Researchers Can ID Anonymous Twitterers

← Back to Stories (view on slashdot.org)

Researchers Can ID Anonymous Twitterers

Posted by timothy on Thursday March 26, 2009 @10:48AM from the 140-shady-characters dept.

narramissic writes "In a paper set to be delivered at an upcoming security conference, University of Texas at Austin researchers showed how they were able to identify people who were on public social networks such as Twitter and Flickr by mapping out the connections surrounding their network of friends. From the ITworld article: 'Web site operators often share data about users with partners and advertisers after stripping it of any personally identifiable information such as names, addresses or birth dates. Arvind Narayanan and fellow researcher Vitaly Shmatikov found that by analyzing these 'anonymized' data sets, they could identify Flickr users who were also on Twitter about two-thirds of the time, depending on how much information they have to work with.'"

108 comments

Min score:

Reason:

Sort:

Who promised? by plover · 2009-03-26 10:52 · Score: 4, Insightful

Who ever promised this data would be anonymous? Do you really expect privacy when posting personal stuff on line, even if you don't sign your name in advance?

--
John
1. Re:Who promised? by Anonymous Coward · 2009-03-26 11:03 · Score: 0, Funny
  
  Fine, who am I?
2. Re:Who promised? by vux984 · 2009-03-26 11:05 · Score: 5, Informative
  
  Who ever promised this data would be anonymous? Do you really expect privacy when posting personal stuff on line, even if you don't sign your name in advance?
  1) People still assume that if don't sign their name on the internet then its anonymous. People need to be educated otherwise. Articles like this help.
  2) While a lot of people are still grappling with #1 above, there are a lot of more sophisticated people who need to learn that even if they ARE behind 7 proxies, using tor, ssh, on a hacked wifi they are accessing via a pringles can-tenna from across state or even national lines... and then use that super anonymous connection to participate anonymously in 'social networking' sites like twitter, facebook, etc... even if they never reveal a single personal detail about themselves, their place within the social network itself can be reliably used to unmask them once they've had their anonymous account linked to real friends.
  People REALLY need to be educated about this.
3. Re:Who promised? by Anonymous Coward · 2009-03-26 11:07 · Score: 1, Funny
  
  or me?
4. Re:Who promised? by Niris · 2009-03-26 11:08 · Score: 2, Informative
  
  David.
5. Re:Who promised? by Anonymous Coward · 2009-03-26 11:09 · Score: 4, Funny
  
  Clearly, you're both me.
6. Re:Who promised? by CannonballHead · 2009-03-26 11:10 · Score: 1, Insightful
  
  So, to be anonymous, I need to get behind 7 proxies, use tor and ssh on a hacked wifi that I'm accessing via a pringles can-tenn from across state or national lines and make sure that all of the social network connections I have are to similarly protected people (behind 7 proxies, use tor and ssh on a hacked wifi that they are accessing via a pringles can-tenn from across state or national lines).
  ;)
  That said, I agree. =D
7. Re:Who promised? by mail2345 · 2009-03-26 11:13 · Score: 1, Interesting
  
  I'ld prefer chain wi-fi hacking.
  
  Have a worm infect and propagate via weak passworded/WEP routers.
8. Re:Who promised? by Anonymous Coward · 2009-03-26 11:18 · Score: 2, Interesting
  
  2) While a lot of people are still grappling with #1 above, there are a lot of more sophisticated people who need to learn that even if they ARE behind 7 proxies, using tor, ssh, on a hacked wifi they are accessing via a pringles can-tenna from across state or even national lines... and then use that super anonymous connection to participate anonymously in 'social networking' sites like twitter, facebook, etc... even if they never reveal a single personal detail about themselves, their place within the social network itself can be reliably used to unmask them once they've had their anonymous account linked to real friends.
  People REALLY need to be educated about this.
  Or read some spy novels from the cold war. Lots of spies are discovered by figuring out who had access to information and who their associates are.
9. Re:Who promised? by Rorschach1 · 2009-03-26 11:22 · Score: 3, Insightful
  
  Then again, some of us are very well aware of it and just don't care so much. If I want to post thoughts to a blog that I don't want linked back to me (and I've done so in the past), I'll set up something entirely separate, with a name I've never used before, linked to a new gmail account.
  Anyone with half a brain can figure out exactly who I am, where I live, and what I do for a living, starting from this post, in about 20 seconds. Medical conditions and sexual preference might take a little more work, but I'm sure some of it is out there.
  Frankly, I don't care. I'm self-employed and don't worry about what an employer might think of me. My friends and family seem to like me well enough despite already knowing that stuff. So long as it's not information that's going to result in identity theft (account numbers and such), there's not much that's worth the effort to conceal.
10. Re:Who promised? by Webious · 2009-03-26 11:24 · Score: 2, Insightful
  
  So, to be anonymous, I need to get behind 7 proxies, use tor and ssh on a hacked wifi...
  RTFA - I think you missed the point:
  
  Our de-anonymization algorithm is based purely on the network topology
11. Re:Who promised? by petermgreen · 2009-03-26 11:28 · Score: 4, Interesting
  
  The important thing is that anyone or anything that links your "real persona" and your "anonymous persona" is a potential threat to your anonymity both through things they willingly or mistakenly do and through things they could be coerced or forced into doing.
  It's all too easy to put lots of thought into making it bloody hard to trace your connection but then link your "anonymous persona" to your "real persona" through common friends, accidently logging into a site using the wrong account for the connection you are using, forgetting to flush cookies (and any similar tracing objects) when moving between your "nonanoymous connection" and your "anonymous connection" and so on.
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
12. Re:Who promised? by davester666 · 2009-03-26 11:31 · Score: 3, Insightful
  
  "all of the social network connections I have are to similarly protected people"
  No, for you to remain anonymous, you must disavow all knowledge of anybody in your social network, for all 'accounts' or whatever, for all postings that you want to not be readily linked back to you. And they must not have any links to these accounts either (so the easiest way is to not tell them about these 'anonymous' accounts).
  
