True privacy online is not viable

You can hide from casual observers, but a motivated person will see through your attempts at anonymization

Privacy-concerned consumers desperately want a magic bullet, some simple thing they can use that will protect their identities and their web activity. And although there are a plethora of offerings today that make such a claim — VPNs, privacy-focused browsers such as Tor, privacy search engines such as DuckDuckGo, quite a few services that claim to anonymize anyone’s activity — the practical realities of human behavior make such privacy claims bogus.

Let me stress that almost all of these services do indeed help a person remain anonymous from the casual, untrained observer (the typical roommate, spouse, co-worker, boss, etc.). But any consumer who thinks that these tools will thwart a law enforcement agent, motivated cyberthief or identity thief, or anyone who is willing to spend the time to track you down is in for unhappiness.

This point was made even more unavoidable in a new paper from researchers at Stanford and Princeton universities.

“Each person has a distinctive social network and, thus, the set of links appearing in one’s feed is unique. Assuming users visit links in their feed with higher probability than a random user, browsing histories contain tell-tale marks of identity. To gauge the real-world effectiveness of this approach, we recruited nearly 400 people to donate their web browsing histories, and we were able to correctly identify more than 70 percent of them,” the report said. “Our theoretical contribution applies to any type of transactional data and is robust to noisy observations, generalizing a wide range of previous de-anonymization attacks. Since our attack attempts to find the correct Twitter profile out of over 300 million candidates, it is, to our knowledge, the largest-scale demonstrated de-anonymization to date.”

In short, the point of this report is that people are creatures of habit. Their face/IP address/phone number/CRM number/etc. may be obscured, but their behavior often can’t be.

A few years ago, there was a law enforcement effort to track suspects by their grocery shopping patterns. Here’s how it worked. Let’s say that you have a suspect who had no reason to hide in her local community. She used payment cards, had a library card and sought discounts at her local grocery store by participating in a loyalty and CRM program. Then she killed some people and decided to go deep into hiding. She cleared out her bank account (so she could live entirely on cash for as long as possible), destroyed her mobile devices, purchased bogus identification documents and drove thousands of miles away. She would try to live off the grid, if you will.

Armed with years of the suspect’s grocery purchase habits, law enforcement identified repeated patterns. What kind of fruit did she buy? Which flavors and brands of cereal? Which precise beverages? Even though the suspect would presumably not get a CRM card in her hideout community, anonymous basket analysis would suffice. Retail chains across the country would be asked to check their sales against the patterns of the suspect. It proved frighteningly accurate at finding someone.

And even if the suspect could avoid purchasing patterns, would she be smart enough to change all of her habits? Her face could still be detected by facial-recognition software working with security cameras. And her car’s license plate could be detected driving on some interstate.

That’s all in the physical world. But the idea is the same for the online world. We habitually visit the same sites, tend to read stories the same amount of time and are prone to click on posts by the same people in our social circle. No IP-hiding VPN is going to change that.

The quip has often been made that privacy doesn’t exist anymore. Although it may not be that bad yet, the truth is that consumers cannot rely on any anonymity product as long as their behavior — their inclinations, their friends, their patterns — itself can be tracked.

When someone asks me, “Can I be tracked if I use XYZ privacy device?” the answer is, “It depends. Who are you worried about tracking you?” Privacy apps and devices are good low-level defenses, making a person difficult enough to track that it will, in effect, block most routine efforts.

Think of these apps/defenses as akin to installing a good high-security deadbolt on every door in your house. Will it block a thief who is being paid to steal documents in your house worth $40 million? Nope. There are windows with glass that can be cut, sledgehammers that can crash though the walls and then there’s always the thief who waits for you to unlock the door and then pulls a gun on you and follows you into the house. But that deadbolt will be enough to deter the low-level thief who is quite content to rob the house next door, the house that has no deadbolt.

I personally surf as often as I can in incognito mode, hiding my IP address with a VPN and surfing with Tor as often as I can. But there are enough sites that won’t work with that setup to make it difficult to use 24/7. (Although I did have fun discovering that when YouTube blocked me from seeing a video due to country copyright issues, all I had to do was change the country on my VPN settings and the video played fine.)

Bottom line: you can hide from advertisers and others well enough with privacy devices, but if someone really wants to track you, well, you can click, but you can’t hide.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Evan Schuman

Computerworld (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?