Thoughts on Privacy, Anonymity and Security

One thing I deal with a great deal in the information/technology  and security field are the very separate concepts of privacy, anonymity and personal security.

Do you think that anonymity and privacy are the same things? Wrong. Do you think that because you are anonymous your information is secure? Wrong There are differences that are important when we want to distinguish what methods you need to protect yourself from attackers and surveillance. Let’s define anonymity,privacy and security. First the definitions:

Anonymity typically refers to the state of an individual’s personal identity, or personally identifiable information; being publicly unknown. Or a condition in which an individual’s true identity is unknown. Read more here

Privacy is usually thought of a person’s right and or ability to control access to his or her personal information. Read more here.

Computer (and ‘information) security primarily means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. Read more here

So anonymity does not equal privacy or security. Let’s see two examples:

In the first example say you are using a proxy server, a VPN service or Tor to surf anonymously (these offer different levels of anonymity). Your true (or should I say ‘originating’) IP address and therefore your identity (computer/network wise) is hidden. Someone who watches the traffic between your computer and the network cannot see your true identity. However, he can see the traffic and therefore gain access to your personal information. In this case your anonymity is safe but your privacy is not. Worse still, your personal data can contain information to identify you so that both your anonymity and privacy are undermined.

In the second example you protect your data using both data encryption and a secure protocol such as SSL. You control who has access to your personal information. The actual packets of digital information are hidden/encrypted and the information therein cannot be accessed. However, if you don’t protect your anonymity an attacker will know who you are. This might help him in password and social engineering attacks or allow a law enforcement agency to force you to reveal your passwords and lose your privacy.

For true online safety, both privacy and anonymity must be secured.

There are literally thousands of more detailed articles available to you by doing a simple search on Google, Bing or Yahoo or whatever on “privacy vs anonymity”. There are guys who’ve written their PhD thesis’ on this subject, so there is obviously loads of information available if you want some greater depth than my simple explanations.

But I just wanted to remind you to do some of the simple things that can mean a great deal.

  • 1st. And foremost get some kind of security software or suite (Symantec, McAfee, Trend Micro, MalewareBytes, Eset, MS Security Essentials etc.) AND KEEP IT UPDATED AUTOMATICALLY!!.
  • 2nd. Keep your Operating System updated.
  • 3rd. Keep your browsers and especially the plug-ins (like Adobe Flash and Acrobat) updated.
  • 4th. Use ‘HTTPS’ on ALL your important communications like email, Twitter, Facebook etc. For Facebook look here. You should also use something like ‘no script’ to ensure https connections.
  • 5th. Clear out your internet cache every time you close your browser. You can set all the common browsers to do this automatically or use one of my favorite tools – CCleaner. There is even a Mac version which I wrote about recently.

It is nearly impossible to be truly anonymous and completely private. BUT you can have some security in both of these with a little diligence and common sense. Read some of my other posts on security for other more detailed information.

Please practice safe and secure computing.