Can you really be anonymous when investigating online?

Can you really be anonymous when investigating online?
2018-11-28 Paliscope

Can you really be anonymous when investigating online?

By Christian Berg, Founder & CEO at Paliscope

When you are online you are continuously being profiled. Questions about cookies and collecting data pop up everywhere, and it is well known that you cannot browse the Internet without leaving a trail. But unless you are doing some really shady stuff on the Internet, why would you want to avoid detection?

When it comes to Criminal investigators, they need to be able to gather evidence without being detected. In real life, a perpetrator would get rid of all potential evidence if they realized that they were being followed. The same goes for the internet. If a perpetrator finds that they are being tracked, they will most definitely erase all data that contains evidence, or take down the entire site.

Investigators should therefore always assume that those who create sites containing criminal content, will use different types of software to detect if they are being investigated; and with the speed of AI (Artificial Intelligence) the analysis is getting more advanced and quicker all the time.

One common way to understand who is viewing a site is to use ‘browser profiling’, a tool primarily used by the marketing industry to understand people’s habits. Browser profiling can tell what sites a person has visited, how long they have actively viewed one page, and also show information such as what type of computer the person is using.

AI can also be used to identify behavioral patterns and differentiate between a regular visitor and an investigator. It understands different behavior, and uses the data collected to further analyze those who visit the site. If the site requires a login, the technology can learn even more. The consequence of this is that it can be easy to spot someone who doesn’t behave typically, which can lead to that person being outed, potentially banned, seeing a 404 page, or a page with different content.

One way to mask an identity when investigating a site is to use a TOR browser that hides and protects all the profile information. However, on an open site this technology is rarely used, which means that using this browser would give the opposite effect, indicating that the site is being explored by someone who doesn’t want to be detected. When investigating online crime on open sites the only effective way is to use different computers and browsers, or try to imitate the behavior of a “normal” visitor; looking at how to browse the site in the “right” way, what time to visit, what tools to use, etc.

I do however believe that it will be possible in the near future to use technology that can scramble the browser profile information to make a site owner think that an investigator is someone else. This is something we are looking closer at (even if the solutions won’t be completely bullet-proof).

Staying anonymous online is tricky. Different type of sites requires different kinds of strategies and solutions. My main bit of advice is to set up a plan before starting to collect evidence online, because what you ultimately want to achieve is looking like a regular visitor, not as an investigator.



/ Christian Berg, Founder & CEO at Paliscope