Conference PaperPDF Available

Anonymous Communication and its Importance in Social Networking

Authors:
Nguyen Phong Hoang at University of British Columbia
Nguyen Phong Hoang
Davar Pishva
Davar Pishva
Davar Pishva
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDFDownload full-text PDFDownload full-text PDF
Read full-text
Download citation

Abstract and Figures

Digital information has become a social infrastructure and with the expansion of the Internet, network infrastructure has become an indispensable part of social life and industrial activity for mankind. For various reasons, however, today's networks are vulnerable to numerous risks, such as information leakage, privacy infringement and data corruption. Through this research, the authors tried to establish an in-depth understanding of the importance of anonymous communication in social networking which is mostly used by ordinary and non-technical people. It demonstrates how the commonly used non-anonymous communication scheme in social networking can turn the Internet into a very dangerous platform because of its built-in nature making its users' identity easily traceable. After providing some introductory information on internet protocol (IP), internal working mechanism of social networking and concept of anonymity on the Internet, Facebook is used as a case study in demonstrating how various network tracing tools and gimmicks could be used to reveal identity of its users and victimize many innocent people. It then demonstrates working mechanism of various tools that can turn the Facebook social networking site into a safe and anonymous platform. The paper concludes by summarizing pros and cons of various anonymous communication techniques and highlighting its importance for social networking platforms.
Figures - uploaded by Nguyen Phong Hoang
Author content
All figure content in this area was uploaded by Nguyen Phong Hoang
Content may be subject to copyright.
06778917 Anonymous communication and its importance in social networki
ng.pdf
Content uploaded by Nguyen Phong Hoang
Author content
All content in this area was uploaded by Nguyen Phong Hoang on Apr 06, 2016
Content may be subject to copyright.
Anonymous communication and its importance in social networki
ng.pdf
Content uploaded by Nguyen Phong Hoang
Author content
All content in this area was uploaded by Nguyen Phong Hoang on Jan 06, 2016
Content may be subject to copyright.
20140186_finalpap
er.pdf
Content uploaded by Nguyen Phong Hoang
Author content
All content in this area was uploaded by Nguyen Phong Hoang on Apr 11, 2015
Content may be subject to copyright.
Anonymous Communication and its Importance in
Social Networking
Nguyen Phong HOANG, Davar PISHVA
Institute of Information & Communications Technology, APU
(Ritsumeikan Asia Pacific University), Japan
Corresponding Author: dpishva@apu.ac.jp, Fax: +81 0977 78 1001, Tel: +81 0977 78 1000
Abstract Digital information has become a social infrastructure
and with the expansion of the Internet, network infrastructure has
become an indispensable part of social life and industrial activity
for mankind. For various reasons, however, today’s networks are
vulnerable to numerous risks, such as information leakage, privacy
infringement and data corruption. Through this research, the
authors tried to establish an in-depth understanding of the
importance of anonymous communication in social networking
which is mostly used by ordinary and non-technical people. It
demonstrates how the commonly used non-anonymous
communication scheme in social networking can turn the Internet
into a very dangerous platform because of its built-in nature
making its users’ identity easily traceable. After providing some
introductory information on internet protocol (IP), internal
working mechanism of social networking and concept of anonymity
on the Internet, Facebook is used as a case study in demonstrating
how various network tracing tools and gimmicks could be used to
reveal identity of its users and victimize many innocent people. It
then demonstrates working mechanism of various tools that can
turn the Facebook social networking site into a safe and
anonymous platform. The paper concludes by summarizing pros
and cons of various anonymous communication techniques and
highlighting its importance for social networking platforms.
Keywords
Security, Privacy, Network Tracing Tools,
Anonymous Communication Tools, Social Networking, Facebook
I. INTRODUCTION
We live in the era of Information and Communication
Technology (ICT) and the Internet has become a dominant
means of communication and an indispensable part of modern
life. Adoptions of cloud computing, mobile applications and
virtualized enterprise architectures have led to an expansion of
applications that are connected to Internet resources [1]. Just to
mention a few examples, we use Internet for various sorts of
communication like VoIP and email, multimedia services like
Online Music and Online Movie, business transaction like e-
Banking and e-Business, administrative work like e-Governance
and e-Administration, networking activities such as Online
Advertising and Social Networking. Furthermore, along with the
development of Internet, e-Commerce has become an efficient
marketing tool for many companies and Social Networking with
Facebook is an emerging market which has recently become the
most visited website in the world.
Nevertheless, it is the fact that privacy is implicated in e-
Commerce because of the risk involved in disclosing personal
information such as email addresses or credit card information,
which is required for most electronic transactions. Specific
privacy concerns in this realm include use of customers’
information by companies for electronic surveillance (e.g.,
‘cookies’), email solicitation (e.g., ‘spam’), or data transfer (e.g.,
when customer database information is sold to third parties or
stolen) resulting in identity or credit card theft [2-3]. As such
approaches could unconsciously victimize both technical and
non-technical users, anonymous communication is becoming
more and more important on Internet environment since it can
protect people’s right to online privacy and reduce the
possibility of getting recognized and thus victimized.
