Maintaining my ability to one day run for City Council
December 12, 2009 4:45 PM   Subscribe

I'll speak briefly to the MeFi side. Generally speaking, your anonymous questions here are private. That is, I don't know who asks them without looking into the database to figure it out. More importantly I don't care. More importantly than that, we have a general code of ethics here which means we do not tell other people who asked anonymous questions, for lulz or any other reason, it's just not done. So, if you wanted to ask a question about something sexy, scary or creepy, you'd have to worry about maybe three people knowing that you'd ask who are sort of duty-bound to not tell.

And at the end of the day, all we know is that a person with your PayPal address and your IP address [the number attached to your computer when you're browsing the web, rarely uniquely able to pin down your particular computer without someone going to your internet service provider with a search warrant] and your username asked that question. We have users here with no paypal on file [maybe they're old time users or they sent me $5 in lieu of using PayPal] and a disposable email address, connecting with IP addresses that have been anonymized. So, in the absence of law enforcement showing up and saying "Who asked this question?" [which there's a good chance we couldn't do anyhow, and we don't approve questions that would be likely to lead to that scenario anyhow] your secrets are safe here.

That said, the easiest way to maintain pivacy is to keep private things more or less private but also not to care about some stuff. That is, if you smoked pot in high school, that's more of a problem if you're super-secretive about it, than if you're like "yeah I did that, i don't anymore, can we move on please?" the same with sex stuff, same with drugs and other stuff like that. If you read the questions about getting security clearances, the bigger deal is "how could you be blackmailed?" not "did you ever do a bad thing."

So take some care to have a consistent not-you identity. Never link it to your real-you identity [which also has a presence on the web] and try to lead a decent enough life that "dirt" isn't really dirt [i.e. you've made your peace with the things you've done] and that the good way outweighs the bad. People can dig up some shit on me if they want to, I've definitely talked some about my personal life here on AskMe, but they'd have to wade through 3000+ other comments to get to that point. In most cases, this sort of thing is not worth the effort.
posted by jessamyn at 4:55 PM on December 12, 2009 [2 favorites]

Jessamyn,

Has metafilter ever been issued a subpeona to provide information about a user? Just wondering...
posted by HabeasCorpus at 5:16 PM on December 12, 2009

Nope. To the best of my knowledge. I think we've willingly provided it in maybe one case [ebay scammer story - MeMail me for details or search old MeTa] but I don't think otherwise.
posted by jessamyn at 5:27 PM on December 12, 2009

Shortly after the whole Mark Sanford thing there was another mini-scandal in Georgia where a woman who was the head of the "Abstinence only education" for the state got busted for writing sex stories. And then there's the Belle du Jour thing in the U.K.

The biggest risk is that you might slip up and accidentally wreak your anonymity (like Dhoyt's sockpuppet army here on mefi) or that if you confide in someone, they'll bust you.

Furthermore, if you're writing becomes popular it's more likely you'll get busted. If you stay obscure, it's much less likely.

Personally, I wouldn't worry about it too much. Just be careful and don't tell anyone about it, since there's always a chance for betrayal.
posted by delmoi at 7:19 PM on December 12, 2009

I think there's a danger in underestimating technological advances. Even sans moderator intervention, anonymous questions are not necessarily anonymous. The problem is the corpus you leave behind: the set of all text known to be written by you. Pretty much everyone has unique signatures in their writing: uncommon words or phrases you use, distinctive styles of writing, and specific patterns of two or more words. These can be analyzed to determine the most probable author of an otherwise anonymous text from a set of candidates. (This has been used to date primarily for authorship attribution: see for example this paper on the authorship of the 15th Oz book.)

As a MeFi example, a determined computer-science type could:

1. strip all the comments on MeFi to their home computer,
2. sort them into corpora by user and date, and
3. compare all of the anonymous questions to all of the users registered as of the question date, to see who their most likely author is.

