ identity,” says Dinse.
Do you needan anonymizer?
Is the IP address of your connection that big of a deal? If you’re not doing anything that can get you fired or thrown in jail, don’t worry. The Website isn’t going to get your e-mail address; in fact, it will get little more than the identity of your ISP. Your ISP can connect the dots to you if they want to, or are forced to by law. If you’re concerned about spam, avoid FTP sites until you put a phony e-mail address in your browser. “If you connect to an FTP site, your Web browser automatically does an anonymous login and uses your e-mail address as the password,” says Bill Orvis, security specialist with the U.S. Department of Energy’s Computer Incident Advisory Capacity Team. He says that “the biggest reason for people wanting to be anonymous is spam mail.”