  --
  Sleep your way to a whiter smile...date a dentist!
13. Re:Who promised? by Anonymous Coward · 2009-03-26 11:31 · Score: 2, Insightful
  
  I think you missed the point actually.
  or should I say... wooosh!
  maybe try reading past the first 19 words before replying to a post?
14. Re:Who promised? by Anonymous Coward · 2009-03-26 11:46 · Score: 1, Funny
  
  I read that and thought "19? did he just pull that out of his ass? 1 2 3... 19! He actually counted the number of words in the quoted text!"
15. Re:Who promised? by arvindn · 2009-03-26 11:48 · Score: 5, Informative
  
  Hi. I'm one of the authors. Please read our FAQ. It answers that very question. In short, our de-anonymization algorithm applies to far more than public social networks like twitter, including some very sensitive ones.
16. Re:Who promised? by ssintercept · 2009-03-26 11:49 · Score: 5, Insightful
  
  how 'bout not using twitter, myspace, facebook, etc??
  
  don't you use those services to be noticed?
  
  --
  "You can kill the revolutionary, but you can't kill the revolution."-- Fred Hampton
17. Re:Who promised? by MadAhab · 2009-03-26 11:53 · Score: 4, Interesting
  
  I agree, but I think it's an age and culture issue. These issues are new.
  In 10 years, no one would expect that a Twitter account couldn't be connected to your FB account any more than they would think you could cheat on your partner by taking your partner-in-crime to a pub you and your date frequent. The principle is no different - if two social spheres overlap, you've given up your relative anonymity.
  That's why Larry Craig tapped his toe in an airport bathroom in a stop-over airport - low likelihood of running into someone who might know him.
  
  --
  Expanding a vast wasteland since 1996.
18. Re:Who promised? by CannonballHead · 2009-03-26 12:13 · Score: 1
  
  Whoosh and all that, but seriously - yes, you do, but I assume some people assume that if they don't put any personal details up, they can't be found... and forget that their 'friends' may have personal information, etc.
19. Re:Who promised? by Patch86 · 2009-03-26 12:14 · Score: 1
  
  Ditto.
  I'm not self-employed, but similar holds true. I'm pretty sure you could identify me from just this online handle, based on posts from this and similar discussion boards.
  Fact is, you won't learn much out about me that I wouldn't have told you to your face anyway. I'm on pretty friendly terms with my employer, and am close with my friends, and I doubt anything I've said online would be news to them.
  And even if you can find out some more intrusive facts about me (medical history, salary, what have you) I might be annoyed, but it isn't anything that I'd lose any sleep over; it's not like it's a matter of national security...
  You only have something to worry about if your online and real-life personae completely and utterly different. And that'd make you a big fat phony.
20. Re:Who promised? by Slumdog · 2009-03-26 12:20 · Score: 1, Funny
  
  Fine, who am I?
  But I know what dude I am. I'm the dude playin' the dude, disguised as another dude.
  
  --
  FreeBSD bounties
21. Re:Who promised? by ssintercept · 2009-03-26 12:21 · Score: 2, Insightful
  
  whoosh yourself- as per the above article "researchers showed how they were able to identify people who were on public social networks such as Twitter".
  
  so the first step on concealing your identity is to not use the public social networks.
  
  --
  "You can kill the revolutionary, but you can't kill the revolution."-- Fred Hampton
22. Re:Who promised? by Runaway1956 · 2009-03-26 12:50 · Score: 2, Insightful
  
  Heh. To right. When I got TOR up and running, I was tempted to sign into a couple places, to look at my - uhh - "internet profile" being presented by browser, etc. Was reaching for the "submit" button, when I realized, "Hey, this is STOOOO-PID!" I'm no longer anonymous once I sign in ANYWHERE!
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
23. Re:Who promised? by Runaway1956 · 2009-03-26 13:03 · Score: 1
  
  so the first step on concealing your identity is to not use the public social networks.
  Bingo!!
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
24. Re:Who promised? by fuzzyfuzzyfungus · 2009-03-26 13:14 · Score: 1
  
  Or, y'know, somebody who wants to make it to graduation and out of town before mommy and daddy find out that they aren't a heterosexual like jesus wants them to be...
  
  There are plenty of good reasons that somebody, particularly somebody with limited social power in the real world, might want a separate persona online.
25. Re:Who promised? by Anonymous Coward · 2009-03-26 13:34 · Score: 0
  
  haha it's true... I really have nothing better to do than point out when people are wrong! On the internet!
26. Re:Who promised? by EdIII · 2009-03-26 14:22 · Score: 2, Funny
  
  That's why Larry Craig tapped his toe in an airport bathroom in a stop-over airport - low likelihood of running into someone who might know him.
  I thought it was just because he had a "wide stance".
27. Re:Who promised? by RiotingPacifist · 2009-03-26 14:23 · Score: 1
  
  hey my internet aliases were damn anonymous, until Mozilla went and ruined it all but as i don't post much that i wouldn't say to peoples faces it doesn't really matter anyway.
  