This can all be done without any sort of behind-the-scenes knowledge of IP addresses; this could also be applied to any other forum as well, as long as there are consistent account names you post under. I think the dictum that everything you say is public is a good one to live by. Obviously, this also depends on your exposure; if you're small-time, probably nobody will take the effort. (Unless someone develops automated tools in the next 20 years, this effort would require some decent mathematical chops.) If you run for Congress, well...

That said, if you're very worried, it might be worth thinking about social trends. It seems to me that the only "transgressions" you need to be worried about will be the ones proscribed in the future, and you should consider whether what you're thinking of doing will be something anyone will care about in 20 years. (For example, I would be surprised if discussions of, say, marijuana use would raise much of an eyebrow in 20 years.)
posted by Upton O'Good at 10:26 PM on December 12, 2009

Clearly, you won't want to make public any links from your real identity to anything you do anonymously. Posting an anonymous question here creates such a link, but it's buried in the database, like Jessamyn said, and it would take a court order to try to get it out. You can't get a court order for trying to dig up dirt about a candidate. And that will be true for most sites: links will exist between what you post and your true identity, but they won't be accessible to your regular dirt-digger.

Those links are specifically 1) your IP, and 2) your registration information, whatever that is for that site. Your IP is a number identifying your computer to every website you visit, whether you read or post. Sometimes it doesn't specifically identify you, but often it can, and it's safe to assume it will. Your registration information will usually be at least a valid email address, but the rest can easily be faked. In almost all situations, using this information to get from a post back to you will require the cooperation of both the website administrators and your internet service provider (ISP). I'd trust Mefi's admins and most, but not all, other sites'. That's one line of defense. Your ISP is also going to probably require a court order to give up any information about you, so that's another.

Be careful if your ISP is your employer or your school, though. Are you reading or posting from a computer on your business or school's network? In those cases, people who have a fairly direct link to your personally (through the organization) will have access to information about what you are doing online. Most are ethical and will not look at or act on this information; a few aren't. You'll need to weigh that chance against the sensitivity of whatever you are exploring. And again, this is a very unlikely source of information for a random dirt-digger.

Another thing to consider is the potential of links from your anonymous posts back to your real identity. These aren't a huge risk, because people won't be doing any detective work in that direction. If someone is looking you up in particular, they won't know which of the millions of anonymous posts to investigate to try to piece together its information to point to you.

However, if someone were to become randomly curious about something you anonymously post, they could do some detective work and out you without targeting you (your real identity) specifically. To avoid that, keep personal details out of it as much as possible. Maybe you need to describe past relationships to give context to a question, but you don't need to say anything about exactly how long they lasted, when they were, etc. Maybe you need to describe the culture in which you live, but you don't need to say anything about your specific town or city. Don't mention your occupation, your exact age, your hometown, or anything else that could help someone narrow it down.

Be aware of all of these things, but don't worry too much.
posted by whatnotever at 10:36 PM on December 12, 2009

To get onto the practicalities, these are the "traces" you leave behind you when you use a web browser:

• Your IP address goes into the logfiles of the websites you visit.
• You probably use a web proxy set up by your Internet Service Provider, whether you set it explicitly or not. A proxy will record your IP address and the date/time you visit a particular website, and which areas of that website you visit. Since most ISPs handle millions of requests per day, nobody will be actively watching you but the logs are available to law enforcement and other official snoops.
• Your browser stores cookies which can allow you to be tracked over multiple websites, by the website operators or advertisers who are interested in your online habits.
• Web pages and pics will be cached by your browser on your computer's hard disk.
• Your browser will keep a history of the websites you visit, basically an internal log.

You can divide these traces into two kinds:

Local: The ones on your local system which you have complete control over, and
Remote: The ones Out There on The Interwebs Somewhere which are beyond your control once you have made them. That is to say, once you leave your IP address in a website's logfiles, you can do absolutely nothing to erase it. With luck, the log will be automatically deleted by the website operator after a certain time, but you have no guarantee.

So, the best thing to do about the remote traces is not to leave them in the first place. Your privacy kit includes:

• Using the TOR network (via Vidalia) which anonymizes your web-surfing.
• To make this easier, using Tor-Button with Firefox.
• Installing the TACO extension which blocks certain tracking cookies from your browser.
• While you're at it, block Flash cookies as well.

