Helping people with computers... one answer at a time.
Google was forced by court order to reveal the identity of an "anonymous" blogger. It's worth understanding the risks that this implies.
A few days ago, Google was ordered to reveal the identity of an otherwise anonymous blogger as part of a defamation court case. And of course, said no-longer-anonymous blogger is now planning on suing Google in return.
One of the very common topics here on Ask Leo! is, in fact, privacy, along with its companion topics anonymity and security. As a result,I think it's very important that everyone consider carefully what all this implies.
I am not a lawyer, and I'm in no way going to suggest that laws were or were not broken, that one side or the other is right or wrong. This is about understanding what's possible and realizing that the things you say on the internet - even "anonymously" - can often be traced back to you.
•
I get questions all the time about the ability to trace back an IP address to an address, a phone, or a person. My answer: you can't do it. The information that's required to do all that is simply not available to the average consumer. Anyone that tells you otherwise is either lying or misinformed.
But... that doesn't mean it can't be done.
The second half of my response to these kinds of queries is exactly that: "you'd need a court order".
That's exactly what Google was responding to ... a court order. And that's where the blogger lost their anonymity. (I realize that I may be comparing apples and oranges somewhat here: in addition to IP information Google probably had the blogger's account login information to the Google-owned service - blogger.com - being used. That just made the technical steps involved slightly easier for Google. The point and the concerns are the same, regardless.)
So what does all this mean for the "average" person using the internet?
In short: be aware of what you say realizing that you may not be as protected as you think. Not necessarily from any legal perspective - laws can change and can be quite different from place to place - but from a technical perspective.
Let's use an example. Say you post an inflammatory comment here on Ask Leo!. Something that is clearly slanderous or threatening someone, for which you include no information that would personally identify yourself.
That person you've slandered then contacts law enforcement or just hires a lawyer to file suit against you - the "anonymous commenter".
I get served with a court order to release any information pertaining to the comment. I then turn over the server logs that include the IP address from which the comment was posted, and the date and time on which it was done.
The investigators then use that IP address to locate your ISP, whom they then serve with another court order to release any and all information about that IP address on that date and time. The ISP turns over their log information that says on that day and time that IP address was connected to this physical location, or via that telephone number.
That's a simplified case, and indeed sites and your ISP may not have, or may not have kept, the very logs that this back trace relies on, but then again - many sites and ISPs do. You just don't know which. Similarly, if a school or a business is involved, the respective IT department may get involved to narrow the search with whatever logs they have available.
Ultimately, there's a very real risk that with sufficient motivation and resources and with enough legal backing or ambiguity you can be found. Absolute "they'll never find me" privacy is nearly impossible to achieve. You can certainly make it harder using various techniques and technologies, but you're putting a lot of faith in whatever those techniques might be.
The bottom line is simply this: the internet has enabled a level of public discourse that's allowed people to speak out and be heard with ease to a degree never before seen. Not unexpectedly, the boundaries of what is and is not legal and protected, and perhaps even moral, are constantly being tested.
If you're one to push the envelope, realize that sometimes the envelope breaks.
Article C3851 - August 24, 2009
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
The basic moral of the story is that the moment you commit a crime, you lose your privacy. In fact, even if you don't commit a crime you can lose your privacy if a court order inadvertently includes access to your details.
Posted by: Pookey at September 3, 2009 1:00 AMSo, to clarify, it's POSSIBLE, but difficult and often prohibitively expensive. Which means someone would be spending lots of money on subpoenas to identify the source of defamation for potentially little recovery of "damages". Basically, "So sue me for everything I don't own." It just seems to me that it's not all that much risk for a blogger to "talk mean" about someone on the internet, and a lot of expense trying to get even for it.
Posted by: Mike at September 5, 2009 12:20 PMThanks Leo for enlighten me here. Yet, in this regard I would like to give a suggestion. Instead of producing/developing and maintaining Antivirus/AntiSpam/AntiMalware software to fight against intrusions or asign huge and costly human effort to trace back offenders, it makes more sense to me in developing software which does the back tracing with a minimum of human interference and with an automatic result of blocking or forwarding the addressee. Unfortunately, even possible, who pays for it and therefore there's no profit. May be governments would do to protect their community.
09-Sep-2009
Posted by: Lutz Pansegrau at September 8, 2009 8:40 AM
Thanks again Leo, I wasn't aware of that fact. Did the reading about zomie botnets and how they created (Kaspersky, Symantec).
Posted by: Lutz Pansegrau at September 16, 2009 1:40 AMThis article is "old", but I think a comment is merited. To avoid any backtracking, 'Ultrasurf' can be used. www.ultrasurf.us. All internet access using Ultrasurf is anonymized by being routed through their servers, and all data transfers between their servers and your machine are encrypted both ways. Some posts I've seen around indicate that some people suspect that Ultrasurf may be malware, but it is not. See their site.
Posted by: dadwhiskers at May 20, 2012 7:55 AM