  --
  IranAir Flight 655 never forget!
28. Re:Who promised? by EdIII · 2009-03-26 14:31 · Score: 1
  
  Your still anonymous if all the profile data is fake. All the data associated with this Slashdot account is completely fictitious and in no way related to accounts hosted elsewhere that have nothing to do with tech blogs. Anytime I am presented with the option, or forced to provide, name and address data anywhere I use completely fictitious information. Everywhere. Also, different every time.
  So, if somebody from Slashdot here either liked or hated me and was including me in their online social profiles it would not lead to one to conclude that a relationship exists anywhere else.
  I think the only time I gave even partially accurate information was a bank. Even then, the address information was false, or was not my residential address. Obfuscation is a way of life for those that are determined to not be found no matter if all information was combined everywhere to do just that.
  If anybody wants to be truly anonymous you have not only protect your lines of communication, but also be very aware of the information you are providing. It does no good to cover your tracks, only to then shoot up a signal flare.
29. Re:Who promised? by Runaway1956 · 2009-03-26 14:50 · Score: 2, Informative
  
  How sure are you, of that idea? You must realize that your IP is recorded again, and again on the web. Do you use Flash, Java, or any other plugins that potentially give away identifying data? Does your browser leave any data that you are unaware of? What about your operating system? Microsoft has this thing (I forget the name, but almost everyone here knows what it is) where you can sign into one account, then automagically be signed into dozens if not hundreds of other sites/accounts. Google has something similar, if on a smaller scale. I can sign into GMail, and be recognized on YouTube, and MySpace, if I should care to make use of that "feature". Your practices are commendable, but you also need to make sure that you are using the technical tools available to reinforce your practices. We mustn't forget the many forms of malware available to the modern browser. Picking up any common trojan designed to exploit Windows, IE, OE, or WMP can guarantee that you are tracked everywhere, despite any practices or tools that you may employ.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
30. Re:Who promised? by EdIII · 2009-03-26 15:32 · Score: 1
  
  How sure are you, of that idea?
  Pretty Damn Sure (tm)
  
  You must realize that your IP is recorded again, and again on the web.
  You mean the exit node's, proxy's, internet cafe's, etc. public IP address right? Yeah, I realize that. Any IP address that has been assigned to me by a corporation that ALSO possess my name, address, social security number, telephone number, etc. has never been recorded by the destination. I am sure that plenty of TOR nodes and proxy's have that IP address, but I am reasonably sure of the difficulty of obtaining that information. Which is why I usually like to connect for anything interesting through other machines that I control first on networks that I can be reasonably certain are not logging IP address information, or that I am connecting to with wireless.
  
  Do you use Flash, Java, or any other plugins that potentially give away identifying data?
  When I do, it is on a virtual machine that is locked down with no information inside of it and just as easily destroyed afterwards. As for preventing that machine from learning the public IP address it communicates on, that is pretty damn easy for me (difficult for the machine) since all traffic is routed through TOR, and not a TOR that is installed on it. TOR someplace else on the network. Those virtual machines have literally no other routes outside the network except for TOR. They cannot even communicate with the host.
  Until somebody actually pulls of a hack in which their malware can be "Virtual machine aware" and compromise the hosts through the guests, I can be reasonably certain of the hosts safety.
  
  Does your browser leave any data that you are unaware of?
  Most likely. However, it is unlikely that survives when the entire virtual machine is destroyed upon exiting. Every new session has no access to any data that was recorded in a previous session. That includes all cookies, flash cookies, or anything else that I am simply unaware of.
  
  What about your operating system?
  I never use a host operating system to do much of anything, especially anything that connects to a remote network. All of that is virtual now and destroyed afterwards when appropriate. Of course any machine that is used for gaming has a more direct connection, but they are on a separate network and I am not so much concerned about Steam, XBOX Live, etc. I don't give any information on those networks which could be used to form conclusions about relationships outside of "entertainment networks".
  
  Microsoft has this thing (I forget the name, but almost everyone here knows what it is) where you can sign into one account, then automagically be signed into dozens if not hundreds of other sites/accounts. Google has something similar, if on a smaller scale. I can sign into GMail, and be recognized on YouTube, and MySpace, if I should care to make use of that "feature".
  Uhhhh, yeah riiiiiggght. I would never even think for one second of using a service like that. All of the Microsoft/Google accounts I have created contain completely separate information, are used for purposes that do not overlap with anything else (sometimes just one-time), and are created from different TOR exit nodes/Proxies.
  I have my own database where I keep what exit node/proxy I used to connect to the site, all of the information I provided to the site, it's password, purpose, etc. Before I go anywhere I pull that database up and check it. As long as the database is secure and never falls into the wrong hands, I am pretty safe.
  
  Your practices are commendable, but you also need to make sure that you are using the technical tools available to reinforce your practices. We mustn't forget the many forms of malware available to the modern browser. Picking up any common troj
31. Re:Who promised? by Anonymous Coward · 2009-03-26 16:00 · Score: 1, Insightful
  
  Exactly. This is what I do.
  If you have a 'real' account and an 'anonymous' account, why do you need to have links to your friends with your anonymous account anyway, when you can just use your real account?
  If you really need to have links to your friends from your anonymous account, then just have them create anonymous accounts too, and have links to those rather than their real account.
32. Re:Who promised? by Jason+Levine · 2009-03-26 16:23 · Score: 2, Interesting
  
  Years back, I used my real name for all of my online activities. After my kids were born, though, I reconsidered using my real name and address. So when I started a blog, I made up an "anonymous" name. I'm under no illusion that it is 100% anonymous, but I do my best to keep my "real name identity" and my "blog identity" separate. I'm go "blog identity" on all of the sites I frequent, but I'm unwilling to disappear as "Jason Levine" and either a) pretend to be a newbie at the site for awhile or b) reveal to everyone that "Jason Levine" and "BLOG_ID" are one and the same. While I might make some mistakes that wind up linking the two, I'm not going to come out and do it on purpose. (A really creative type could locate my blog ID though. I'll even give a hint: it's through my wife's blog name.)
  
  --
  My sci-fi novel, Ghost Thief, is now available from Amazon.com.
33. Re:Who promised? by PotatoFiend · 2009-03-26 16:28 · Score: 0
  
  FAIL. Aggies are from Texas A&M University, not the University of Texas.
  