In recent years, because of dramatic increase in the use of
social networking platforms by many non-technical people,
social-engineering technique is also being widely exploited to
victimize users. According to the 2013 Data Breach
Investigations Report [4], cyber threat derived from social-
engineering technique is increasing dramatically as shown in
Figure 1:
Figure 1. Threat action categories in 2011 and 2012 [4]
ISBN 978-89-968650-3-2
34
February 16~19, 2014 ICACT2014
Although its percentage is still low compared to “Malware”
and “Hacking”, threat caused by social-engineering intrusion
has increased by more than 4 times within the past one year.
Considering the rapid development of social networks, it can be
foreseen that social engineering intrusion will continue to
increase in the coming years, thus necessitating appropriate
countermeasures.
The underlying factors behind all these issues are operating
nature of the communication protocol used in the Internet
domain and availability of many free software that can carry out
most of these attacks. The Internet protocol suite which is
commonly known as TCP/IP (Transmission Control Protocol
and Internet Protocol), is used for most Internet applications. IP
serving as its primary component carries out the task of
delivering packets from source host to destination host solely
based on the IP addresses contained in the packet headers. In
order to achieve proper operation of such transaction worldwide,
this requires source and destination to have unique IP address
and included it in the packet headers of their information
packets. Since every IP address is associated with a unique
entity, identity of IP address holders can be traced using their IP
addresses contained in the packet headers. There are numerous
techniques that can achieve such objective and this paper
highlights some of the important and commonly used
approaches.
II. V
ULNERABILITY OF FACEBOOK USERS
This section will briefly discuss some of the techniques that
are employed to victimize Facebook users at random or in a
pinpointed fashion by taking advantage of the nature of Internet
Protocol (IP), built-in functions of Facebook, innocence and
curiosity of Facebook users.
A. Random Facebook Phishing
Phishing is a good example of social engineering intrusion
technique. About a decade ago, when email services such as
Gmail and Yahoo mail were becoming more and more popular,
phishing was used as an efficient mechanism to lure those
innocent Internet users who easily provided their own personal
information to “phishing email” that contained a link to a
fraudulent web page which appeared legitimate, contained
company’s logos, content and a form requesting many private
information such as home address, phone number, ATM card's
PIN, etc.
In recent years, Facebook not only has grown to become one
of the most popular social networking platform for many people
to communicate and share information, but also turned to be a
productive marketing channel for a lot of companies, retailers,
business entities and the Facebook itself. With an approximately
1.15 billion monthly active users as of June 2013 [5], Facebook
has turned out to become a high-potential target for cyber
criminals. Furthermore, with phishing Facebook, a hacker just
needs to tempt the innocent users to fill in only their Facebook
ID and password. The aftermaths of releasing such information
can be more detrimental than the effect of those which were
revealed through phishing email since huge amount of private
information such as user’s address, birthday, job, education
history, hobbies, friends, relationship and a bunch of other
sensitive information could be accessed from the Facebook
account.
Although Facebook filters all URLs which link its users to an
external website and warns them of fraudulent websites, the
approach does not always work. For example, after clicking to
the link: http://anhhot-duthi.ucoz.net/, which is a fraudulent
website created by a Vietnamese hacker, Facebook will warn the
user about the vulnerability of the site through a dialog box
shown in Figure 2. This, however, does not always happen since
hackers keep on creating new fraudulent web pages in order to
penetrate through loopholes of Facebook’s security.
Furthermore, oftentimes, non-technical people may
unconsciously press the “Continue” button instead of the
“Cancel” button.
Now let us see what happens when either Facebook’s security
does not detect the above mentioned fraudulent website or a user
clicks the “Continue” button. As shown in Figure 3, the control
would transfer to a phishing site that has the appearance of
Yahoo Vietnam website, containing Facebook Logo and a login
form which resembles that of the official website. Although a
technical user could easily display HTML view of the page to
determine where the information would be sent, some innocents
Fi
g
ure 3. An exam
p
le of a
p
hishin
g
website “htt
p
://anhhot-duthi.ucoz.net/
Figure 2. Vulnerability warning of Facebook
ISBN 978-89-968650-3-2
35
February 16~19, 2014 ICACT2014
users may just fill up the form and press the submit button. As
indicated in the highlighted section of Figure 3, information
content of the form would simply be sent to http://allforms.
mailjol.net/, a site which provides free Form-to-Mail service. In
other words, filling out the form and pressing “submit” button,
will transfer ID and password of Facebook user directly to the
email address of the attacker.
B. Targeted Facebook Phishing
After obtaining the first victim’s Facebook account, the
attacker can easily exploit more users in a targeted manner by
taking advantage of Facebook’s internal working mechanism
and the victim’s personal information.
1) Using “Important Friends” Feature of Facebook
Facebook has a built-in feature called “important friends” the
function of which is to internally keep track of people with
whom a Facebook user communicates frequently and shares
some commonality (e.g., same high school, hometown, fan page,
etc.). Whenever important friends write a post, or give a
comment; it appears on their respective homepages as news feed.
Using data mining techniques and associating Facebook users
with “nodes” and time required for spread of information among
them as distance, one can easily compute for the shortest path in
Facebook social network in order to transfer information from a
given source to a desired destination in the shortest period of
time or trace source of the information at a given destination [6].
