WIRED: THE INTERNET, it has to be said, has done wonders for the death threat industry. I haven't received that many myself (I think the last one was when I wrote a piece comparing Linux and Windows 7), but I know plenty of people who write online, and receive them a great deal.
Are these threats serious? I don’t think anyone is actually going to put a contract out on me for what I write about computer operating systems. Others can’t be so sure. The women who write about sexual harassment and assault, and receive personal, vicious emails, may well not feel safe, and may be right to think so.
Exiled journalists and activists to whom I speak, struggling to make a living and avoiding the agents of their home country’s government in their adopted home, have a genuine reason to be concerned when some stranger posts knowing comments on their blog.
What makes it all the more disturbing is the apparent anonymity of visitors on the web. Comments on blogs, or YouTube videos, or even emails can arrive without a hint of who wrote them. The person could be on the other side of the planet, or just down the road.
The lack of knowledge adds to their disturbing nature. Online harassment may be encouraged by the apparent lack of recourse by its victims. Its force is magnified by the mystery of its origins. It makes us feel helpless, and alone.
And yet, the internet isn’t really anonymous. In fact, as time has passed, what anonymity there was online has slowly ebbed away.
When I talk to bloggers who’ve received threats, I can often use their blogging software to determined the internet protocol (IP) address of their commenter. That won’t tell me who he or she is, but it can often hint as to where they are.
Sites such as MaxMind collect information on IP addresses, and can correlate what they know about their owners (usually ISPs) to produce a city or region for a given IP address.
Emails often carry the same buried information. I use a free tool called MXtoolbox email header analyser to uncover the IP addresses of sent mail – it's at mxtoolbox.com/emailheaders.aspx if you ever need to use it.
That’s pretty much where the easy deductions end about strangers online, for the average user at least. But for corporations, the amount of information they know is growing all the time.
Google knows my IP address – it also knows when I’m logged in, my address and my credit card details. Facebook not only knows all about what I do on its website, but also collects an IP address for every one of those like buttons you see on external websites.
A visitor posting a nasty comment would reveal their identity to Facebook every time their browser showed that like button next to their outburst.
Finally, even though an IP address doesn’t reveal an identity, the ISP that owns that IP address almost certainly knows who is behind it. That wasn’t so true in the early days of the internet, when ISPs didn’t really have the resources or the need to monitor every user and their configurations.
But now our ISPs are more likely to be phone companies or mobile providers, both of which have the technology and (because of billing-by-the-megabyte) the motive to track our online behaviour.
Don’t get me wrong. I’ve spent much of the last decade fighting to protect anonymity and pseudonymity online.
The threatened journalists would be far more threatened if others could track their every move; women fleeing physical abuse need the protective distance of anonymity in the online world as much as we can provide it in the real world.
But what does concern me is the strange asymmetry in who knows what about who.
Most of the threatened people I speak to had no idea they could find out anything about their harasser. Their relief is modified somewhat by what the person perpetrating the harassment could find about them – perhaps the area they lived in a city.
And the idea of what privacy we have could be smashed just by a regulatory change, or an unethical act by a big internet company is deeply disturbing. What if the police could see every website you visited? What if your neighbour could? Or your rival at work? All of those visits can be cross referenced somewhere.
It’s really just a mild sense of impropriety, patched together with some largely unenforced privacy laws, that prevent all of the dots being joined.
Threats online are disturbing, partly because of their unreality. I admit that when I get flamed or threatened, I obsess about the cruel words because I don’t know much about their source. Who are they, to be so upset with me? Are they a monster, or somebody I should be ashamed to have hurt? Are they nearby and dangerous, or far away and harmless?
All of those questions could be answered if the governments got together and combined all that data collected on all of us. There is a cost though: the cost would be that my attacker could find out about me. And my one defence – the light obscurity of my own location, and my own privacy – would be stripped away from me, too.