An Ethical Guide to Cyber Anonymity by Kushantha Gunawardana

Author:Kushantha Gunawardana
Language: eng
Format: epub
Publisher: Packt
Published: 2022-07-15T00:00:00+00:00

Levels of cyber anonymity

As we discussed earlier, cyber anonymity is trying to hide your identity without hiding the action. The meaning of being anonymous is hiding your identity but your actions still being visible. Back in 1996, there was a paper published in the Journal of Universal Computer Science by Bill Finn and Hermann Maurer, who were from the computer science department at the University of Auckland. It first introduced the levels of anonymity (https://www.jucs.org/jucs_1_1/levels_of_anonymity/Flinn_B.pdf). This paper introduced multiple levels of anonymity. According to the paper, networked computer systems required multiple levels of anonymity. The paper explains five levels of anonymity, but these levels were introduced in 1996, so it does not provide categorization for the techniques and tactics used today. However, it establishes a few points to continue our discussion.

The various levels of cyber anonymity are as follows:

Level 5 – Super-identification – According to the explanation in the paper, this level completely identifies the user and authenticates the user using the user ID and the password to the system in a unique way. All the communication transactions carried out by each user will be stored as an audit trail for later investigation if required. In those days, enterprise systems with mainframe computers used this secure identification system. When you compare this idea with today’s technology, it’s pretty much like the zero-trust authentication we discussed. In those days, it applied to mainframe systems with closed environments (closed infrastructures are not exposed to other networks or the internet).

Level 4 – Usual identification – This is explained as systems that totally rely on a username and password combination only. If anyone has the correct username and password, the system will allow the user to access the system and access resources without validating other attributes. If you compare usual identification to today’s systems, this is like systems that authenticate users only based on credentials. We discussed castle security and zero-trust security before. If an attacker compromises the username and the password, they can access the target system without any problem, as the system only validates the user based on the username and password combination.

Level 3 – Latent or potential identification – In this identification system, users use pseudonyms in the system. Each user has a pseudonym and is mutually disjoined, which means each user will have a screen name or username in the system, but one user cannot identify another user in the system in a real, personally identifiable way. As a result, two users cannot identify the other user’s identity directly. While the system has complete knowledge of each user, user-to-user communication is always pseudonymized. When you compare this type of identity with today’s scenario, it’s mostly in community discussions, technological forums, and bulletin board discussions that people use stage names and pseudonyms to introduce themselves. You can only identify users by the stage name or commonly used profile name. You can also find this on social media such as Twitter, YouTube, and TikTok – many people use profile names, not their real identity.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.