There are many data mining tools which can extract such
information through a Facebook account, and for demonstration
purpose the authors have used TouchGraph to show a visual
image of a Facebook account’s important friends. As shown in
Figure 4, even an ordinary user can visually display important
friends of a Facebook account by checking “Significant Friends”
feature of the TouchGraph software. This implies that after
victimizing a Facebook account through random Facebook
phishing, the attacker can employ such technique to carry out
targeted Facebook phishing attacks towards the important
friends of the victim. Since in targeted phishing Facebook, the
phishing link is being sent from Facebook account of an
important friend, i.e., trustable and authentic source, it may
easily persuade the recipient friend to click the link and supply
the requested information. The chain reaction of such approach
will enable the attacker to easily victimize many Facebook users
in a short period of time.
2) Using “Initial Chat Friends List” of Facebook
By examining HTML source code of a victim’s Facebook,
which can easily be done by most web browsers, an attacker can
easily access “InitialChatFriendsList” of the account as shown
in Figure 5. The list contains Facebook ID of friends with whom
the account holder interacts, arranged in descending order of the
interaction frequency rate. Using the ID information, targeted
Facebook phishing can again be carried out by incorporating ID
of high-interactive friends from this list into http://www.
facebook.com/[ID] to contact vulnerable friends of the victim.
This is another example of successful Facebook phishing as it
appears to come from trustable source and has chain reaction
effects.
3) Employing IP Address Extraction Techniques
Personal information can also be extracted from IP address of
a destination host as explained earlier. This section shows how
an IP addressed can be extracted from its data request packet
headers and type of personal information recoverable from the
IP address. As a demonstration, we will use Facebook Mobile
Application to easily generate a post that has more buttons than
usual on Facebook to tempt other Facebook users click on it and
lead them to a phishing page, a malware-embedded link or an
IP-spy link. The trick here is to stimulate curiosity of other
Figure 4. Mining of Facebook data with TouchGraph
Figure 5. Viewing Facebook’s HTML source code
ISBN 978-89-968650-3-2
36
February 16~19, 2014 ICACT2014
Facebook users so that they feel inquisitive and click on the
buttons. The idea is shown in Figure 6 wherein a hot content
encourage viewers to click the encircled “See more” or “Hate”
buttons and consequently direct them to malicious side as shown
in red on its source code.
There are many freely available IP logger software which
take advantage of the operating nature of Internet Protocol (IP)
to extract IP address from the packet headers and show the
associated private information. Figure 7 shows some examples
of such IP logger software and their associated URLs. Even an
ordinary hacker can easily created an IP-spy link using any of
the IP-spy software shown in Figure 7 and insert the IP-spy link
in theSee more” or “Hate” links of Figure 6. Most of these IP-
spy software are designed in such a way that make it difficult for
victims to even know that they are being spied and enable
attackers to generate invisible URL which can be encoded to an
image, or redirect the access to another trusted website by the
time a victim click on it.
Figure 8 shows an example of personal information retrieved
by IP-spy software. Using the above information, the attacker
can penetrate into victim’s PC by means of various IP-attack
tools contained in Kali or Backtrack which are Linux based
penetration tools.
III. A
NONYMOUS COMMUNICATION
Considering the above examples, it is clear that Internet users
in general and social network application users in particular are
vulnerable to numerous personal information leakage. Therefore,
the concept of anonymity on Internet, which has been
introduced in recent years to help Internet users protect their
privacy from getting disclosed, is quite important. This section
examines numerous anonymous communication techniques
which are available on Internet, identify their advantages and
disadvantages, and recommend a particular method that is most
suitable for social networking.
A. Anonymous Mode of Internet Browsers
Recently almost all Internet browsers have added a built-in
anonymous mode such as “Incognito” in Google Chrome,
“Private Browsing” in Firefox and “InPrivate Browsing” in
Internet Explorer. In order to determine extent of their reliability,
the authors conducted some simple tests. The investigation
showed that anonymous surfing mode of the above browsers did
not leave any trace when anonymous modes were utilized.
However, by means of an embedded IP-spy URL at the server
side, one could still trace IP information of the user.
Furthermore, even though anonymous browsing mode cleans
cookies, the cleaning is done after the browser is closed. In other
words, while surfing in anonymous mode, tools like Wireshark
can capture the cookies and use them for real time attacks.
B. Anonymity via Proxy
Proxy is a step forward to prevent the Server side from
logging IP address and other relevant information of Internet
user. As shown in Figure 9, when Proxy is used the only thing
that server can see is just the IP address of Proxy Server and not
that of the real IP address of client. Hence, Proxy has become a
popular method, particularly to access websites that have put
some geographic or governmental access restrictions on certain
clients or countries. However, even with the use of Proxy Server,
Figure 6. Code to generate a phishing post on Facebook
Figure 8. Victim’s information spied by IP-spy tool
Figure 7. Freely available IP logger software
ISBN 978-89-968650-3-2
37
February 16~19, 2014 ICACT2014
the data has still to pass through user’s Internet Service Provider
(ISP) first as indicated in Figure 9. This means that though with
the use of Proxy Server, a client can hide their IP address from
the final destination, the address is still available to the ISP. In
other words, the ISP itself or an attacker along the route to ISP
can capture packets sent out from a particular IP address by
means of traffic analysis methods to discover private
information.