  --
  "Liberty may be endangered by the abuses of liberty as well as the abuses of power." -- James Madison
34. Re:Who promised? by codekavi · 2009-03-26 16:40 · Score: 1
  
  Thanks, but we're not really that interested.
  
  --
  Can't see Hindi?
35. Re:Who promised? by MichaelSmith · 2009-03-26 17:11 · Score: 1
  
  how 'bout not using twitter, myspace, facebook, etc??
  What do you think /. is?
  
  --
  http://michaelsmith.id.au
36. Re:Who promised? by MichaelSmith · 2009-03-26 17:13 · Score: 1
  
  I could subscribe to /. and search all your comments. Unless you have been very careful I should be able to learn a lot about you.
  
  --
  http://michaelsmith.id.au
37. Re:Who promised? by somanyrobots · 2009-03-26 17:28 · Score: 1
  
  No, to be anonymous, you just need to not have any friends.
38. Re:Who promised? by Anonymous Coward · 2009-03-26 17:47 · Score: 0
  
  Why would someone tell AGGIE jokes about a researcher at UT?
39. Re:Who promised? by Anonymous Coward · 2009-03-26 18:24 · Score: 0
  
  Hahahaahahahahahahha. What a fag:
  
  Re:Who promised?
  by PotatoFiend (1330299) on Thu Mar 26, '09 09:28 PM (#27353149)
  FAIL. Aggies are from Texas A&M University, not the University of Texas.
  
  Re:Who promised?
  by Anonymous Coward on Thu Mar 26, '09 10:47 PM (#27353637)
  Why would someone tell AGGIE jokes about a researcher at UT?
  What adumb newbie fag, trying be all cool and googling stuff to look in-the-know, and then being fuckin wrong.
  What a FAG
40. Re:Who promised? by Anonymous Coward · 2009-03-26 18:29 · Score: 0
  
  why is this modded informative?
41. Re:Who promised? by Anonymous Coward · 2009-03-26 19:16 · Score: 0
  
  No, I'm Anonymous Coward!
  .
  .
  .
  .
  .
  (Please proceed with a dozen more posts in this fashion.)
42. Re:Who promised? by EdIII · 2009-03-26 19:24 · Score: 2, Informative
  
  True, but that is not the same thing as what we are talking about in the article.
  If you search my comments and find any postings with my real name, references to my place of work, real people, events, etc. then I do agree you could possibly do research in the real world to identify who I am. Sort of a 20 questions kind of deal.
  Remember... that is identify , as in gain a positive identification of my real world identity to the point you could then actually find me. Learning about my likes, dislikes, religious or political affiliations, positions on various arguments is not the same as identifying me.
  What the article is mentioning is that even though I am anonymous, there are enough of my own interactions with other non-anonymous people that my identity could be inferred by analyzing the data. Meaning that I am Mr.X, but Bob, Alice, Sally, Mary, and Steve all have information publicly available about somebody named Joe. Through process of elimination it is determined that it is highly likely I am the person Joe. Mr.X was still anonymous, his connections were still anonymous, but through analysis we have found it is highly likely that Mr.X is in fact Joe.
  That does not apply to me as this identity has never communicated with anybody that knows my real identity. So I would agree, you could gain knowledge about my relationships with other /.'s, but they will not provide you with any knowledge of my identity, nor will my own posts.
  I do invite you to research my posts should you want to. Feel free to let me know the results in this thread :)
43. Re:Who promised? by Anonymous Coward · 2009-03-26 21:08 · Score: 0
  
  Imposter! This is identity theft !
44. Re:Who promised? by L4t3r4lu5 · 2009-03-26 22:47 · Score: 1
  
  No. You need to do all of that, but not do anything which links you to your friends. Your super-anon account which you've never revealed details about is still vulnerable to a "six degrees of separation" type of attack.
  
  - Super-anon guy has Bobby, Jim, and Sandra on his facebook friends and he's got Bobby, Jim, and Jessica on his MySpace
  - Logically, Bobby and Jim must know each other, and therefore they both must know Super-anon guy.
  - Bobby and Jim have a lot of pictures on Facebook with a guy tagged "Andy" who doesn't have a profile. All the other tagged people are on Facebook.
  - Chances are, Andrew is Super-anon guy.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
45. Re:Who promised? by L4t3r4lu5 · 2009-03-26 22:51 · Score: 1
  
  A small Czechoslovakian Traffic Warden.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
46. Re:Who promised? by L4t3r4lu5 · 2009-03-26 23:09 · Score: 1
  
  I got to finding a piece of poetry from 2006 on living with insomnia and got bored.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
47. Re:Who promised? by Thaddeaus · 2009-03-26 23:16 · Score: 1
  
  Duuuuuuude........
48. Re:Who promised? by zen-theorist · 2009-03-27 01:21 · Score: 1
  
  Anyone with half a brain can figure out exactly who I am, where I live, and what I do for a living, starting from this post, in about 20 seconds. Medical conditions and sexual preference might take a little more work, but I'm sure some of it is out there.
  With a handle like yours, they just need to look at the results of your test!
49. Re:Who promised? by zen-theorist · 2009-03-27 01:32 · Score: 1
  
  Hi. I'm one of the authors.
  Wow, clearly you are not bothered about linking your real and Slashdot personas.
  I'm certain most /.ers guard their /. persona, given the blunt nature of the comments found here.
  OT, has there been any research into looking up a person's sex/ethnicity by analysing his or her /. comments? It is already known that the species problem is hard.
50. Re:Who promised? by mdm-adph · 2009-03-27 02:11 · Score: 1
  
  You're obviously a sadistic masked vigilante with a thing against liberals.
  
  --
  It is by my will alone my thoughts acquire motion; it is by the juice of the coffee bean that the thoughts acquire speed
51. Re:Who promised? by russotto · 2009-03-27 02:27 · Score: 1
  
  It's all too easy to put lots of thought into making it bloody hard to trace your connection but then link your "anonymous persona" to your "real persona" through common friends, accidently logging into a site using the wrong account for the connection you are using, forgetting to flush cookies (and any similar tracing objects) when moving between your "nonanoymous connection" and your "anonymous connection" and so on.
  Yep. Preferably, you want a "sterile" computer for your anonymous activities; it should contain no real information about you (in fact, if you're really paranoid, it would be best if it were purchased anonymously) and should only be used for the anonymous activities, never anything in real life. If you want to keep your anonymous personas separate from each other, you need to go even further.
  Personally I don't bother; when I want to be anonymous it's typically just to avoid having my name associated with something on a casual search; I know determined people could figure it out, but I don't care.
52. Re:Who promised? by Killjoy_NL · 2009-03-27 03:05 · Score: 1
  
  Kryten FTW
  Good show lad :)
  
  --
  This is the sig that says NI (again)
53. Re:Who promised? by Anonymous Coward · 2009-03-27 05:49 · Score: 0
  
  Crap, you mean I've been cyberstalking the wrong person?
54. Re:Who promised? by EdIII · 2009-03-27 09:35 · Score: 1
  
  BWAHAHAHAHAHHAHAHAH!
  I have never written a piece of poetry in my life! I have recited PLENTY of stuff from Andrew Dice Clay, but never written anything.
  You bring up a good point to make though. You have to make sure it is the RIGHT person, just not named the same person....
  LOL
55. Re:Who promised? by L4t3r4lu5 · 2009-03-29 18:35 · Score: 1
  
  My point was that just because you're very careful with your information, doesn't mean that someone else can't pretend to be you and fuck things up for you.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
56. Re:Who promised? by EdIII · 2009-03-31 04:40 · Score: 1
  
  How so? I am still anonymous as a write this, in that my real identity that is typing this on the keyboard is unknown to both you and Slashdot.
  The only way you could pretend to be me is to compromise my account, change the password, and then start making posts with it. That is a whole other security issue that applies regardless of whether you are obfuscating your real identity. I can attempt to regain my account while still having my real identity unknown to Slashdot.
  Other than that, you seem to be saying that could create accounts with EdIII at other websites and then cause others to draw the conclusion that the EdIII that wrote that poetry is indeed the same EdIII that is writing this post. I think most people are more sophisticated than that.
Re:Who promised? Tsarkon Reports by Anonymous Coward · 2009-03-26 11:07 · Score: 0, Troll

Well. Slashdot lies.
I used to get moderator points until I got $rtbl-ed. (RTBL = real time black list).
I have a high karma account in which I post "things that are likely to get moderated up." That way, when I have something insightful to say, and its compatible with the raging groupthinking censorship, I can get a spotlight.
However, I used to post anonymous things that may not be compatible with Slashbotting group-think.
Long story short: If you don't clear your cookies AND use a proxy, and you post anonymously in a bitch-slapped thread or get individually bitch-slapped by a moderator or your logged in username is associated with a bitch slapped or habitual troll IP you will never moderate again and be on $rtbl.
Now my high-karma account no longer can moderate, it can meta moderate but no longer moderate. This $rtbl is hardly real time. Its a permanent ban.
So here we are at slashdot. Where posting AC is flypaper: your real / logged in account WILL get $rtbl-ed if you start voicing things that piss off that crowd (which may in fact be true or genuinely insightful). You lose. You have no anonymous here, make sure you never use the browser you use to talk AC as you do to post logged in. Make sure you use some sort of a bounce or proxy if you think there is a good chance you will be a part of a bitch-slapped thread or make an AC post which the slashbotting public will moderate you down on.
Rats... by Anonymous Coward · 2009-03-26 11:08 · Score: 0

Now someone knows who I am...
1. Re:Rats... by Anonymous Coward · 2009-03-26 12:32 · Score: 1, Funny
  
  no they dont give a rats ass about you...
  they are after me.
Tin foil! by mc1138 · 2009-03-26 11:11 · Score: 4, Funny

Must... cover... everything...

--
The musings of just another geek and his junk.
1. Re:Tin foil! by EdIII · 2009-03-26 12:03 · Score: 1
  
  Must... cover... everything...
  Just don't cover the naughty parts.... it.. chafes.....
  Or at least on the outside of the underwear.
Twits by brkello · 2009-03-26 11:16 · Score: 4, Insightful

Slashdotters care about privacy. People on these social networking sites want their lives to be on show for everyone. I don't think people who twit every 5 minutes where they are and what they are doing are really to concerned about their privacy.

--
Support a great indie game: http://www.abaddon360.com
1. Re:Twits by LandDolphin · 2009-03-26 11:20 · Score: 5, Insightful
  
  This.
  
  However, I don't think a lot of people fully understand the negative side of placing your life online for all to see. They fail to realize that placing their discussion about smoking pot (or other dubious activity) on twitter might one day cause them a job.
  
