Digital Society Forum Digital Society Forum
Dossier 20/04/2015

Obfuscation and personal strategy, or how to play hide and seek on the Web

Even though the odds are stacked against them, online users are not at a loss for tools and strategies for keeping their data private.

One of the best and most popular ways remains the use of pseudonyms, which began in the 1990s on Internet Relay Chat channels (IRCs), discussion forums and then blogs. This system, where online users can create a digital identity to screen their real identity, allows them to talk about topics more openly than they would in "real life." While long seen as part of the Web culture, using pseudonyms is also an approach to identifying and protecting oneself: identification in the sense of using a pen name or artist name, and a form of protection when it can be used as a shield for victims of harassment or for activists under investigation by their country's law enforcement.

However, Web giants like Facebook and Google are pushing back against the use of pseudonyms in the name of a certain level of "transparency." Social networks essentially only work when we can look up friends and family by name. The same goes for employers checking profiles of future job candidates. Add to that commercial uses for profiles that can easily be sold to ad agencies once people's true identities are verified. The big Internet companies are using all these reasons, which are more or less supported, to back their agenda to use actual names. Facebook even encourages people to tattle on "friends" using fake names. Danah Boyd says that behind this "real name" movement lurks "an assertion of power over vulnerable people" and it denies them the right to protect themselves in the name of "I don't have anything to hide."

Google and Facebook recently relaxed their personal identification rules, mainly due to a petition signed by LGBT groups demanding a right for transsexual people to maintain their anonymity. There is an option now to put a pseudonym under your real name and display it, but this is thought to be insufficient. Many online users are also still using fake "realistic" names to fly under the social media verification radar.


All the same, using a pseudonym is not enough to fool the marketing surveillance targeting Internet users. This has prompted the rise of another approach called obfuscation that Helen Nissenbaum, NYU professor of media, culture, communications and computer science, defines as, "The production, inclusion, addition or communication of misleading, ambiguous, or false data in an effort to evade, distract or confuse data gatherers or diminish the reliability (and value) of data aggregations." It was notably used in the Note2Be case in 2008. Note2Be is a an unofficial review website for teachers in France that was hijacked by a group of online users who entered several hundred names of fictitious teachers and gave them the highest marks to skew the rankings and discredit the site. This approach does not delete legitimate data, but rather buries them so deeply that the fake ones are no longer distinguishable. The technique can now be implemented using browser plugins like TrackMeNot, which hides Google searches by burying them in other random searches sent from the user's IP address. Again, the point is not to make yourself invisible to Google, but to scramble the signals of your online profile, thereby confusing the profiling process done by algorithms. It is an effective method, but one seen as unethical because it relies on tricking algorithms and generating parasitic data. Furthermore, obfuscation tactics can also be used to damage or inflate a celebrity's reputation on search engines. Google bombing, for example, where the search results for a word or phrase are changed by generating a large number of documents directing to the same website.

Here today, gone tomorrow

These are methods for scrambling your identity, but there are also ways to take back control of your data by making them temporary. A writer for TechCrunch magazine, Sarah Perez, predicts that in the future the Web will mostly be temporary and signal the rise of a new generation of Internet users. Unlike their parents, who documented their lives on social media, this generation would flee from Facebook to protect their personal lives and opt for an actual right to be forgotten. From 2011 to 2014, over 10 million young people left the social networking site, (!GxCSLAtJcJAPI/) for messaging services outside the watchful eyes of their parents. Running against the tide of leaving digital tracks, there is nothing new about looking for ways to delete data and have a temporary presence on the Web. For example, the website 4chan has been doing this since 2004. The "imageboard" (image sharing forum) is known for being the birthplace of Anonymous and is unique because its completely anonymous discussions only last the time of a conversation; the topic disappears when when everyone has finished talking.

Alongside this, the use of pseudonyms on Twitter, new privacy options for trace-free browsing, the use of virtual currency and the fragmentation of the messaging market are evidence that the desire to remain anonymous online is still alive and well. This is the sentiment that gave rise to new temporary services, the most well-known being Snapchat. Created in 2011, the instant messaging platform is most popular among teenagers. It sends messages and photos that are deleted after a certain time, making it very easy to manage your data. This concept pops up again in trash email systems like 10minutemail that are offering email addresses with a life expectancy of only a few minutes. These systems send messages that are deleted immediately but also generate an account (for an e-commerce site or a comments section on a news site, for example) with no fear of receiving spam afterwards. All in all, while "temporaryness" is an easy solution, Internet users who want to save conversations are already finding ways around it. For example, on Snapchat you can take a screen shot and keep a photo of the exchange.

Encryption and anonymity

All of these strategies and tools offer solutions for protecting privacy, but they are still no match for evading the more advanced surveillance techniques. Hence why you can anonymize your connection data or, as a last resort, use email encryption. In the first case, the browsing software Tor (OnionRouTer) is a prime example. It relies on a user network that generates a set of nodes called a proxy. Instead of going directly from a computer to a server, queries pass through this network that makes it extremely difficult to trace and the connection speed is very slow. What is more, the data are encrypted while in transit, which theoretically adds extra protection if intercepted. Since the Prism case, Tor has seen an unprecedented spike in traffic going from an average of 400,000-600,000 users to over 1.2 million in August 2013 (35,000 to 80,000 in France). The software is used by human rights activists and journalists, but it has a bad reputation primarily because it is the gateway for underground services (websites hosted on untraceable servers) and illegal services like the infamous blackmarket site Silk Road (now defunct).

Less radical albeit just as protectionist, email and data encryption solutions like PGP (Pretty Good Privacy) is offering recipients and senders a good level of confidentiality. That said, they are quite restrictive and require users to have advanced technical knowledge. Fortunately, some security specialists like Frederic Jacobs are working on projects that will make encryption automatic and user-friendly, like open source Whisper Systems that is already installed on the WhatsApp instant messaging program.


To react to this article, I log in I sign up

Be the first to react to this article!

Consult the original sources of this article

Sign up

Join the Digital Society Forum to discuss and react on articles and be informed of upcoming events