An anonymous blog is a blog without any acknowledged author or contributor. Anonymous bloggers may achieve anonymity through the simple use of a pseudonym, or through more sophisticated techniques such as layered encryption routing, manipulation of post dates, or posting only from publicly accessible computers.[1] Motivations for posting anonymously include a desire for privacy or fear of retribution by an employer (e.g., in whistleblower cases), a government (in countries that monitor or censor online communication), or another group.
Deanonymizing techniques
Fundamentally, deanonymization can be divided into two categories:
Social correlation compares known details about a person's life with the contents of an anonymous blog to look for similarities. If the author does not attempt to conceal their identity, social correlation is a very straightforward procedure: a simple correlation between the "anonymous" blogger's name, profession, lifestyle, etc., and the known person. Even if an author generally attempts to conceal their identity (by not providing their name, location, etc.), the blog can be deanonymized by correlating seemingly innocuous, general details.[2]
Technical identification determines the author's identity through the blog's technical details. In extreme cases, technical identification entails looking at the server logs, the Internet provider logs, and payment information associated with the domain name.
These techniques may be used together. The order of techniques employed typically escalates from the social correlation techniques, which do not require the compliance of any outside authorities (e.g., Internet providers, server providers, etc.), to more technical identification.
Types
Just as a blog can be on any subject, so can an anonymous blog. Most fall into the following major categories:
Political: A commentary on the political situation within a country, where being open may risk prosecution.[3] Anonymous blogging can also add power to a political debate, such as in 2008 when blogger Eduwonkette, later revealed as Columbia University sociology graduate student Jennifer Jennings, successfully questioned New York MayorMichael Bloomberg's takeover of New York schools.[4]
Revolutionary and counter-revolutionary: These can either be inspiring activity or counter activity, often against a violent state apparatus. For example, Salam Pax, the Baghdad blogger, wrote for The Guardian newspaper under a pseudonym that he could shed only when Saddam Hussein no longer ruled in Iraq. Similar bloggers appeared during the Arab Spring.[5]
Dissident: Dissident blogs may document life under an oppressive or secretive regime, while not actively promoting or inspiring revolutionary or counter-revolutionary action. Mosul Eye, which has described life under ISIL occupation in Mosul, Iraq, has been called one of the few reliable sources of information on life inside the city since it began in June 2014.[6]
Religious: Views and comments about religious view points and issues, perhaps questioning some written standpoints.[7]
Whistleblower: The whistleblower blog is a modern-day twist on the classical "insider spotting illegality" theme. This can cover all sectors or issues. Among the most notable is that by the Irish Red Cross head of the international department Noel Wardick, who highlighted that €162,000 in donations to the 2004 Indian Ocean earthquake and tsunami had sat in an account for over three years. After spending over €140,000 on private investigators and legal expenses to find the whistle blower, including court orders to obtain Wardick's identity from UPC and Google,[8] the IRC disciplined and later dismissed Wardick. In 2010, an internal enquiry into Wardick's allegations found other such bank accounts, and proposals to overhaul the IRC's management were discussed in the Dáil on 15 December. Questions were answered by Tony Killeen, then the Minister of Defence. Wardick later successfully sued the IRC for unfair dismissal.[9]
Company insider: A company employee or insider reports on company operations and issues from within the organisation. The most famous is probably the Dooce.com blogger Heather Armstrong,[10] who was fired for writing satirical accounts of her experiences at a dot-com startup on her personal blog, dooce.com.[11]
Community pressure: Written by a citizen of an area, on a particular subject, to bring about a change. In 2007, reporter and blogger Mike Stark came out in support of anonymous blogger Spocko, who was trying to bring what he called "violent commentary" on San Francisco area radio station KSFO to the attention of its advertisers.[12]
Experience/Customer Service: Most experience blogs focus on personal insights or views of customer service, frequently with dissatisfaction. Most anonymous experience blogs are written anonymously as they allow the customer/user to keep experiencing and using the service, and reporting/blogging, while nudging at a defined and appropriate level against the target organisation. Among these are Sarah Wu's/Mrs Q. "Fed Up With Lunch" blog, a chronicle of her experience as an adult eating Chicago area high school lunch every day for a year,[13] which has now been turned into a book.[14]
Personal: The personal blog strays into personal life in ways that allow more risk taking and open in terms of detail. Hence, many of these blogs are sexual in nature,[15] although many also exist for those with health problems and disabilities and how they see the world and cope with its challenges. Some of the latest personal blogs are seen by many as extended group therapy, covering issues including weight loss.[16]
Recently, anonymous blogging has moved into a more aggressive and active style, with organized crime groups such as the Mafia using anonymous blogs against mayors and local administrators in Italy.[17]
How online identity is determined
IP addresses
An IP address is a unique numerical label assigned to a computer connected to a computer network that uses the Internet Protocol for communication.[18] The most popular implementation of the Internet Protocol would be the Internet (capitalized, to differentiate it from smaller internetworks). Internet Service Providers (ISPs) are allocated chunks of IP addresses by a Regional Internet registry, which they then assign to customers. However, ISPs do not have enough addresses to give the customers their own address. Instead, DHCP is used; a customer's device (typically a modem or router) is assigned an IP address from a pool of available addresses. It keeps that address for a certain amount of time (e.g., two weeks). If the device is still active at the end of the lease, it can renew its connection and keep the same IP address. Otherwise, the IP address is collected and added to the pool to be redistributed. Thus, IP addresses provide regional information (through Regional Internet registries) and, if the ISP has logs, specific customer information. While this does not prove that a specific person was the originator of a blog post (it could have been someone else using that customer's Internet, after all), it provides powerful circumstantial evidence.
Word and character frequency analysis
Character frequency analysis takes advantage of the fact that all individuals have a different vocabulary: if there is a large body of data that can be tied to an individual (for example, a public figure with an official blog), statistical analysis can be applied to both this body of data and an anonymous blog to see how similar they are. In this way, anonymous bloggers can tentatively be deanonymized.[19] This is known as stylometry; adversarial stylometry is the study of techniques for resisting such stylistic identification.