Is Internet Anonymity Doomed?
By: Patrick Kiger
It's been 20 years since New Yorker ran this cartoon, which was the origin of the meme that "On the Internet, nobody knows you're a dog." But it's still pretty much true, as we recently were reminded, thanks to the unfortunate recent case of a star college football player whose online girlfriend--stricken tragically with leukemia, or so he thought--turned out to be a fake, perpetrated upon him by an online hoaxster.
But there are more and more signs that Internet anonymity--once heralded as one of the essential building blocks of the online world's freedom-loving anarchistic spirit--is destined to go the way of dialup modems. Instead, we' may be peering into a future in which everybody will be continually, instantly identifiable online, no matter what device you use, or what elaborate layers of ambiguity you seek to fashion.
One sign of this paridigm shift is the news that Google is exploring the possibility of eliminating passwords, and replacing them with identifiable hardware. One way to do this would be pocket-sized USB devices containing cryptographic cards, which users would carry around with them and plug into their PCs (for handheld devices or smart phones, they'd use a wireless NFC connection). As this Wired article explains:
You log into the website, plug in the USB stick and then register it with a single mouse click. They see a future in which you authenticate one device--your smartphone or something like a Yubico key--and then use that almost like a car key, to fire up your web mail and online accounts.
Yubico, which makes authentication technology of the sort that Google is contemplating, describes its vision:
Imagine that you have one single key and one single password to securely access all your Internet life.
Yubico imagines that someday soon, you'll be able to buy an authentication key in a 7-Eleven or on Amazon, just like you would buy a prepaid phone card or gift card now, install it, and use it to replace all of your cumbersome, easy-to-hack passwords. And you wouldn't just have to use it to get to your Google Drive docs. The key would allow you to access your bank, your healthcare records, and all sorts of other stuff. Yubico even evisions you using such a key to log onto an online polling place and cast a vote for a future President.
Yubico is quick to walk things back a bit, and insist that such keys wouldn't be the end of Internet privacy and anonymity; A person could opt to have multiple keys and identities, the company insists. Thus, Internet canines, imaginary girlfriends, exiled political dissidents from repressive countries, and mischevious hacktivists in Guy Fawkes masks presumably could continue what they're doing now.
But I'm skeptical that anonymity is going to survive the synergy of hardware keys and other technological shifts that are emerging. For one, it strikes me that unless we continue to have a society that utilizes fungible paper currency, it would be possible to trace the purchaser of a hardware key through credit or debit card records--and to monitor him or her continuously, even if a person uses disguises such as IP address spoofing.
Add to that the development of technology that eventually could digitally fingerprint every single one of the 10 billion or so computers, phones and other devices on the Internet. This 2010 Wall Street Journal article reported that a California company named Blue Cava might eventually develop a "credit bureau for devices," in which every computer or cellphone will have a "reputation" based on its user's online behavior, shopping habits and demographics.
It's not inconceivable, of course, that somebody will develop a technology that will thwart all of this--or even develop a new sort of communication mode that circumvents the traceable, identifiable portion of the Internet. Not being an electrical engineer, I'm not exactly sure how that might be made to work. But my layman's mind sees something vaguely resembling of Ham radio, in which users would communicate ad hoc, directly from one device to another, without using a network, and deploy some sort of spoofing to block tracing of their physical location. They also possibly could set up an alternative Internet host based on an instant nation set up on an oil platform, an idea that I've written about before.
So what do you think? Is Internet anomymity inevitably doomed? Or are Internet users, in the fashion of the bandit leader in Treasure of the Sierra Madre, going to defiantly insist that "I don't have to show you any stinkin' badges!" Express your opinion below.