How anonymous is a web link to cloud.enough.community?


#1

@veronika and I discussed an interesting question that someone asked this week and I figured it is worth sharing.

Question

When using the “send your files anonymously” on an instance of Enough, how is anonymity guaranteed?

Answer

It’s anonymous to the extent that you don’t need to create an account in your name to send the files (the CEO of a retirement home is very unlikely to be able to use this against you). But it’s not anonymous in the sense that it hides your IP address (the state could harvest that information and use this against you).

Question

But … if the ip adress isn’t hidden and remains in the server logs, you’re not only up against the state, no ? couldn’t any good admin retrace that?

Answer

Your IP is not in your name, unless you explicitly asked your provider for what is called a “reverse DNS” and associated it with a hostname that is publicly owned by you. But this is so technical that anyone doing it would know better than to also try to use the same connection for anonymous purposes.

A sysadmin with some technical skills can find where your IP is geolocalized. For instance visit http://www.myresolver.net/ and you will see what such an investigation leads to. If you do that from a home in Berlin home, chances are it will show the IP is in Berlin: it’s not nothing but it’s not much. Now imagine you’re in a remote location in the countryside: your IP will likely be associated with a highly populated area nearby. Because IP addresses are clustered and geolocalized in the datacenter where they are managed. They are not geolocalized at the position of their user. For instance, the coworking space I’m working from today is geolocalized in Paris with 20 million other IP addresses https://ipinfo.io/AS3215 and can be further refined to be located in the suburbs (Neuilly) https://ipinfo.io/AS3215/92.154.0.0/17 which is about 10km from where I actually am. This is not an absolute certainty though and an investigator may get lucky.

However, we’re already way beyond the panel of investigative techniques that the CEO of the retirement home will have at their disposal, don’t you think?