C. Anonymity via Virtual Private Network (VPN)
In order to solve the key problem of Proxy, VPN is
introduced with a higher level of security. As shown in Figure
10, VPN encrypts all of the packets sent out from client’s PC
and send it to VPN server through a tunnel called “Secure VPN
Tunnel” which is established between the client’s PC and the
VPN server by the VPN software installed in client’s PC. The
strength of VPN lie in the fact that once the environment is
established, all packets that are sent out from the client’s PC are
encrypted, regardless of the type of application they use. This
way, even if ISP or hackers retrieve transferred packets, they
will have difficulty of decrypting them in order to extract private
information. The only way to decrypt those packets is to obtain
the secret key from the VPN server. Nevertheless, if a VPN
server gets hacked, controlled by an organization that makes
business out of users’ private information or make them
available to government entity upon request, privacy can be
leaked.
D. Anonymity via The Onion Router (TOR)
Finally, we will discuss The Onion Router (TOR) as an ideal
anonymous communication method for social networking
environment which employs asymmetric cryptography and use
multiple layers of encryption. In this approach, when
transmitting data from a source to a destination, a random path
consisting of multiple nodes are selected and original data
including its destination are encrypted and re-encrypted using
public key of the selected nodes. This results in an onion ring
wherein each layer is a re-encrypted version an encrypted data
by the public key of the node. In the transmission process, each
node decrypts a layer of encryption to reveal the next layer, a
process similar to an onion-peeling-off process. The final node
decrypts the last layer of encryption and sends the original data
to its destination without revealing or even knowing its sender.
Figure 11 shows a pictorial representation of the working
mechanism of TOR between Alice and her TOR clients [7].
This protocol is more robust than Proxy and VPN because of
its multiple encryption layer and protection of the anonymity of
the sender at the destination from IP logger tools like IP-spy
URL. Although some researcher have pointed out vulnerability
of TOR at the exit node as professional attackers could target
the node, it is not considered a big issue since TOR makes use
of the dynamic IP address to prevent attacker from continuous
monitoring of the exit node. Furthermore, by using tools like
Vidalia, a cross-platform graphical controller for the TOR, TOR
user can easily change the transmission path of data-packets. As
Figure 9. Data flow through proxy server
Figure 10. Data flow through VPN server
Figure 11. The Onion Router working mechanism [7]
ISBN 978-89-968650-3-2
38
February 16~19, 2014 ICACT2014
shown in Figure 12, just by clicking theUse a New Identity
button on Vidalia interface, user can get a new IP address and
setup a new data transmission path. This makes TOR an ideal
technique for anonymous communication since in procedures
like VPN, users cannot change their IP address frequently due to
limited availability of IP address.
Another attractive characteristic of the TOR is its free cost.
While full-featured VPN services are charged annually, TOR is
totally free thus making it more popular in Internet world. The
cost free nature of TOR, however, does not compromise its high
security level. Granting that attackers capture transmitted
packets, they will have difficulty comprehending them since the
packets will be in encrypted form as shown in Figure 13. On the
contrary, as more users join the TOR network, the higher
becomes its anonymity level because of increased routing
options. Furthermore, TOR also provides Internet users an
opportunity to protect their privacy from the client side instead
of waiting for solutions from the ISP or the social network
service provider side.
IV. R
ESULTS AND CONCLUSION:
This paper showed numerous risks that Internet users in
general and social network application users in particular face. It
showed how penetration tools like Wireshark, IP-spy URL and
others can be used to capture private information of innocent
users and victimize them. It proposed anonymous
communication as an effective tool to help Internet users protect
their private information actively and examined numerous
anonymous communication scheme a summary characteristics
of which is shown in Table 1. The table can be used as a
reference by Internet users in selecting a particular anonymity
tool based on the desired level of anonymity and features of the
tools. The authors recommend TOR as the most secured
anonymous communication scheme and foresee its popularity to
further increase in the future. TOR seems to be the king of the
anonymous communication scheme since activity of its users are
really difficult to be traced even by TOR developers themselves
because of its complex internal working mechanism.
Nonetheless, attackers are oftentimes one step ahead, hence it is
necessary to extend TOR development to a higher level of
anonymous communication so as it could cope up with the
evolution of attack technology. Furthermore, educating common
Internet and social network users are also very important since
no amount of anonymity could help when a user starts releasing
private information in response to phishing schemes.
TABLE 1. ANONYMOUS TOOLS COMPARISONS TABLE
Testing tool
Private
Browsing
Function
Proxy VPN TOR
IP spy URL fail pass pass pass
Wire
shark
capture fail fail fail fail
decrypt fail fail pass pass
Trace-back fail fail fail pass
Dynamic IP and
Data Path changing
Do not
support
Do not
support
Limited Support
Cost free flexible flexible free
Anonymous Level
Low High
REFERENCES
[1] Chris Drake, FireHost Detects Surge in SQL Injection for Q3 2013 and
Cross-Site Scripting is Rising. Retrieved 22 October 2013. Available:
http://www.firehost.com/company/newsroom/press-releases/firehost-
detects-surge-in-sql-injection-for-q3-2013-with-cross-site-scripting-also-
rising/
[2] Metzger, Miriam J., Communication Privacy Management in Electronic
Commerce, Journal of Computer-Mediated Communication, volume 12,
Issue 2, January 2007, pages 335–361, ISSN 1083-6101. Available:
http://dx.doi.org/10.1111/j.1083-6101.2007.00328.x
[3] Angelia, D. Pishva, “Online Advertising and its Security and Privacy
Concerns”, The 15
th
International Conference on Advanced
Communication Technology (ICACT 2013), Vol. 1, pp. 372-377 (January
2013).
