Some Thoughts on Anonymity, Hacktivism and the Internet

So as part of my PhD research, I recently came across a very interesting academic article on philosophical perspectives on the Internet and its potential to democratize and distort dominant mechanisms of social control (http://www.ladeleuziana.org/wp-content/uploads/2019/02/Melville.pdf).

In essence, for those who, for some inexplicable reason, did not get an M.A. on Applied Philosophy or are not experts in Deleuzean thought, the article attempts to contest the popular view of the Internet as a rhizome (a potential decentralized network of communications and knowledge exchange independent from traditional hierarchical and highly controlled mechanisms of information acquiring). Simplifying, this is the way in which Wikipedia, Wikileaks, the Pirate Party or most Western hacker collectives see the web – and the way they are fighting to maintain it: a free, open source and easily accessible space capable of democratizing society by, among other things, preventing citizens to be blatantly lied by government, multinationals, lobbies, etc.

Although, as also defended in the article, this perspective seems to be misleading (if you are interested, I could also prepare another post dealing with this issue), what I find interesting is the way in which the author conceptualizes resistance towards state and corporate attempts to control and make profit out of our use of the Internet. The text (in my opinion, rightly) charges against the apparently practical effects of DDoS attacks as a hacktivist strategy and proposes a way of resistance against data commercializing and intelligence gathering mechanisms based on adopting as much anonymity as possible. The aim, as the author points out at the end of the text, is:

“to open up the internet, on the side of use, not onto a well-maintained, profitable matrix of points with reasonably well-defined, cohesive identities (regardless of how rhizomatically these may be connected), but onto a chaotic digital space of forces and intensities in which digital identity cannot thrive, and to which digital capitalism cannot consistently cater.” (pg. 160)

Of course, total anonymity is impossible in technical terms but, as a recent post in 0x00sec coherently states, “your goal is to be anonymous enough to make the amount of resources required to find you too high a price to pay for your adversaries” (Hacking Anonymously - Anonymity - 0x00sec - The Home of the Hacker). Thus, through the regular use of proxy chains, TOR, invisible-transparent proxies and any other anonymizing mechanism (and, yes, also an anonymous behavior), we would already be avoiding the most effective results of contemporary online surveillance. Essentially, it would be economically inviable for companies or states to monitor who in the world likes pistachio ice-cream if they would have to trace back all the tor nodes or proxies through which all users’ information has gone through.

Ok, so collective anonymity can become an emancipatory strategy of dissent if performed properly, but, as an act of activism, seems incredibly passive (one is just avoiding been identified but this does not encourage agencies and corporations to stop attempting to do it). So what if, in this sea of (non)anonymity, one would introduce another variant: the always unpopular but definitely not illegal botnets. I do not mean using bots the way some lobbies and groups use them (for instance, creating and spreading fake news so they manipulate election outcomes), but to employ them in random or unreal ways so they have a deep impact in statistics, big data, etc. If properly used, this would diminish the validity of any data or intelligence (and, as a result, of any user-targeted commercial or political campaign based on that data).

As an example of how chaotic this may turn out, think in HTB’s OSINT challenges. A recent comment in “We Have a Leak”’s discussion asserts that the mail domain associated to the fake company in the challenge has been registered. This is not only going to confuse (even more) new users wanting to get flags in “Breach” and “We Have a Leak”, but will also create some issues when trying to extract data from the real company, its clients and employees.

As cybersecurity connoisseurs (if not experts), I wonder what the thoughts of the HTB community are on the matter of hacktivism and the different modes in which we can articulate it (IN LEGAL WAYS!!! I DIDN’T WRITE THIS TO ENCOURAGE ANYONE TO COMMIT ANY LEGALLY PUNISHABLE ACTIVITY). Also, what other LEGAL hacktivist strategies do you think would enrich the anonymity approach?

would it be legal to use a botnet though? unless you propose some sort of volunteer botnet people could join, but what if somebody gets control of that for nefarious purposes? Also who decides how the botnet should behave? To have an impact on statistics being gathered for any particular purpose, seems to me you would need to target the activities of the botnet towards that activity.

I’m sure a mathematical model could be programmed to see how effective the botnet would be, setting percentages of the total net traffic for the botnet output and traffic pertaining to any particular subject or subjects as input parameters to vary. It would not need to be very sophisticated to show whether such a scheme would be viable and if it would, what size would it have to be and how limited would it be in what it could realistically target.

