Unlisted Publishing And The Burner Account: Responses To Online Surveillance?
from the it's-a-post-snowden-world dept
One of the consolations of spending far too much time online is that you get to witness the birth of new ideas and new terms, along with new uses of existing ones. On Medium, Chris Messina points out two recent examples of creative re-purposing of older ideas and words. The first is the apparently trivial idea of "unlisted" content:My first personal experience with "unlisted” content online was likely on YouTube. Making a video unlisted means that only people who have the link to the video can view it. It also means that the content won't be broadcast to followers, or appear on the creator's public profile. This is known as security through obscurity since the video isn't secret, it's just hard to find. An unlisted video can be viewed without requiring authentication.As he points out, in addition to YouTube, "unlisted" services are now available from Flickr, Dropbox, Google Drive, Vimeo and Medium. His other cultural find is at a much earlier stage of its development: the "burner account."
Services seem to offer "unlisted" publishing to simplify sharing while providing more flexibility. It's a pragmatic solution to address the challenge that what people think they want (i.e. 100% secrecy and control) isn't in practice what they're willing to put up with. It comes down to behavioral economics: if the value of keeping something secret is less than the frustration caused by maintaining its secrecy, people will route around the system designed to keep the thing secret.
Like most people, "burner" connoted cheap, prepaid, disposable phones used by drug dealers to evade surveillance to me.As an example of its evolution, he cites a product called simply "Burner," created by a friend of his:
...
It's not the phone that the drug dealers care about -- it's the repudiability. A burner essentially makes fungible the association between an attribute (like a phone number) and an individual. This is important. Whereas a social security number is used as a lifelong attribute (and is therefore not fungible), a phone number is useful as an identifier only as long as the owner chooses to keep it. Once the number has served its owner's purpose, it can be recycled back into the pool of available numbers without being traceable to the former owner.
Burner is your "other" number -- a smart privacy layer for the smartphone era, giving users the power to take control of their communications and personal data.But Messina points out that the meme is beginning to spread beyond a single product:
Enabling users to obtain and manage additional phone numbers for voice, SMS, and MMS communications, Burner is fast, safe and private. Burner lets users get as many numbers as they want, use each as a private line on an iPhone or Android phone, and keep numbers indefinitely or 'burn' numbers they no longer need.
I recently noticed that [Gawker Media's] Kinja has adopted the "burner" nomenclature for anonymous commenting on its site -- the first example I've seen of this language being used on the webAs well as their intrinsic value in extending the online ecosystem in novel ways, it's interesting that both "unlisted" publishing and "burner" accounts are about giving people more control over who knows what they are doing on the Internet, including the ability to hide it in different ways. Maybe that desire for privacy is a response to Snowden's revelations that we don't actually have as much of it as we thought.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Great idea, but..
However, having the app on the phone makes me nervous. Having a burner phone, you can just get rid of it physically. Having an app means that there would likely be a nice little database on the phone of which numbers you have (and possibly which ones you used to have to give you an undelete or similar issues). And then there is the whole business records of the company providing the app, which could come back to haunt you, if they are not secure enough, etc. The joy of the phsyical phone was that you alone controlled it, there was no outside source that could be used against you.
And using it for comments doesn't really make sense to me,in connotation, unless you are setting up an account (just posting as anonymous means there isn't anything that needs to be burned per se, if you aren't logged in, etc). And if it is an account, well, back to business records again. And it's not like someone can't make up an email for registration (and that brings us back to why burners are good in that you control the info, you can burn that email just like you toss that phone, without them assisting you).
The key is this: we all want more privacy, but we all know big brother is watching. And how many companies do you trust to have perfect security, or not have enough business records to help find you? To really have any modicum of feeling safe (you likely still arent), you need to be the one in control of it. The more you give that up to others, no matter how much easier that makes your life, the more likely you are to be found. So, great concepts here, but anyone who really wants some real security won't use them.
[ link to this | view in thread ]
Pleading the Fifth
Suppose that you are the regular user of a forum, and someone utters something bad bordering on illegality.
If you post under your real name or otherwise identify yourself, you can be subpoenaed to testify, and you can't plead the Fifth Amendment if it's a foregone conclusion that you are poster XXX YYY, or may have information leading to incriminating evidence.
