While it is extremely difficult to be completely anonymous on the internet, new technology is making it possible to protect users' privacy far better, says a Cambridge researcher.
“The current default on the internet is no privacy, which makes it easy to track everyone all the time,” said Steven Murdoch, a Royal Society research fellow in the Cambridge University computer lab.
“But there is a growing community of users, from the military and law enforcement officers to journalists, human rights workers and political activists, which is turning to anonymous internet communication for good reasons,” he said.
Murdoch pointed out that strong internet privacy is also crucial to applications such as electronic voting and online healthcare.
The most widely used open system to provide anonymity on the internet is the Tor Project, originally developed by the US Navy to protect government communications.
It protects internet traffic via a series of computers selected from the volunteer-operated Tor network to disguise where the traffic is coming from and going to.
Tor users are also recommended to use a customised web browser, based on Firefox, which helps to prevent tracing based on web browser characteristics.
“In recent years, there have been dramatic changes in how anonymous communication systems have been built and how they have been used,” said Murdoch.
“This includes the web taking over from email as the major means of communications and users of anonymous communication systems prioritising censorship-resistance over privacy.”
Read more about Tor
According to Murdoch, commercial and political realities are also affecting how projects such as Tor are run and software is designed.
He believes anonymous communication systems will have to adapt to changing circumstances and try to prevent malicious use of internet anonymity tools.
“Law enforcement agencies already have a wide range of tools to detect and prevent internet crime and the vast majority of these will still work when anonymous communication tools are used,” he said.
Murdoch will speak on the topic of anonymous communications at AppSec Europe at Anglia Ruskin University, Cambridge, on 23-26 June.
The conference is organised by the Open Web Application Security Project (Owasp) Foundation, an open-source organisation with over 45,000 corporate, educational and individual participants.
Owasp is a not-for-profit group that helps organisations develop, purchase and maintain software applications that can be trusted.
The group runs annual AppSec conferences in North America, Latin America, Europe and Asia Pacific.
Justin Clarke, Owasp London Chapter leader and director at Gotham Digital Science, said: “The AppSec conferences have become the focus for the industry to hear from the world’s leading experts, harness expert knowledge and stay abreast of the latest technology developments.”
Some of the presentations will discuss the vulnerabilities highlighted in Owasp's recently compiled list of the top 10 methods of breaking into web applications.
These include SQL injection, used by hackers to target Vodafone Iceland; cross-site scripting (XSS), which left Microsoft Office 365 open to attack; open redirects, which presents issues for Facebook; and insecure direct object references, which saw Yahoo's servers open to root access.