Are you really anonymous on the internet? Despite your best efforts, artificial intelligence and the ever-present surveillance systems around you could reveal your identity and activities to anyone who has access to that “anonymized” data in a practice known as “de-anonymization”.
Your Data Is Valuable
Most of the services you enjoy but don’t directly pay for on the internet make money by collecting and selling data. That data includes everything you do on the internet, tracked by third-party cookies across multiple sites. Other types of data such as location data can also be harvested, and it doesn’t stop there. Finely-grained information about how you interact with digital systems can all be recorded and analyzed.
This data is “anonymized”, which simply means that information that identifies you directly has been removed. That’s stuff like your name, IP address, physical address, and anything similar. What’s left is everything else, which can be used to build detailed profiles connected to an advertising ID.
Re-Identification Is Becoming Trivial
The problem with this anonymization process is that it’s becoming trivial to re-identify anonymized data by cross-referencing it with publicly available information or with information gathered from multiple websites using the aforementioned tracking cookies.
There’s an entire data broking industry that’s sprung up around creating these marketing profiles that can be sold to anyone willing to pay for it. Data brokers were brilliantly explained by John Oliver on an episode of Last Week Tonight.
Imagine having a phone book that, apart from your name, address, and phone number, also tells people your income, health problems, life stage, and much more. Re-identification is so easy that researchers estimate that “99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes”.
De-Anonymization and Cryptocurrency
Apart from the run-of-the-mill data collection that’s happening every day, there’s a special type of de-anonymization concern linked to blockchain technologies such as cryptocurrency. A blockchain ledger keeps a perfect record of every transaction that’s ever happened since the blockchain was created.
Crypto wallets are only collections of numbers without names. and this has led to the belief that cryptocurrency is anonymous. The problem is that transactions on the blockchain can be matched to third-party data that de-anonymizes it. That can include when you exchange cryptocurrency for dollars, when a product you’ve bought with crypto ships to your home address, or anything else where the activity or amounts reflected on the blockchain match something that’s not anonymous.
This is why cryptocurrency mixers and tumblers exist, that perform randomized transactions and shuffle coins into participating wallets, obscuring the trail. Some cryptocurrencies, such as Monero, are designed from the ground up to combat this issue.
However, even if you’re using a strong anonymous coin today, future computing technology may easily decrypt the blockchain, which is indelible. So something you did decades before that point could be uncovered in the future, and if it’s already on the blockchain there’s nothing you can do about it!
What Can You Do?
The first and most effective thing you can do is change the type of software you use to perform internet searches or browsing. There are engines (e.g. DuckDuckGo) and browsers (e.g. Brave) that specifically block tracking cookies and other methods of tracking to prevent data collection.
Apple has a policy where apps have to ask whether they may track you or not. For a blanket solution, you can go to Privacy > Tracking on your iOS device and disable Allow Apps to Request to Track.
The only real negative for you as the user is that you’ll now see random advertising which may be irrelevant to you, but that’s a small price to pay for privacy.
You can also be selective about when and how you block tracking. Limiting it to things you definitely don’t want people to know about you, but being more lenient about facts that you’re not concerned about. For example, you can ask apps in iOS not to track on a case-by-case basis, depending on how sensitive you feel that information is. You could also use a privacy browser (inside a virtual machine, through the Tor network, and with a VPN if you’re really concerned) only for sensitive browsing. Thereby segmenting your online life into public and private spheres.
If you’re really concerned about your smartphone or other devices revealing your presence at sensitive locations, you also have the option of using a Faraday bag, which will temporarily block all radio signals from your phone until you take it out.
As for information that’s already been collected, that’s a tougher issue. Much depends on where you live. In Europe, for example, the GDPR legal framework gives citizens recourse and a “right to be forgotten”, but in the USA this isn’t the case. The most practical thing you can do is control and limit future tracking, until existing information about you becomes worthless.