  --
  Spelling and Grammar errors have been added to this post for your enjoyment
2. Re:Twits by Anonymous Coward · 2009-03-26 12:47 · Score: 0
  
  Similarly, of course, I don't think people who think that everyone on Twitter posts their current whereabouts etc. every five minutes really have any idea of what the average user does or doesn't do or post there.
  The same's even more true for other social networking sites, too. You could just as well chastise folks who've got blogs; but of course you're not going to, since you might actually be one of those yourself.
  Much better to just ascribe a positive trait to a group like Slashdotters that - surprise surprise! - happens to include you, while denying the same trait in anyone else. And given that the moderators are Slashdotters as well, naturally, you even get karma for your intellectual wanking.
  Seriously. TFA is actually interesting, but I bet you not only didn't read that but in fact didn't really RTFS, either; all you saw was something about Twitter, and that was all you needed to take a snipe and try and inflate your own ego, too.
  Now go RTFA and come back when you can act like an adult and when you've got something that's *actually* interesting, informative or insightful (or funny, for that matter) to contribute to the discussion.
3. Re:Twits by Animaether · 2009-03-26 12:47 · Score: 4, Funny
  
  They fail to realize that placing their discussion about smoking pot (or other dubious activity) on twitter might one day cause them a job.
  That's right - The Netherlands are hiring again!
4. Re:Twits by jctownend · 2009-03-26 12:52 · Score: 1
  
  Twitter seems to be going to critical mass lately. I expect the stampede won't be slowed down much by privacy concerns.
5. Re:Twits by brkello · 2009-03-26 13:04 · Score: 1
  
  If you could read my very short post I actually lumped in social networking sites. I do have one and I don't blog. It is a nice way to keep in touch with friend.
  
  Obviously, I know that everyone doesn't do it every 5 minutes. It is just an exaggeration...but despite that, the fact stands that most people on these sites care little about privacy.
  
  I do think Twitter is stupid. It has some very limited useful purposes (like the guy who used Twitter to notify people he was jailed in a foreign country), but for the most part it is just people writing mundane things about their live and thinking other people care. THOSE are the people with over-inflated egos.
  
  That being said, there are a lot of people who like getting in to other people's business. This tends to be females more than males. I think they have every right to do it and enjoy it. I don't want them to tear down Twitter. But I have every right to think it is stupid and not participate.
  
  --
  Support a great indie game: http://www.abaddon360.com
6. Re:Twits by Jewfro_Macabbi · 2009-03-26 14:24 · Score: 1
  
  There's also the possible side effect that if people do post how they really live - we can one day over come silly prejudices and preconceived notions about human and social behavior. Ideas like pot smoking being "dubious" need to be challenged.
7. Re:Twits by Chees0rz · 2009-03-26 16:43 · Score: 1
  
  Slashdotters care about privacy. People on these social networking sites want their lives to be on show for everyone. I don't think people who twit every 5 minutes where they are and what they are doing are really to concerned about their privacy.
  All we need to do is find a slashdotter who 'tweets' every 5 minutes and you'll implode, a black hole will take your place, and the universe will collapse.
  
  I think I just found a new hobby. Making gross generalizations? No, that's your job- I'll start using twitter.
8. Re:Twits by LandDolphin · 2009-03-27 03:11 · Score: 1
  
  While I can agree that smoking pot is theoretically no different then having a drink (if not better according to some), there is one difference right now. It's illegal. If it should be or not is certainly up for debate (and it should not be), but what is not up for debate is that it is currently illegal.
  
  Taking part in illegal activities is most certainly "dubious". Risking all that one risks to get high off an illegal substance certainly calls ones decision making skills into question.
  
  --
  Spelling and Grammar errors have been added to this post for your enjoyment
9. Re:Twits by Jewfro_Macabbi · 2009-03-27 03:26 · Score: 1
  
  I reject your contention taking part in illegal activities must always be "dubious". By that argument Rosa Parks was a "dubious" law breaker. Laws are stricken down daily - sometimes they are just wrong. In 14 US states, it is perfectly legal for some people to use/possess cannabis for medical reasons. In several other states marijuana has been decriminalized by voter initiative. Until the law is challenged, how can it change? Having millions of Americans admit they engage in an activity, and yet remain active, productive members of society - is entirely the point. Someone has to take that risk. There have always been brave people willing to suffer the consequences so there might be change. Lucky that, for the rest of you.
10. Re:Twits by LandDolphin · 2009-03-27 03:41 · Score: 1
  
  There is a huge difference in someone challenging unjust laws and people who just break the law.
  
  You get X number of people to gather on the steps of the Capitol and Toke up, that's noble and certainly lends itself towards the kind thing that Rosa Parks is linked to. Risking security for a protest of current laws is admirable. But there is nothing to show that any sizable portion of pot smokers are doing anything like that. What is happening far more consistently is that they are hiding their illegal activity and smoke to get high and not actively working to oust unjust laws.
  
  So, you are right, not all illegal activity is "dubious". There are always exceptions to everything; the world is not black and white. However, the exceptions are just that, exceptions. Breakign the law to stage a protest of the law is an exception
  
  --
  Spelling and Grammar errors have been added to this post for your enjoyment
11. Re:Twits by Jewfro_Macabbi · 2009-03-27 03:56 · Score: 1
  
  Why do you assume the majority of pot smokers, "just want to get high"? Does actual data support that? I cannot personally attest to the reasons others choose risking arrest to use marijuana. I can only tell you that I am a 95 pound HIV patient. My choice is based on the fact I consider stopping the vomiting, stopping the pain, and possibly generating some appetite a more pressing concern than whether or not I'm violating some law.
  
  It's also why I'm not currently organizing that mass protest event. Someone else, will have to do that. I can't stand up that long.
12. Re:Twits by LandDolphin · 2009-03-27 04:50 · Score: 1
  
  Yes, I do not have any evidence to support my position. However, you do not have any to support the opposition. The only logic I have to support mine over yours to to say that the majority of people are not suffering from medical illnesses, like HIV.
  
  You smoke to relieve your pain caused by your illenss. There is a reason you smoke besides to just get "high". However, I would not say that your case is the norm; you are an exception. There are thounds (possible millions) of people that smoke for medical reasons. But there are certainly more that smoke for the high without the medical need.
  
  On a side note, I'm sorry to hear about your illness. I certainly hope that you're able to keep it under control and live a long and fruitful life.
  
  --
  Spelling and Grammar errors have been added to this post for your enjoyment
You mean like willyhill? by tepples · 2009-03-26 11:19 · Score: 4, Informative

Willyhill managed to ID fourteen Twitter accounts. Or is this something completely different?
1. Re:You mean like willyhill? by Slumdog · 2009-03-26 12:58 · Score: 1
  
  Willyhill managed to ID fourteen Twitter accounts. Or is this something completely different?
  I think twitter has really gotten to you.
  
  --
  FreeBSD bounties
Lucky guess... by Anonymous Coward · 2009-03-26 11:33 · Score: 0

David who? Smarty pants....
1. Re:Lucky guess... by Slumdog · 2009-03-26 12:40 · Score: 1
  
  David who? Smarty pants....
  Maybe David the Goliath.
  
  --
  FreeBSD bounties
Social network can-o-worms by xixax · 2009-03-26 11:38 · Score: 4, Insightful

Are there really any surprises here? Social networks behave a lot like the Internet, with many routes pointing to your front door.
For example, use whatever falese names you want. Your email address makes a dandy primary key squirreled away in all your friends mailboxes, just waiting for Facebook to Hoover it up and join the dots.
Your privacy and anonymity is defined by the aggregate social stupidity of your friends.
Xix.

--
"Everything is adjustable, provided you have the right tools"
1. Re:Social network can-o-worms by Anonymous Coward · 2009-03-27 02:59 · Score: 0
  
  Your privacy and anonymity is defined by the aggregate social stupidity of your friends.
  Xix.
  I think this could actually make it into the list of "RULES OF THE INTARWEZ!"
2. Re:Social network can-o-worms by Requiem18th · 2009-03-31 13:44 · Score: 1
  
  Your privacy and anonymity is defined by the aggregate social stupidity of your friends.
  Xix.
  That has quite a Zen ring to it!
  
  --
  But... the future refused to change.
This is new technology to me by moteyalpha · 2009-03-26 11:42 · Score: 3, Funny

I understand networks and how you can get somebody's IP and translate it to a location or identify them with algorithms that analyze sentence structure or even use some TCP packet tricks.
The thing that confuses me is the acronym "FRIEND", I have looked in all my technical references and I can't find that tool.
1. Re:This is new technology to me by Anonymous Coward · 2009-03-26 22:47 · Score: 0
  
  So you don't know about friendship and inheritance
Please read our FAQ by arvindn · 2009-03-26 11:43 · Score: 5, Insightful

We have an FAQ about this paper. It answers many of the misconceptions expressed in the comments here. In particular, our algorithm applies to much more than public social networks like twitter and flickr. A variety of networks including the phone call network are being shared behind your back in anonymous form, and our de-anonymization techniques apply just as much. You'll probably agree that people expect more privacy there. See my blog for a variety of demonstrations and thought-experiments of de-anonymization.
1. Re:Please read our FAQ by PPH · 2009-03-26 14:43 · Score: 1
  
  A variety of networks including the phone call network
  Old news actually. Techniques for identifying networks of friends and co-workers have been applied to call records for years. And that info is for sale.
  A friend of mine in the security biz told me that when Dick Cheney outed Valerie Plame, link analysis probably revealed the identities of several hundred CIA employees.
  
  --
  Have gnu, will travel.
2. Re:Please read our FAQ by fulldecent · 2009-03-27 02:18 · Score: 1
  
  Where can I get access to these "anonymized", sensitive data sources?
  
  --
  -- I was raised on the command line, bitch
I can ID anyone using Twitter by FlyingSquidStudios · 2009-03-26 12:05 · Score: 2, Funny

as someone whose every thought I have no interest in reading.

--
http://twitter.com/OLDTELEGRAM
1. Re:I can ID anyone using Twitter by The+Fun+Guy · 2009-03-26 13:16 · Score: 1
  
  RT
  
  --
  The man who does not read good books has no advantage over the man who cannot read them. - Mark Twain
or... by Anonymous Coward · 2009-03-26 12:35 · Score: 0

you could not post anonymously!
Please do not go and work for google by tqft · 2009-03-26 12:36 · Score: 2, Insightful

http://www.guardian.co.uk/technology/2009/mar/26/seth-finkelstein-google-advertising
"Google recently took another step along the path of surveillance as a service, launching what it called "interest-based advertising", and which everyone else calls "behavioural targeting". These are systems that collect extensive personal data, for marketing purposes. To best understand the issues,"
http://sethf.com/infothought/blog/archives/001422.html
I once upon a time worked for a statistics agency and even without names and addresses it is surprisingly easy to identify people in anonymous data, even anonymised unit record data can be deconstructed to some degree. Depending on what you want to achieve don't even need to identify them.
Marrying up these datasets and ideas would be gruesome.

--
The Singularity is closer than you think
Quant
This is a standard timing attack by netcrusher88 · 2009-03-26 13:09 · Score: 1

The application to twitter anonymous accounts is creative, but otherwise it's a standard timing attack. If user A is active while anonymous data B is passed, user A has a higher chance of having generated data B than the rest of the population.
Looks like there's some number-crunching using timing of past tweets and whatnot to see if the user is likely to be on, too. I like that.
Or it could be I'm completely misreading it.

--
There's an old saying that says pretty much whatever you want it to.
1. Re:This is a standard timing attack by PotatoFiend · 2009-03-26 18:47 · Score: 0
  
  Or it could be I'm completely misreading it.
  Or it could be you haven't read it at all. This has nothing to do with timing analysis. It's based on graph isomorphism, i.e. the structure of social network graphs.
  