[4] "Threat Actions", The 2013 Data Breach Investigations Report, Verizon
Enterprise, page 25, Retrieved 2013. Available:
http://www.verizonenterprise.com/DBIR/2013
[5] Facebook Reports Second Quarter 2013 Results. Facebook. Retrieved 24
July 2013.
[6] M.E. J. Newman, “A measure of betweenness centrality based on random
walks, Social Networks, Volume 27, Issue 1, January 2005, Pages 39-54,
ISSN 0378-8733. Available:
http://dx.doi.org/10.1016/j.socnet.2004.11.009
[7] "The solution: a distributed, anonymous network", Tor: Overview. TOR
project. Available:
https://www.torproject.org/about/overview.html.en#thesolution
Figure 12. Getting new IP address and changing data-sending path
Figure 13. Packet capture by Wireshark is encrypted by TOR
ISBN 978-89-968650-3-2
39
February 16~19, 2014 ICACT2014
... Due to the increase of online surveillance as discussed in Chapters 1 and 2, users have become more concerned about their online activities being monitored, leading to the devel-opment of privacy-enhancing technologies. While various tools can be used depending on the desired level of privacy [174], encryption is often an indispensable component of most privacy-enhancing technologies. This has led to increasing amounts of Internet traffic being encrypted [22]. ...
... Numerous WF attacks targeting anonymized or obfuscated communication channels have been proposed [163,237,271,284,297,332,375,376], in which the actual destination IP address is hidden by means of privacy-enhancing network relays [146,174], such as Tor [103] or the Invisible Internet Project (I2P) [171,397]. However, WF attacks on standard encrypted web traffic (i.e., HTTPS), in which no privacy-enhancing network relays are employed, have not been comprehensively investigated, especially at the IP-address level. ...
... Note that our proposal does not aim to anonymize a given user's browsing activities by decoupling the link between users and their DNS queries, which is not the original purpose of DoH/DoT either. For anonymous DNS resolutions, users may use anonymous communication systems to route their DNS traffic [174]. For instance, DNS-over-HTTPS-over-Tor is one of the more complicated methods to secure DNS traffic, which has been already implemented by Cloudflare [316]. ...
Tackling Internet Censorship and Online Surveillance With Empirical Network Measurement
Thesis
  • Dec 2021
With the Internet having become an indispensable means of communication in modern society, censorship and surveillance in cyberspace are getting more prevalent. Malicious actors around the world, ranging from nation states to private organizations, are increasingly making use of technologies to not only control the free flow of information, but also eavesdrop on Internet users' online activities. Internet censorship and online surveillance have led to severe human rights violations, including the freedom of expression, the right to information, and privacy. In this dissertation, we present two related lines of research that seek to tackle the twin problems of Internet censorship and online surveillance via an empirical lens. We show that empirical network measurement, when conducted at scale and in a longitudinal manner, is an essential approach to gain insights into (1) censors' blocking behaviors and (2) key characteristics of anti-censorship and privacy-enhancing technologies. These insights can then be used to not only aid in the development of effective censorship circumvention tools, but also help related stakeholders making informed decisions to maximize the privacy benefits of privacy-enhancing technologies. With a focus on measuring Internet censorship, we first conduct an empirical study of the I2P anonymity network, shedding light on important properties of the network and its censorship resistance. By measuring the state of I2P censorship around the globe, we then expose numerous censorship regimes (e.g., China, Iran, Oman, Qatar, and Kuwait) where I2P are blocked by various techniques. As a result of this work, I2P has adopted DNS over HTTPS, which is one of the domain name encryption protocols introduced recently, to prevent passive snooping and make the bootstrapping process more resistant to DNS-based network filtering and surveillance. Of the censors discovered above, we find that China is the most sophisticated one, having developed an advanced network filtering system, known as the Great Firewall (GFW). Continuing the same line of work, we have developed GFWatch, a large-scale, longitudinal measurement platform capable of testing hundreds of millions of domains daily, enabling continuous monitoring of the DNS filtering behavior of China's GFW. Data collected by GFWatch does not only cast new light on technical observations, but also timely inform the public about changes in the GFW’s blocking policy and assist other detection and circumvention efforts. We then focus on measuring and improving the privacy benefits provided by domain name encryption technologies, such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH). Although the security benefits of these technologies are clear, their positive impact on user privacy is weakened by—the still exposed—IP address information. We assess the privacy benefits of these new technologies by considering the relationship between hostnames and their hosting IP addresses. We show that encryption alone is not enough to protect web users' privacy. Especially when it comes to preventing nosy network observers from tracking users' browsing activities, the IP address information of remote servers being contacted is still visible, which can then be employed to infer the visited websites. Our findings help raise awareness about the remaining effort that must be undertaken by related stakeholders (i.e., website owners and hosting providers) to ensure a meaningful privacy benefit from the universal deployment of domain name encryption technologies. Nevertheless, the benefits provided by DoT/DoH against threats ``under the recursive resolver'' come with the cost of trusting the DoT/DoH operator with the entire web browsing history of users. As a step towards mitigating the privacy concerns stemming from the exposure of all DNS resolutions of a user—effectively the user's entire domain-level browsing history—to an additional third-party entity, we proposed K-resolver, a resolution mechanism in which DNS queries are dispersed across multiple (K) DoH servers, allowing each of them to individually learn only a fraction (1/K) of a user's browsing history. Our experimental results show that our approach incurs negligible overhead while improving user privacy. Last, but not least, given that the visibility into plaintext domain information is lost due to the introduction of domain name encryption protocols, it is important to investigate whether and how network traffic of these protocols is interfered with by different Internet filtering systems. We created DNEye, a measurement system built on top of a network of distributed vantage points, which we used to study the accessibility of DoT/DoH and ESNI, and to investigate whether these protocols are tampered with by network providers (e.g., for censorship). We find evidence of blocking efforts against domain name encryption technologies in several countries, including China, Russia, and Saudi Arabia. On the bright side, we discover that domain name encryption can help with unblocking more than 55% and 95% of censored domains in China and other countries where DNS-based filtering is heavily employed.
