How email users can hide their online tracks
(MoneyWatch) Former CIA Director David Petraeus has had a bad few weeks, resigning from his post after landing in the news over an extramarital affair. Obviously, the root cause of the scandal was the affair itself. But from a technology perspective, the trigger was a simple case of poor operational security that allowed the FBI to uncover emails that exposed the whole affair.
And let's be clear -- despite what you might have read, Petraeus and Broadwell made a respectable effort to ensure their privacy. They used a Webmail account, which has some elements of anonymity, and they didn't even send the messages, which would have been more easily traced. Instead, they wrote to each other in the "drafts" folder of a shared account.
- Essential PC security tips (send to your parents)
- Why secret questions are your No. 1 security flaw
- What NASA's stolen laptops mean for your security
It was Broadwell's so-called Internet Protocol address that did her in. She was using multiple email accounts from the same PC, and hence from the same IP address. The IP address was the common link between parts of Broadwell's online identity that exposed her.
The scandal offers some lessons on how we can improve our own online security. (Of course, I'm not suggesting that anyone take steps to hide an extramarital affair. But there are other reasons you might want to ensure some privacy.)
Since the weak security link here was the IP address, it stands to reason that you might want to hide mask, or disguise that information. How? You can use Virtual Private Network (VPN) software to hide your connection to the Internet. A program like Anonymizer, for example, costs about $80 (after a 2-week free trial) and is easy to set up and maintain. In practice, it's more or less invisible. You just connect to the Internet the way you usually do.
On the down side, even a VPN like Anonymizer isn't perfect. It'll definitely provide anonymity from virtually every assault against your privacy, bar one: The government. If you are doing something that gets the attention of the feds, you're not safe with a VPN client because your IP address is still resident in the system, and Anonymizer will give it up in face of a government subpoena.
So yes, there are steps you can take to protect your privacy that go well beyond what Petraeus and Broadwell attempted, and it isn't even particularly difficult. But it'll only offer you so much cover. Not even a VPN would likely have protected Petraeus from the FBI for long.
Photo courtesy of Flickr user CarbonNYC