Epassports and anonymity – what I think

There seems to be quite a loud response to what I thought was a rather simple idea. In this post, I am going to go over the main points – somewhere when I have more time I’ll share my ideas in detail so people could see exactly what I am proposing.

  1. Common users are NOT anonymous for police and governments. Today the authorities can find any person they are after easily. There is a wrong perception about Internet-anonymity – very few people realize that it does not exist for ordinary users. But the worst part of the story is that the ones who are truly anonymous are professional cyber criminals, because they know what to do to hide their real identities in the Internet. That is why we have millions of malicious programs and successful network attacks every years, and we don’t know who’s behind of them.
  2. When I say “no anonymity” I mean only “no anonymity for security control”. I don’t care about the way people behave on blogs, forums, social networks and pirate torrent portals. You may use nicks or real names as you want (as we do today). The only “no more anonymity” improvement – you MUST present your ID to your Internet provider when you are connecting online. It is only the provider who needs to know your real identity.
  3. Another way to go is dedicated anonymous networks and dedicated business/gov networks – why not? But all LEGAL businesses/services will want to use secure networks, and unsecure networks will be probably limited to casual communication.
  4. When is it going to happen? Never… or in one-two generations. After some really serious IT- incidents, which will have a serious impact on national andor global economies. I am now talking not only about cybercrime, but also about cyberterrorist attacks. We already see the first signs of emerging cyberterrorism – and global anonymity is a really favorable factor for these people. Imagine that everyone flying in your plane is anonymous, so you don’t know who they are and what they’re up to – are you really going to approve of this? And Internet is as critical and as vulnerable as the air transportation network. So why do we have different security standards for these two global networks?
  5. But we are already on the way – some European countries have introduced digital IDs, which they use for secure online banking and in some cases for online voting. National and municipal elections via the Internet are not a matter of science fiction – they are already here, and ID authentication is a vital part of such election systems.

    Another prototype of e-passports is the two-factor authentication we now use to access corporate networks. The only thing that is missing today is a common standard.

Anyway, I am happy to see that my ideas have raised so much discussion; I think that open public discourse and idea-sharing is the only way to make Internet a safer and a better place.

Epassports and anonymity – what I think

Your email address will not be published. Required fields are marked *



LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox