TECH

Ashley Madison Is The Latest Proof That The Internet Does Not Keep Secrets

"Most people have no idea how vulnerable we are."

 

 

Secrecy is at the core of Ashley Madison's business model. 

The dating site, which caters to people looking to cheat on their spouses, bills itself as “the world’s leading service for discreet encounters." Millions of people created Ashley Madison accounts, believing it to be a risk-free environment. No longer. 

On July 15, a group calling itself the Impact Team hacked into Ashley Madison's site, lifting the personal information of some 32 million users. The hackers on Tuesday posted what appears to be the full data set online. It includes an array of information about individual users, according to Quartz, including their name, address, phone number, birthdate and the last four digits of their credit card. Also included are details from user bios, with descriptors like, "I May Be Spoken 4 But I Speak 4 Myself.”

Chat rooms and websites have long been a way for people to behave in a manner that they'd rather not publicize to their friends, neighbors and spouses. Logging into a website used to seem more anonymous and less detectible than flirting at a local bar; shopping online an embarrassment-free way of purchasing a vibrator or facial hair bleach.

But as hackings, like those of Sony, the IRS and Home Depot, become more commonplace, this notion of online anonymity seems less realistic than ever. The Internet never was a place where people could be anonymous in plain sight, but people probably won't stop treating it that way. 

The Internet was created as a way of connecting people, but even its founders are skeptical about whether these connections can ever be truly private. Vint Cerf, who developed the TCP/IP network protocol, a technology that forms the basic communication language of the Internet, has expressed doubt that anyone can shield their identity on the web.

“If you want a life of anonymity, join the French Foreign Legion,” he told Forbes in 2011, adding that “the Internet is brittle and fragile and too easy to take down.” 

Robert Kahn, who "invented" the Internet along with Cerf, told The Huffington Post that the web is no different than society as a whole. Using cash might make a transaction seem secret, "but cameras are everywhere," he wrote in an email. "There are lots of things one can do to conceal one's identity, but I suspect experts in the field can piece together clues of all kinds." 

There are ways to be more anonymous online. You can use Tor or a Virtual Private Network, or VPN, to surf the web without leaving a trail of your IP address, the technique Ashley Madison's hackers used to upload their data. 

But none of these techniques are foolproof. Even users who are especially savvy at concealing their identity make mistakes. In 2011, Hector Xavier Monsegur, a hacker who went by the name "Sabu" and co-founded the hacking group LulzSec, was identified and arrested after he posted comments in a chat service thinking he was using a VPN, software that makes your browsing anonymous. He hadn't connected to the network, and was caught, and became an informant for the FBI. (Monsegur contacted HuffPost to deny that these were the circumstances that led to his turning informant; he said that other FBI informants outed him to the agency.)

That kind of mix-up happens often, according to Rick Holland, a security analyst at advisory firm Forrester Research. “[Experienced Internet users] think they’re working in some kind of encryption and they’re not,” he said. “Even typing things on a computer -- they think they’re in a window within [their system] and really they’re connected to another.”

People who are less savvy than Monsegur are even more at risk on the web, especially when giving personal information to sites like Ashley Madison. "When you sign up for something that’s a social networking outlet, you’re implicitly giving up some control over that information," said Scott Crawford, research director of information security at 451 Research. 

But Ashley Madison allows its users, if not actual anonymity, then the veneer of it. You can post under a pseudonym and log in with a fake email address. (Ashley Madison didn’t require email verification.) 

And even websites tamer than Ashley Madison offer the illusion of anonymity -- which is why people feel comfortable handing over swaths of personal information. It’s why people continue to purchase things on Amazon, even after purchase histories have been hacked and released. 

“Most people have no idea how vulnerable we are,” Holland added. “Whatever the opposite of anonymous is, that’s what we are.”

The dangerous part of our naivety, Holland said, is that people continue to behave as if the web conceals identities. “People do things on 4chan because they’re hiding. People say things on Twitter that they would never say face to face, because the separation they have from the physical world makes them think their identity is secret.”

The millions of users whose data was compromised in the Ashley Madison hack will have to confront their private life in public. But Holland doubts that people will stop treating the web as an anonymous space. In the future, users could create fake personas and have one-time use credit cards to protect themselves from data breaches, but he doubts they will. 

Crawford agrees.

"There’s a certain amount of fatalism these days, that breaches are inevitable," he said. "Will that be the case in this instance? Hard to say.”

 

CORRECTION: An earlier version of this article incorrectly stated that Hector Xavier Monsegur was arrested in 2012. He was arrested in 2011. This post has been updated to include a comment by Monsegur. 

CONVERSATIONS