With the local traces, use a setup like this:

• Create an encrypted disk partition using TrueCrypt. This is a secure area of your disk which you can mount as a drive and store files in. With a secure-enough password, only you can get to them when the drive is unmounted.
• Download and install Portable Firefox into that mounted, encrypted partition.
• Install Tor-Button and TACO into that Firefox (not your regular Firefox, if you use it).
• Optionally, use the Firefox preferences to lose your cookies, history and cached files whenever you quit Firefox.

That's the overview, but it does look complex, doesn't it? I don't have time here to go through how to actually set that stuff up and given that you're unsure what a logfile is, I would guess this is unfamiliar territory to you. Even when it's set up, there are still some risks associated with using TOR, for example, so nothing is perfect.

I should probably create an actual HOWTO about all this stuff sometime, although there is information out there if you Google for "Internet privacy". I'll answer MeMail messages if this looks like something you'd like to do :)

[On preview, noting and endorsing what whatnotever says, particularly the bit about surfing from work or school. I manage a school network, and sometimes I find out more than I would like to about a colleague's ... "preferences".]
posted by BrokenEnglish at 5:35 AM on December 13, 2009 [9 favorites]

Stay legal, so MeFi and any other site don't get a subpoena to reveal your IP address. Develop an anonymous id to use online, with a consistent location, birthdate and email address that's not yours. Use that for private activity. Don't do private activities at work or on a work computer.
posted by theora55 at 11:10 AM on December 13, 2009

Upton O'Good: You are way over-estimating the uniqueness of writing styles. Making a conscious effort to write in a 'different way' will probably thwort any attempt at computer matchup.
posted by delmoi at 2:47 PM on December 13, 2009

Well, delmoi, I'll give a caveat that I in no way work in any sort of machine learning, so if I'm perpetuating some specific misconceptions here, I'd appreciate having them pointed out. That said, I only agree with you to a point--as long as you're always making the effort to maintain a different style, then it probably wouldn't be possible to connect you by your writing. However, if you write your anonymous question(s) in roughly the same style as your other posts, then I'd still suspect it may be possible to back out authorship. (This may not be possible with current text analysis tools, but if we're thinking 20 years ahead here it might be worth considering.)

Heck, frameworks for this already exist. Cortex did a simple version of this on word frequency with the now-defunct Word Clouds tool; it was possible in one case to identify a MeFite by the signature of the rare words they used. (Also, it seems like the technology behind MarkovFilter isn't significantly different from what would be required to do some basic analysis on n-grams.) To the OP, then: in addition the other advice given above, write as little as possible, and do it as differently from your normal writing style as you can.
posted by Upton O'Good at 6:05 PM on December 13, 2009

OP: (What is a "server log"?)

BrokenEnglish: Your IP address goes into the logfiles of the websites you visit.

If you want to know what a server log entry looks like, I posted an example on a page I wrote for Scientologists worried about what traces they'd leave behind when visiting a site critical of Scientology (self-link):

p1014-ipad92marunouchi.tokyo.ocn.ne.jp - - [01/Aug/2004:01:04:34 -0600] "GET /SampleContractComments.html HTTP/1.1" 200 31832 "http://www.google.co.jp/search?q=Contract%E3%80%80Paper%E3%80%80Sample&hl=ja&lr=&ie=UTF-8&start=40&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

My server logs are run through a script that gives me a DNS name instead of an IP address, so a meaningless (to me) set of numbers - like

100.200.102.3

gets turned into

p1014-ipad92marunouchi.tokyo.ocn.ne.jp

which tells me the visitor was in Japan (the .jp at the end).

There's more info dissecting that server log entry at the link above, and also at the Wikipedia entry for server log.

(Note: the info on my Scientology site above describing tools for protecting your privacy is horribly out of date. The concepts stand, but use the advice in BrokenEnglish's post for actually protecting yourself.)
posted by kristi at 10:25 AM on December 16, 2009

This thread is closed to new comments.