Saturday, February 27, 2010

Pseudonymity is Hard: Why Your Secret Virtual Identity Has Never Been Safe.

While I reveled in a year of high-profile virtual pseudonymity, the human behind the scenes often felt like a fugitive. Constant vigilance was required to mitigate the risks of inadvertently revealing clues online that would connect the two identities. One slip and the game could be over.

It doesn't take the proactive work of hackers or stalkers to blow your identity. As with most computer issues, user error is the most likely source of a problem. Here are a couple of easy ways to shoot yourself in the virtual foot:
  • Sending a social network status update from the wrong identity.  I hate to admit it, but I made this careless mistake a few times. And the tweets weren't vague, but announcements of new blog posts. Fortunately, I noticed immediately, deleted the tweets and no one was the wiser.
  • Typing in the wrong chat window. I suspect that most of us have made this mistake. I've been lucky. The half dozen times this happened resulted in nothing more than a little embarrassment. 
Outside of such errors, there are many of ways to expose clues to your identity in day-to-day web surfing. Every time you view a website, information about you such as your IP address, the link you clicked to reach the site and your Internet Service Provider is passed along and probably logged. This is a problem when the information can be connected to your identity, such as in the case of the Plurk Hole I wrote about back in September, 2008.

Peter Stindberg wrote today about a similar security hole exposed by the new media sharing feature of the Second Life client. The really insidious part of this particular "feature" is that your IP info can be pulled by just passing in the vicinity of the shared media. And someone with even a small amount of know-how can easily tie your avatar identity to the the IP-related information.

Truth is, there is no absolutely certain way to hide your identity. The more active you are with a pseudonymous identity and the more you extend it through multiple social networks, blog commenting, etc., the more risk you take that someone will gather enough nuggets to make a connection.

Personally, I always assumed my pseudonymity would eventually be compromised. I therefore chose to do nothing under the Botgirl identity that would negatively impact my human identity if it were ever revealed. Unfortunately, for some people, merely exposing the connection between the identities would cause harm.

Outside of constant vigilance, you can reduce (but not eliminate) the risk of identity exposure by using a software program such as Tor or Anonymizer that can mask your IP address and other tell-tale information.

Anyone else have tips on safe identity surfing? Or horror stories?

No comments: