Warning: The links and tips we’re going to cover here must only be used for good.
Anonymity on the web is a funny thing. As users, we have this false sense of security because we logged in under a pseudonym and maybe fibbed about our birthday, height, weight or hairline. That anonymity can usually be breached fairly easily though, often requiring little more than a google search and some time. For example, if you search for my Wikipedia username, you’ll find a beekeepers’ website with a user by the same alias. It doesn’t take much checking of common interests and word choices to be reasonably sure it’s the same person.
Sometimes, you need stronger anonymity. Whistleblowers, abused spouses and investigators might have a legitimate need for secrecy. (It’s not necessarily paranoia if they really are out to get you.) CSO Online recently ran an article of tricks that can help ensure your anonymity. Some are fairly obvious like “plan your cover identity ahead of time instead of trying to make it up on the phone”. Others (like hiding your IP address or email spoofing) require a bit more sophistication.
Be very careful using any of these techniques and make very sure that they are legal in your area and under your exact circumstances. Pretexting is against the law in many jurisdictions. While there are usually safe-harbors for whistelblowers, it’s a tricky area of the law.
As a manager, you also need to know that these techniques are possible and could be used to circumvent your security policies. Block the ones you can (for example, by tightening the settings on your internet filter to block hacker support sites) and set expectations among your staff that they are to remain professional so they don’t feel the need for anonymity. And remind them that none of those techniques will protect if someone has a keystroke logger or other monitor on your machine.
Leave a Reply