View
... Due to the increase of Internet surveillance in recent years [13,31], users have become more concerned about their online activities being monitored, leading to the development of privacy-enhancing technologies. While various mechanisms can be used depending on the desired level of privacy [48], encryption is often an indispensable component of most privacy-enhancing technologies. This has led to increasing amounts of Internet traffic being encrypted [3]. ...
... Numerous WF attacks targeting anonymized or obfuscated communication channels have been proposed [40,58,73,79,85,98,107,108], in which the actual destination IP address is hidden by means of privacy-enhancing network relays [32,48], such as Tor [26] or the Invisible Internet Project (I2P) [43,113]. However, WF attacks on standard encrypted web traffic (i.e., HTTPS), in which no privacy-enhancing network relays are employed, have not been comprehensively investigated, especially at the IP-address level. ...
Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting
Article
Full-text available
  • Oct 2021
Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by—the still exposed—IP address information. However, content delivery networks, DNS-based load balancing, co-hosting of different websites on the same server, and IP address churn, all contribute towards making domain–IP mappings unstable, and prevent straightforward IP-based browsing tracking. In this paper, we show that this instability is not a roadblock (assuming a universal DoT/DoH and ECH deployment), by introducing an IP-based website finger-printing technique that allows a network-level observer to identify at scale the website a user visits. Our technique exploits the complex structure of most websites, which load resources from several domains besides their primary one. Using the generated fingerprints of more than 200K websites studied, we could successfully identify 84% of them when observing solely destination IP addresses. The accuracy rate increases to 92% for popular websites, and 95% for popular and sensitive web-sites. We also evaluated the robustness of the generated fingerprints over time, and demonstrate that they are still effective at successfully identifying about 70% of the tested websites after two months. We conclude by discussing strategies for website owners and hosting providers towards hindering IP-based website fingerprinting and maximizing the privacy benefits offered by DoT/DoH and ECH.
View
... Even if one hides his/her name and personal details, the way of communication, writing style, and patterns of communication, transaction, and activity can still reveal your identity or nevertheless compromise your anonymity (Eklund et al, 2021). Maintaining true anonymity in the digital realm necessitates not only covering personal information but also adopting consistent and deliberate communication and sharing strategies, employing encryption measures, and adhering to stringent online privacy 3 practices to mitigate the potential risks of exposure and safeguard the fundamental principles of online anonymity (Hoang & Pishva, 2014). ...
Exploring Anonymity in Digital Investigative-based Activities
Experiment Findings
Full-text available
  • Sep 2023
Universally, the concept of ethics has been known as the concerns and iterations of what is “right or wrong” in our just and applicable lives, and over the course of time, ethics itself is one of the philosophical concepts that has majorly developed into a constant principle that still upholds the distinct perceptions and impressions that are shared amongst common ordinary people (Krishnamurthy, 2011; Hume, 1739). The emergence and development of technology are immense evidence of how far the human race and society have proven their capacity to harness the power of innovation and progress toward a more interconnected, globalized, and advanced world. Clearly, with every new entity and discovery coming into existence, ethics would always play a role in comprising its very virtue, and the current yet prospective advancement & variation of technology is no exception. The variety in technological development and functionality has provided users with a broader range of applications to pursue their desires and opportunities, and the interconnected nature of communication and links has expanded the standards of communication amongst its users, and discursively nevertheless, pertaining to the approach of identity preservation and the hunt for another’s identity for various reasons and desires, which barely embodies no consideration of potential moral account or consequences for such deeds and acts of scrutiny.
View
... Social media anonymity may also enhance individuals' psychological well-being by increasing their sense of control over privacy and personal boundary (Christopherson, 2007;Pedersen, 1997). On the dark side, however, social media anonymity reduces the cost of immoral behavior and thus makes it difficult to curb cyberaggression (Eastwick & Gardner, 2009;Hoang & Pishva, 2014). ...
