The Anonymity Myth

by zunguzungu

I came across this in Paul Schwartz and Daniel Solove’s “The PII Problem: Privacy and a New Concept of Personally Identifiable Information,” and thought it was worth passing on, since I’m not doing that much real blogging these days:

There is common myth about anonymity on the Internet. Many people believe that anonymity exists for most situations when one surfs the Web or engages in behavior in cyberspace. The “anonymity myth,” as we will call it, is this incorrect assumption that as long as one does not explicitly do something under one’s actual name on the Internet, there will be safety from identification. In other words, there is a false belief that the default for most Internet situations is anonymity. The assumption sometimes takes the form of a belief that so long as a person does not supply her name to a given website, then it is possible to surf it anonymously. An additional belief is that if one does not provide specific identification when posting a comment to a blog or social network website, or if one relies on a pseudonym, anonymity has been secured for such behavior. Despite the fact that it appears so easy to be anonymous online, this anonymity is only as protective as a veil over one’s face that can readily be lifted.

At its most basic level, the anonymity myth stems from a mistaken conflation between momentary anonymity and actual untraceability. It is easy to communicate online or surf the Web without immediately revealing one’s identity, but it is much more difficult to be non-traceable. Whenever one is online, a potential for traceability exists. In this section, we wish to explore a threshold issue, one at the entry to cyberspace, which contributes significantly to traceability: the IP address…

The IP address is a unique identifier that is assigned to every computer connected to the Internet. Due to the shift from dial-up to static IP addresses, Internet Service Providers (ISP’s) now have logs that link IP addresses with particular computers and, in many cases, eventually to specific users…A pro-anonymity aspect of dial-up Internet service is its dynamic assignment of a new IP address to a customer’s computer every time that she connects to the Internet. As a consequence, many customers share a single IP address at different times over the course of a single day. Moreover, ISP’s typically do not retain records about dynamic IP use for more than a few weeks. The result is that identification of any specific person through an IP address is relatively unlikely.

Starting in the last decade, however, the majority of people on the Internet began to access it through high-speed services, such as cable or DSL. The positive aspect of such broadband access is to permit a wide range of activities in cyberspace, including multi-media and virtual worlds. These experiences would be impossible at dial-up’s glacial rate of Internet access. On the negative side, broadband connections generally are based on static IP addresses that do not change. A long-standing DSL or cable account will have the same IP address for years. In the current age of broadband, where an IP address is statically assigned to a particular computer, the overall capability for identification of users is greatly enhanced. The threshold of cyberspace is now marked in a new fashion.

The identification of a seemingly anonymous Internet user can easily follow from an IP address. Connection to a website requires a browser to share an IP address, and look-up tools available on the Internet permit certain information to be revealed about the IP address. The details include the hostname, geographic location information, and a map. To be sure, IP addresses do not directly identify a particular person. Their function is to create a link to a specific computer to allow that computer access to the Internet. [But] IP addresses can also be readily linked to individuals who post information online.

In one notable example, an anonymous person wrote defamatory information in a Wikipedia entry for John Seigenthaler, who had been an assistant to Attorney General Bobby Kennedy during the Kennedy Administration. The anonymous person wrote that Seigenthaler “was thought to have been directly involved in the Kennedy assassinations of both John, and his brother, Bobby. Nothing was ever proven.” The incident gathered national attention when Seigenthaler wrote an editorial in USA Today condemning the defamation. As it turned out, Wikipedia had maintained the record of the IP address listed for the person who posted the contested information in the Seigenthaler biography. A third party who read about the incident was able to obtain the IP from Wikipedia and use IP lookup software to trace it to an address of a company in Nashville. The revealed hostname was for a delivery company in Nashville. A New York Times reporter then called the company, and this additional publicity, as well as the likelihood of an internal company investigation, prompted the person who wrote about Seigenthaler to confess, apologize, and resign from his job.