  --
  "Liberty may be endangered by the abuses of liberty as well as the abuses of power." -- James Madison
Haha! by Anonymous Coward · 2009-03-26 13:17 · Score: 0

You'll never ID me! You buggers'll never guess my name by just reading my anonymous Slashdot posts!
Go on, just try: am I The Queen? Wrong. Prince Phillip? Wrong. Barack Obama? Wrong. Diana, Princess of Wales (deceased)? Of course not! Kim John-Il's hamster? Nope.
Here's another clue, in the form of some of my recent tweets:
Who's having a dump?
Just did a really big poo, will put picture up on Photobucket.
Anyone followed those Yoda doll instructions on Slashdot yet? Wow!
Anvil of Stars by MrKaos · 2009-03-26 13:26 · Score: 1

Maybe it was a tar baby.

--
My ism, it's full of beliefs.
The "Sorta-Anonymous" principle. by TaoPhoenix · 2009-03-26 14:17 · Score: 1

This & other tricks are possible, yes, but *harder*. I really don't have the creds to pull the tech side of your Point 2, but I have quietly worked to keep the other side down to a whisper, earning strange looks from friends who can't imagine why I Just Don't Wanna Share.
The Mayans got lucky. Their 2012 date is just accidentally shaping up to be the Data Implosion.
~tag: "Let's give everyone what used to be studio grade cameras in their phones, 12 types of mechanisms and reasons to aggregate and pummel cyberspace with pictures of everyone doing everything, while also creating a whole second group of users posting (presumed) anonymously, followed by 35 governments becoming Big Brothers, then losing control of the data!"
As you folks have said, when that tsunami hits the shore, Social Ethics as we know it goes to pieces.

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Re:Who promised? Tsarkon Reports by Runaway1956 · 2009-03-26 14:23 · Score: 1

Obviously, you know almost nothing about anonymizing yourself. The admin (and oftentimes, moderators) of ANY site/board can go into his admin tools, and find out A: all the IP's from which you have logged into his site and B: all the posters who have logged in from each and every IP that poster has ever used With nothing more than those two sets of data, the admin/mod can make some pretty good guesses just who the heck you REALLY are. More, your browser sends information in ADDITION TO your IP - as well as Java, Flash, and other plugins. Google "TOR Bundle" Look it over, learn it's features, and you will BEGIN TO understand anonymous browsing. But, be aware - the features are ALL USELESS unless you understand them, and use them properly. IF, and/or WHEN you understand the features of that full bundle, THEN you MIGHT know how to trick /. and other sites into believing that you ain't you. But, only if you also acquire the discipline needed to use the tools properly. Meanwhile, stop your whining. No one appreciates you drooling on the floor, and the admins here know exactly who you are. They are laughing at yet another idiot post by a known idiot.

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
66% accuracy? by Paco103 · 2009-03-26 15:54 · Score: 1

I wonder what the accuracy would be if you just scanned for posts referencing new pictures at flickr?
Re:Who promised? Tsarkon Reports by Anonymous Coward · 2009-03-26 17:52 · Score: 0

Funny, We can get FPs and make the political statements We need to at will and can post at a far faster rate using HA proxies than even logged in users. And We suspect that if they could stop us from posting, they would.
Judging from your Johnny come lately Slashdot ID, you don't know what the fuck you are talking about. We've gamed moderation on /. and k5 and other places to the point where We can hit the karma caps with ease. We know how to engineer people like you. For example, you just fed the "troll." Another is you just put a higher moderated post inline with mine. Another is that you don't understand Slashcode in the least, and if you don't know what RTBL is, you are just a fucking L-user.
We can post shit and get a +5 moderation anytime. We can post on k5 (back when it mattered) and get a front page story. Its all how you present the information in such a way to get fucking morons like you to go along with it. Kind of like idiot Americans taking Obama seriously (or Bush for that matter). Just feed the babies with pureed baby food and you can sell any shit. The hardest part of thinking how to spoon feed the masses of idiots is to get way the fuck down on their mental plane. Its hard for those with real messaging or knowledge to do, but mastery of it pays of in spades (or with a spade as president, lol).
YHBT YHL HAND

Well. Slashdot lies.
I used to get moderator points until I got $rtbl-ed. (RTBL = real time black list).
I have a high karma account in which I post "things that are likely to get moderated up." That way, when I have something insightful to say, and its compatible with the raging groupthinking censorship, I can get a spotlight.
However, I used to post anonymous things that may not be compatible with Slashbotting group-think.
Long story short: If you don't clear your cookies AND use a proxy, and you post anonymously in a bitch-slapped thread or get individually bitch-slapped by a moderator or your logged in username is associated with a bitch slapped or habitual troll IP you will never moderate again and be on $rtbl.
Now my high-karma account no longer can moderate, it can meta moderate but no longer moderate. This $rtbl is hardly real time. Its a permanent ban.
So here we are at slashdot. Where posting AC is flypaper: your real / logged in account WILL get $rtbl-ed if you start voicing things that piss off that crowd (which may in fact be true or genuinely insightful). You lose. You have no anonymous here, make sure you never use the browser you use to talk AC as you do to post logged in. Make sure you use some sort of a bounce or proxy if you think there is a good chance you will be a part of a bitch-slapped thread or make an AC post which the slashbotting public will moderate you down on.
You deserve it! by eBayDoug · 2009-03-26 18:54 · Score: 0

If you put your real info on the internets you are stupid.

--
Learn About Outsourcing. http://www.pioutsource.com
Re:Who promised? Tsarkon Reports by Anonymous Coward · 2009-03-26 20:56 · Score: 0

good post
OH NO!!! by interested+pyro · 2009-03-27 00:25 · Score: 0

must....... tell...... everyone...... using....... twitter!
And Rosa Parks: by Jewfro_Macabbi · 2009-03-27 04:28 · Score: 1

"she took her action as a private citizen "tired of giving in". Although widely honored in later years for her action, she also suffered for it, losing her job as a seamstress in a local department store..." - From Wikipedia

It was not a mass protest event. She just had enough that day, and wasn't bowing to an unjust law regardless of the consequence.