Are we braver in cyberspace? Social media anonymity enhances moral courage
Article
  • Jul 2023
  • COMPUT HUM BEHAV
The literature has established accumulated evidence on the negative consequences of social media anonymity on behaviors online (e.g., cyber-aggression). Yet the potential benefits of social media anonymity have been largely overlooked, especially when it comes to prosociality. In four studies, we examined the facilitating effect of perceived social media anonymity on online moral courage. We first tested and confirmed the relation of perceived social media anonymity to online moral courage in a correlational study (Study 1) and an experimental study (Study 2). We then tested and revealed the mediating role of perceived risk and the moderating role of moral meaningfulness in the relation between perceived anonymity and moral courage (Study 3). We further used social media behavioral data to examine the association between social media anonymity and moral courage in an ecologically valid context (Study 4). Our findings enrich the research of moral psychology and social media studies by providing the first experimental evidence for the prosocial effect of social media anonymity. They further have important implications for website interface design, social activism, as well as intervention programs to promote constructive civil engagement online.
View
... As representações positivas dos novos média ainda incidem sobre a forma como podem ser utilizados para proteger o direito das pessoas à comunicação privada e ao acesso à informação (Floridi, 2014;Hoang & Pishva, 2014;Jardine, 2018;McLeod, 2011;Sharon & John, 2018;Wu & Atkin, 2018). No entanto, novas e crescentes formas de crime e violência através dos novos média ilustram em que medida o desenvolvimento tecnológico acrescenta sofisticação ao cibercrime, promovendo visões e representações mais céticas da internet (Larsson et al., 2012;Martin, 2014;Morselli et al., 2017;van Hardeveld et al., 2017). ...
Crime, Justice and Media: Debating (Mis)representations and Renewed Challenges
Article
Full-text available
  • Dec 2022
In this thematic issue of Comunicação e Sociedade, we invited social sciences re-searchers to reflect upon the various forms of interconnection and disconnection be-tween crime, justice and media. We propose to understand how the media play an essential heuristic instrument for understanding crime and justice, as it both (re)presents and impacts our understanding of criminal events and can be a platform for violent and criminal activity.This introductory article provides a reflection on the pressing issues around the links between media, crime and justice. It starts with a debate around media representations of crime and justice, moves to discuss the impact of media on the public perception of crime and justice, and then underlines how new media can be used to fuel crime and violence. Finally, the structure of this thematic issue is provided, briefly describing and contextualising the 10 articles that comprise it.
View
... However, one's privacy can be protected online by masking individuals' identities, making them anonymous, using different tools like proxy servers (hiding the user's IP address behind the address of the proxy), virtual private networks (VPN, creating a secure tunnel between the server and the user's PC), as well as The Onion Router (TOR, enveloping communication between a server and the user's PC in several layers of encryption), which offers the highest level of protection (Hoang, Pishva, 2014). Additionally, privacy can be achieved through end-to-end encryption (Winkel, 2003), as used by WhatsApp and other messaging services. ...
Privacy and Transparency in the 4th Space: Implications for Conspiracy Theories
Article
Full-text available
  • May 2022
This article investigates the role of privacy and transparency in the 4th Space and outlines their implications for the development and dissemination of conspiracy theories. We argue that privacy can be exploited by individuals and organizations to spread conspiracy theories online, while organizational transparency, intended to increase accountability and ultimately trust, can have the adverse effect and nurture conspiracy beliefs. Through the lens of the 4th Space concept, we offer suggestions on how to approach those challenges which emerge as a result of the complex entan-glements of both actual and virtual world across time.
View
View
An onion with layers of hope and fear: A cross‐case analysis of the media representation of Tor Network reflecting theoretical perspectives of new technologies
Article
  • Jan 2023
The Onion Router (Tor) is a sophisticated web browser accompanied by an encrypted network that enables online anonymity, protecting people's privacy. Adopted by many as a counter‐surveillance mitigation around the world, legitimate users of Tor include the military, journalists, whistle‐blowers, and citizens from authoritarian regimes. This article shows that the data protection offered by Tor is consistently associated to criminal and anti‐social uses by the media. This research looks at the British press representation of Tor conducting a thematic analysis of articles published by six newspapers between 2008 and 2017. This analysis connects the press coverage to three theoretical approaches: moral panics, technological ambivalence, and liberation technology. This research demonstrates through three case studies that the media reproduces theoretical discussions about new technologies on Tor's portrayal, presenting cases with only positive, only negatives and both positive and negative uses. However, examples of optimistic views of Tor are rare, and the press coverage focuses mainly on the criminal uses, especially crypto markets and child pornography. Overall, the British press ignores a culture of surveillance and spreads a discourse of fear through a recurrent connection of Tor to horrifying uses, undermining any potential positive outcomes.