After all that, if the botnet is viable and you get enough volunteers, how do you decide what it does? If you start targetting particular sets of statistics to spam, would there be unintended consequences? Who would choose the target areas? Who would oversee the design of that spamming to ensure that the action taken would in fact result in the desired outcome? Who would decide what the desired outcome was? What would be the impact on legitimate uses of “big data” by researchers in various fields?

I’m inclined to think that while such a botnet might be legal, the ethics of it would be a bit shakey. Does the end really justify the means? Would it not be better if people took care to ensure their own privacy and keep themselves informed? We need more truth, not less!

Straight off, I can see an issue where say someone with a vested interest in a particular area of business for example, manages to steer the activities of your volunteer botnet to spam some piece of information. If they were aware of the design and implementation of that spamming, and the amount of it as a percentage of the total traffic related to that information, they would have an advantage over their competition proportional to the effectiveness of the botnet…

1 Like

Very interesting reflection, @6d6a6c. My original idea regarding was for these bots, as you say, to be voluntarily accepted (yes, I should have specified it). Otherwise it would absolutely be illegal (and, apart from that, illegitimate). I thought about it after I posted the first text and,as you rightly imply, the idea may be incredibly problematic if articulated improperly.

On the matter of the fake info provided by these bots, the possibility of corruption seems unavoidable. Yes, some companies or particular individuals could potentially figure out some ways of manipulating the (theoretically enormous) botnet to their benefit, and this is why the involved hacktivists should be vigilant during and after establishing the whole structure of the project and be capable of altering the preferences of the AI in case some problems are reported. Sadly, the botnet’s vulnerability could only be patched after any company, lobby or whoever has made some constant profit out of it.

Of course, this could only work with thousands of eyes observing the code and with transparent communication through the organization (from organizers to base activists to sympathizers to everyone). The ways of democratizing this are many. An interesting one could be for organizers to present any involve individual several botnet structures, everyone involved would vote for a model (and the winner gets all). After that, reported issues should be discussed and, again, the involved activists would agree on a democratic solution which would attempt not to support a specific party. It is not perfect, I know, but it may be a practical solution.

Still, regardless of any big data disruption, the fake data provided by users would falsely benefit some parties (at least for a limited amount of time), and this may have unintended consequences that could make some people earn a lot of money or power. In any case, nonetheless, the objective of the project is to maintain the users’ anonymity and to make companies and government difficult to profile them. These unintended consequences are expected and, therefore, could be solved so no one makes a permanent illegitimate use of the botnet.

I also agree with you, @6d6a6c, in what you say about needing more truth (no less). The problem is that everything we do online tends to be exploited by government and companies in, usually, an attempt to manipulate us, transforming therefore the way we observe reality. Information exchange is not bilateral here: we give our data for free and in exchange, they alter how we see (and how we think) the world. The objective should be to effectively anonymize (either through chaotic, uncoherent info or through invisibility) our online personas in passive and active ways. However, I don’t think the botnet idea is contrary to the premises of overseeing our privacy measures and keeping ourselves informed and vigilant. In fact, the whole botnet thing can only work if the hacktivists and activists follow that ideological basis.

In any case, the idea of the botnet was just a theoretical proposal (I didn’t really thought about the infinite possibilities for corruption that it implied, though). I still wonder about potential ways to counterattack state or corporate surveillance outside (or, actually, in combination with) the common anonymizing methods.

1 Like

Oh my, I thought I was the only madman who study Philosophy these days …well, I see there are too many crazy guys. Thanks God.

  1. Yes, Rizoma’s idea was fashionable in the 80s. (especially among those who never read “The 1000 plateaus”). The rhizome is only an ontological theory, very attractive but only a theory.

  2. The vision on the Internet that is apparently mostly accepted according to the main stream does not have to be true. There is no evidence or even statistics of it, they are still opinions. Sophists

  3. The idea of ​​anonymity as a political force is basic for Foucault, very fashionable in the European left-wing, but it doesn’t have to be true either. There is no proof of that. Anyway if you are interested in the idea of anonymity I would go more towards Foucault than Deleuze.

  4. The bot proposal has already been answered.

  5. The origin must not be forgotten. Inernet was born as a military tool.

  6. The problem with hacktivism, at the metaphysical level is that… they can prove that this does not work properly but they cannot prove that the revolution works. I like proofs.

  7. In a world of anonymity, who pronounces the logos? Who tells the truth?. Protagoras (Plato).

Cheers

1 Like