Note that the virtual identity is not the same as proactive identity protection which involves carefully seeding and securing your real name on the web.
A virtual identity creates a widespread presence for you that contains intentional structural miscues to disrupt data profilers and identity thieves.
Why does it matter?
If you understand how profiling works, it is based not only on what you post to one account, like Facebook, but on potentially thousands of connections made about you as you use your computer and engage in internet activity. By linking together your Friend chats on Facebook with the articles you read on the web, the forums you join, email messages you send and the purchases you make, profilers can not only identify you personally, but prepare a complete and complex package of data about the things that motivate you, what kind of person you are, your score as a insurance risk, the chance that you will engage in criminal activity, and all manner of other judgments.
This matters because
- if can affect your life without you ever knowing, such as resulting in not getting a job or promotion or being denied access to services
- it will affect your reputation
- “they” can simply get it wrong, because data never replaces a real person
What exactly is a virtual identity
Creating a virtual identity consists of signing up to multiple web services with an assumed identity. The sites are selected purposely to introduce false variables into any profiling. For example, if you are not a computer geek, signing up to a couple of computer geek sites leaves traces that warp profiles of that identity. If you do not like Cajun food, then subscribing to a Cajun recipe site skews profiling.
The first important step is to create a base email address. Members of the Secure Surfing Organization can start with one of their name@securesurfing.net accounts. The email address should not be one you wish to use regularly. So if you are using yourname@securesurfing.net as a primary address, then use a secondary one virtualname@securesurfing.net for your virtual identity.
There is additional value in using a secure surfing email account in that over time, profilers will learn that data they create on such profiles is unreliable, reducing their willingness to actively use resources to even bother trying to profile you.
If you are doing this on your own, be sure to read How to Join Stuff Online for a detailed explanation on creating your own email account for virtual identity purposes.
The next step is to create a demographic data set of the virtual identity. Decide what gender, age and physical location will be used for the identity.
The physical location piece is important. If you are doing it yourself (Secure Surfing will do it for Members) make sure that you have a matching zip code for the city you choose as many sites test this and will prevent you from registering if they do not match.
Next pick a series of web services with which to register the virtual identity.
When you start registering ensure that you are doing so with your Anonymizer service active. This is necessary because many, if not most, of the aggressive user surveillance systems are now using “location aware” technology to identify physical locations.
The first level of identifying your location is based on your IP address. If that IP address is from Los Angeles and you are registering a location in London, your current IP physical location will be attached to your profile regardless.
The second level of location identification is to ping routers from which your web connection is originating and use cell towers to zero in to your physical building. This is not a scare tactic. Google and many others are now able to literally identify the building and in some — perhaps many — cases the specific office from where web traffic originates.
There are only two ways to avoid this stuff. First, have the registrations actually done on systems not physically located where you are — such as the Secure Surfing Organization doing it from its offices. Two, use Anonymizer so that the web connection is coming from their servers, not the ones used by your internet service provider.
In choosing your virtual identity web services, include the ones you actually intend to use, such as Facebook, and ones that you would never use, such as a site for astronomers (assuming you’re not an astronomer).
Realize that you are not creating a virtual identity because you need something to do for a few days. You want to be able to use the services that you enjoy AND have a higher level of privacy and security. So if you currently regularly us a Facebook account, then you want Facebook to be connected to your virtual identity.
For this to be effective, you should migrate your Facebook (or your MySpace, or cooking club, or whatever) activities to your new virtual identity.
For people who have posted a lot of photos or other content to an existing account, the idea of migrating to a new one seems like a lot of work or otherwise unrealistic. A user with 1,200 “friends” may not want to start from scratch and hope their friends follow them.
If those barriers fit with you, there is still value in having the virtual identity. First, whatever new services you join can be under the virtual identity. You can also change some of the profile information on your existing accounts that have all your content. For example, you should change your email address to an address of your virtual identity and even your postal address, if you have a virtual identity mail address. (The Secure Surfing Organization also makes available to members phone numbers in Great Britain, Texas and Canada for virtual identity registration purposes.)
One of the great things about a virtual identity is that if anyone steals it, you will suffer no harm.
You should also start to introduce skewing variables into any existing Facebook or other account that you plan to keep. For example, on the list of favourite books you might add a book on microbiology and one on knitting. Your favourite music might include Perry Como and Mozart. Use your Facebook email to send a message to monitor@securesurfing.net. Even just adding a link to the Secure Surfing Organization will flag you as someone who is concerned about privacy and security issues.
Allow yourself the sensitive
Virtual identities are especially important when subscribing to sensitive services. If you wish to receive email updates for information about a particular medical condition or a socially unpopular but perfectly legal interest, then you may not want those subscriptions directly tied to your real identity. You may even be denying yourself the right to use such services because of privacy concerns. An appropriately constructed virtual identity should protect your privacy such that only the most serious of lawful attacks would disclose your identity. (Be sure to understand our Privacy Policy.)
Middle Man Protection
Don’t mistake this discussion as related to “man in the middle” attacks.
In effect when you subscribe to Anonymizer you are making use of a middle man for your internet connection. Their anonymous servers sit between you and the web so only their IP address can be identified.
Similarly, the most effective tool in privacy protection is using a middle man for purchases.
This involves having a third party, such as the Secure Surfing Organization, actually purchase a product or service you want and you pay the middle man for acting in your place.
It is not uncommon for businesses and professionals to use numbered companies, lawyers or agents to achieve the same result, secrecy, in all kinds of activities.
For individuals the professional fees involved in such services is prohibitive. But there are alternatives, some of them very valuable from a privacy perspective.
A regular membership with the Secure Surfing Organization includes an annual subscription to the Anonymizer service. Middle man protection in this case can prove very useful since even if Anonymizer itself was forced to hand over records, whether to the U.S. government or the Chinese government, the only records that they would have would not include your identity. The financial records would should that Secure Surfing purchased some number of Anonymizer subscriptions, and the records of Anonymizer would contain the identifying information of the Secure Surfing Organization only.
Your credit card company or PayPal cannot use these purchases to build profiles of you. These purchases cannot be connected to other information about you to compromise your privacy or freedom to make your own decisions.
If you want to buy a book about coping with depression, Amazon does not need that in its records. Middle man protection can be used for any product or service that can be transferred to you without breaking any laws or being redundant. For example it would be redundant for privacy purposes to use a middle man to purchase a car because once the car is turned over to you, you would still have to personally register and insure it. Trying to use a middle man to subscribe to child porn is clearly illegal and the middle man would be required to disclose your identity (we’d turn you over ourselves) and themselves be guilty of an offense, so middle man services are useless. But it would be legal to subscribe to adult pornography and so long as all that is required is a user name and password, these can be easily purchased and transferred to you.
Limits to Middle Man Services
Middle man services are not suited to speedy reaction, so taking advantage of a hot deal is unlikely to work effectively.
Middle man services are not suited to purchases that require a physical delivery without offering an alternate delivery location in the ordering process. So subscriptions to print magazines are not fully effective . You would still be able to mask the name and financial transaction, but the delivery address would be your real address.
Middle man services cannot be used for establishing financial accounts with banks or payment services such as PayPal. Such services require a legal entity (person or business) and if it is not illegal to use pseudonyms and alternate contact information, it is likely to breach the terms of service in an instance where it really matters.