But if it isn't a foregone conclusion that you have an account at that forum, and revealing the information may be incriminating, you can plead the Fifth Amendment and refuse to testify.
Burner account are therefore not just necessary to preserve privacy but are increasingly important for safeguarding the Fifth Amendment.
[ link to this | view in thread ]
Re: Great idea, but..
If the burner account has been paid for anonymously or in bulk, the investigative trail is cold.
Also I don't think that a provider of messenging or communication services is required by law to preserve the contents or metadata related to each conversation.
What does it help if the police can prove that I may have paid for an account if all the data necessary to reconstruct what was said and who listened is gone.
If I upload something to Dropbox and encrypt with the recipient's public key, anonymity is not even necessary if the other party has purged his secret key.
[ link to this | view in thread ]
[ link to this | view in thread ]
Know Your Enemy
Don't let the perfect be the enemy of the good.
As an aside, I recently made a similar analysis and started using a privacy enhancing service that lets me buy virtual prepaid debit cards that can use any name and any address. So now I can make purchases using the name of a former tenant at my current address. His name is already in Big Data so it doesn't stand out as a possible alias for myself. This won't stand up to government inspection, they can subpoena or NSL the records if they want to. But for everybody else the obfuscation is good enough to keep me off the radar.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Great idea, but..
And when it comes to things like customer metadata, only certain companies are so required.
"If the burner account has been paid for anonymously or in bulk, the investigative trail is cold"
That's not a "but". That's a feature.
"If I upload something to Dropbox and encrypt with the recipient's public key, anonymity is not even necessary if the other party has purged his secret key."
Anonymity remains very important even when the contents of your communications can't be read. Metadata is often just as (or more) sensitive than the actual contents.
[ link to this | view in thread ]
Good to see
[ link to this | view in thread ]
The problem with a true burner phone
[ link to this | view in thread ]
Re: The problem with a true burner phone
[ link to this | view in thread ]
I also have multiple burner email addresses, not directly tied to me, for use in querying sketchy businesses, etc.
None of them are temporary, but the word "burner" immediately gets the point across.
[ link to this | view in thread ]
Re:
In the few cases where I'm willing to sign up for something that unnecessarily asks for my phone #, I just make one up. By the same token, if they want my SSN without a legal reason for needing it, I give them Richard Nixon's: 567-68-0515
I, too, have multiple email addresses, but I don't really consider them burners since I don't discard them after use. For my "burner" email addresses, I use mailinator.com.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
One problem with using your actual landline phone number this way, however, is that it still enables marketers to append your records via the data cloud. This is why, for example, you wouldn't want to use your home phone on a supermarket loyalty card -- they may not telemarket to you ever, but you have instantly appended your home address and all the specific records tied to you at that address, and all general demographics of your zip code, etc., with your unique purchase history.
[ link to this | view in thread ]
Re:
A burner account is generally used for a single topic. they are used on Reddit all the time. For example, a woman might ask for advice on getting an abortion. If she posted this under her main account, anyone who knew here in real life would then be privy to that information, but by using a burner, she can respond to questions, suggestions, monitor the activity on the page, et cetera. Once the account has served it's purpose, she can just walk away from it.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
In all fairness, if you have any concern whatsoever about privacy and security then you wouldn't sign up for a loyalty card in the first place.
[ link to this | view in thread ]
Re: Re: Re: Re:
I use "Jetson." They say, "Jenson?" "No, Jetson." "Johnson?" Then I get to act like I've had a lifetime of dealing with this, and slightly exasperated say, "JETSON ... like the cartoon." And by then they think I'm serious. Gotta maintain deadpan though.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Burner co-founder here
"Anonymous Coward" comments here, for example, are a great example of, basically, an "anonymous guest" mode. It's very useful and you don't have to authenticate yourself, but you also don't get the benefits of an account (e.g., notifications of replies to your comments).