View
Advanced Digital Forensics and Anti-Digital Forensics for IoT Systems: Techniques, Limitations and Recommendations
Article
  • May 2022
Recently, the number of cyber attacks against IoT domains has increased tremendously. This resulted into both human and financial losses at all IoT levels especially individual and organization levels. Recently, cyber-criminals have kept on leveraging new skills and capabilities by conducting anti-forensics activities and employing techniques and tools to cover their tracks to evade any possible detection of the attack’s events, which has targeted either the IoT system or/and its component(s). Consequently, IoT cyber-attacks are becoming more efficient and more sophisticated with higher risks and threat levels based on their more frequent likelihood to occur and their impact. However, traditional security and forensics solutions are no longer enough to prevent nor investigate such cyber attacks, especially in terms of acquiring evidence for attack investigation. Hence, the need for well-defined, sophisticated, and advanced forensics investigation techniques is highly required to prevent anti-forensics techniques and track down cyber criminals. This paper reviews the different forensics and anti-forensics methods that can be applied in the IoT domain including tools, techniques, types, and challenges, while also discussing the rise of the anti-anti-forensics as a new forensics protection mechanism against anti-forensics activities. This would help forensics investigators to better understand the different anti-forensics tools, methods and techniques that cyber criminals employ while launching their attacks. Moreover, the limitations of the current forensics techniques are discussed, especially in terms of issues and challenges. Finally, this paper presents a holistic view from a literature point of view over the forensics domain in general and for IoT in particular.
View
View
Online advertising and its security and privacy concerns
Conference Paper
  • Jan 2013
Commercial advertising has greatly benefitted from Internet services and online advertising can even be considered as the foundation of web economy. However, despite the availability of many books on how to create, use and make profit from online advertisement; there is little in-depth study on its true nature, security and privacy concerns. Through this research, the authors were able to establish an in-depth understanding of online advertising by collecting and analyzing numerous data on online advertising, with the hope that it could serve as a basis for further study on the field. The authors have also examined the security and privacy concerns of online advertising and the various gimmicks used to victimize innocent people. On the positive side, the paper explains the attractiveness of free online advertising services and the mechanism though which website owners profit from hosting online advertisements despite the fact that neither advertisers nor users pay for the services. On the negative side, the paper shows how online advertising hosts could be victimized by some shroud users for their money making purposes by continuous clicking of online advertisements without any intention of purchase. It also cites cases in which some website owners have marketed users' private information behind the scene. The paper concludes by highlighting pros and cons of online advertising, i.e., despite its numerous advantages, such as efficiency and range, it presents many dangers to advertisers, providers, website owners, and users.
View
A Measure of Betweenness Centrality based on Random Walks
Article
  • Oct 2003
  • SOC NETWORKS
Betweenness is a measure of the centrality of a node in a network, and is normally calculated as the fraction of shortest paths between node pairs that pass through the node of interest. Betweenness is, in some sense, a measure of the influence a node has over the spread of information through the network. By counting only shortest paths, however, the conventional definition implicitly assumes that information spreads only along those shortest paths. Here, we propose a betweenness measure that relaxes this assumption, including contributions from essentially all paths between nodes, not just the shortest, although it still gives more weight to short paths. The measure is based on random walks, counting how often a node is traversed by a random walk between two other nodes. We show how our measure can be calculated using matrix methods, and give some examples of its application to particular networks.
View
Communication Privacy Management in Electronic Commerce
Article
  • Jan 2007
  • J COMPUT-MEDIAT COMM
This study applies Petronio’s Communication Privacy Management theory (CPM) to understand the tension between information disclosure and privacy within e-commerce relationships. It proposes that consumers manage their privacy concerns through decisions to reveal or conceal information about themselves in interactions with online retailers. The study investigates the degree to which privacy management strategies identified by CPM theory to regulate privacy and disclosure within interpersonal relationships, including withholding and falsifying information, as well as seeking information seeking from a relational partner, operate in the computer-mediated context of e-commerce relational transactions. Findings suggest that online consumers do erect boundaries around personal information and form rules to decide when to reveal information that are consistent with CPM theory. Overall, this study provides knowledge about privacy in online commercial transactions, serves as a basis for more directed theory construction in this arena, and has important practical and policy implications.
View
FireHost Detects Surge in SQL Injection for Q3 2013 and Cross-Site Scripting is Rising Retrieved 22 Available: http://www.firehost.com/company/newsroom/press-releases/firehostdetects-surge-in-sql-injection-for-q3-2013-with-cross-site-scripting-alsorising
  • Oct 2013
  • Chris Drake
Chris Drake, FireHost Detects Surge in SQL Injection for Q3 2013 and Cross-Site Scripting is Rising. Retrieved 22 October 2013. Available: http://www.firehost.com/company/newsroom/press-releases/firehostdetects-surge-in-sql-injection-for-q3-2013-with-cross-site-scripting-alsorising/ [2]
A measure of betweenness centrality based on random walks Pages 39-54, ISSN 0378-8733 AvailableThe solution: a distributed, anonymous network Available: https
  • Jan 2005
  • M E J Newman
M.E. J. Newman, "A measure of betweenness centrality based on random walks", Social Networks, Volume 27, Issue 1, January 2005, Pages 39-54, ISSN 0378-8733. Available: http://dx.doi.org/10.1016/j.socnet.2004.11.009 [7] "The solution: a distributed, anonymous network", Tor: Overview. TOR project. Available: https://www.torproject.org/about/overview.html.en#thesolution