Sun, 24 Jun 2001

Can you truly be anonymous online?

By Vishnu K. Mahmud

JAKARTA (JP): Some time ago, an Internet portal received a complaint about one of it's classified ad features. It seems that someone had posted an advertisement selling an item for a very low price. They left contact numbers for the office, home and personal cellular phone of a third person, who knew nothing about the ad.

Of course, the surprised party was inundated by telephone calls from prospective buyers. It was not a pleasant experience.

The joker who planted this fake ad thought that the Internet provided a clandestine cover for his illegal activities and was therefore immune to prosecution. There were no laws covering such forms of harassment in cyberspace, or so he thought.

Unfortunately for him, the online portal was unhappy (to say the least) about someone using their facilities in an unethical, if not illegal, manner. The victim felt threatened and harassed using technology that the company had spent months creating. They tracked down the offending advertisement, took it off the net and scoured their server logs.

Not only did they find the time and date of placement of the offending ad, but also the IP (Internet Protocol) address of the user who posted it. Since everyone has a unique IP number online, the suspect was traced to a local Internet Service Provider who then tracked down the user based on their internal logs.

The victim filed a police report, the portal assisted in tracking down the suspect and the ISP provided the evidence. Let's just say that the suspected user is feeling ill at ease using the Internet right now.

Many people believe that cyberspace is an anonymous medium perfectly suited to conducting activities they would never dream of doing in real life. Writing offensive letters, harassing people anonymously or cracking into web sites and network systems are just a few activities its users think they can get away with.

A majority of them do not realize that, no matter what they do, a record exists documenting their actions. Whenever you type in an Internet address, say www.yahoo.com, your ISP server will pass on that request to the yahoo server.

You are, after all, logged into your ISP network to connect to the Internet and therefore subject to their network security protocols. Thus, a log of your IP number, request, time and date could be stored somewhere by the ISP.

Then there are the web crackers (not "hackers" as they are commonly called) who revel in the opportunity to sneak into someone's system or cause general chaos. With the aid of free programs readily available online, they can wreak havoc on other people's computers, networks or servers, based on the victim's unique IP address that can be easily discovered.

If the victim is dim-witted, the cracker may have even installed a virus or Trojan horse program giving him total access to their quarry's network.

But can they be tracked down? With the appropriate software and know how, it is possible. Every connection leaves a trace, which is why the first thing a cracker does is erase the server log. If they can find it. If a Trojan horse program is found, it can be hacked to find out who wrote it and how it works. From there, standard detective work and some forensic science can help.

Should we be concerned? Not really. There are hundreds if not thousands of people who access the Internet every hour. Each ISP will only have a finite amount of space to save their server logs and, so, are more likely to erase records after a set number of days.

In addition, each ISP has regulations to prevent abuse by its users and employees. It all comes down to trust. After all, you trust the waiter at the restaurant when you pay with a credit card, right?

What about security in Internet shopping? Most online stores use Secure Sockets Layer software, which encrypts user information at both ends (our side and the server's) and cannot be read by any other person or server as it travels over the Internet.

Again, each shopping site has it's own policies to deal with user privacy and it is best to read through them. Just make sure they don't sell your name and address to youmustwantthis.com and other spammers.

How can you truly be anonymous online? Thinking about using a cellular phone with a pre-paid phone card? It's expensive and radio triangulation can track down your physical location.

What about satellite Internet access? You would need an up to date paid net account. Thinking about using warnet and other cyber cafes? Witnesses there may remember you and privacy is a premium in some small shops preventing you from doing your deed.

There are a few ways to become invisible online but you would need some technical and programming knowledge. And even then, with the continuous progress of technology, you can never be truly sure if you are indeed concealed.

It all comes down to a matter of trust. However, I always follow the wise words of my ex-boss at the Four Seasons: "Trust is good. Control is better."

The writer is a Web Technology Consultant for a major e-solutions provider. vmahmud@id.mweb.com