A "Burner" account, both in the sense Chris Messina is talking about in his article and in the sense we think about Burner phone numbers, is an actual account with an actual login, but one under which you can be pseudonymous, and one that you can also easily change if you want to create a new identity (or perhaps maintain multiple identities at once). These services are also great for avoiding finding yourself in marketing databases, or at least "fuzzing" your data within them to some degree. But Burner works by interoperating with the generally available telephone network (CMRS & PSTN carriers). This is its primary advantage, as a single-player user can use it effectively without asking his or her counterparties to download or sign up for anything, but it should be self-evident that any communication through it is only as secure as that entire system --including counterparties' carriers, hardware, and software -- is.
I think of encrypted services as having a different value proposition entirely, but even among them there's a range (e.g. encrypted message services that still capture metadata, as can be assumed to be the case with companies like Yahoo and Apple who are starting to do encrypted messages, VS companies and services claiming true end-to-end anonymity and encryption). Think of using a service like coinbase vs. buying bitcoins through a strong proxy in a cash transaction. The latter types of services would be the preferred services for whistleblowers, investigative journalists, and fourth-amendment enthusiasts trying to stay truly "off the grid". The problem with these kinds of services and the reason I'm not naming any of them (setting aside their potential for nefarious uses) is that you have to get them exactly, perfectly right or risk compromising your system. One social hack or single point of infosec failure could be disastrous -- especially so if the vulnerability is invisible to the owners or users of the system, as is often the case in surveillance situations. It's also easy to misunderstand (or misrepresent) them by some obscure but critically important degree.
We take good care to understand and try to be clear about where we sit on the spectrum -- the first principle of a privacy policy should always be honesty! Not everyone else takes this approach, but it's great that there's discussion starting to happen.
Not to be pedantic, but hopefully it's obvious that if these nuances are important to you (or your readers, users, etc), you should definitely do your homework.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
This article took a hard right turn...
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Sometimes I donate a dollar for some charity or another at the grocery store and they put a little sign up on the wall indicating so. For those, I use the name "Eris". If I get to write the name on the sign myself, I write it out in full: "Eris, Goddess of Discord".
[ link to this | view in thread ]
Re: Re: Great idea, but..
"And when it comes to things like customer metadata, only certain companies are so required."
Well what I was thinking of but did not articulate clearly was the legal data retention of metadata some service providers must observe as a condition for staying in business.
Interestingly the EU Data Retention Directive did not apply to online services i.e Dropbox, cyberlockers, online forums or other messenging protocols.
So one could legally set up a blackbox service which business model more or less explicitly was premised on offering burner identities, or at least so until the law catched up.
Cell phones are problematic because they rely on an closely regulated telco infrastructure, but pure IP only services could be commercially viable and legal because there is a limit to mandatory data retention.
Bu
In"If the burner account has been paid for anonymously or in bulk, the investigative trail is cold"
"That's not a "but". That's a feature."
Yes, and that's why some nations have banned prepaid anonymous sim cards.
""If I upload something to Dropbox and encrypt with the recipient's public key, anonymity is not even necessary if the other party has purged his secret
key.""
"Anonymity remains very important even when the contents of your communications can't be read. Metadata is often just as (or more) sensitive than the actual
contents."
If the cloud provider is located outside the investigating jurisdiction, or only cooperates if shown the correct paperwork, even this step will offer some degree of pseudonymity by forcing the government to jump through more hoops.
They can only use the metadata if they are able to correlate information from different providers, and if the investigation is of low importance even forcing the state to fill out some paperwork and check some boxes is good for anonymity.
[ link to this | view in thread ]
Cyberlockers
You upload a file, and the link is the 'secret' you share with your friends, community or the world.
Officially only the person who knows the link can download the file but the owner of the service or the MPAA or RIAA (if granted exclusive backdoors) might also see it.
This has led to a partition of work --- where the cyberlocker enjoys safe harbor because it only hosts files which are often encrypted, the warez forum or community with member access only, and the uploaders who know everything.
If implemented correctly, and there are many way it might go wrong, it's a perfect small scale way to do piracy and get away with it.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Also, if you use a loyalty card and pay with a debit or credit card, then those two things become linked in the database -- so they know who you are no matter what you filled out on the application.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: The problem with a true burner phone
As you said, if you let a burner mirror other records of your activities, then it's not acting like a pair of gloves. It's acting like a fingerprint.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]