What is Misattribution – Part 2: Technical Misattribution

Ntrepid headquarters, managed attribution solutions for government

Share this post

What is Misattribution – Part 2: Technical Misattribution

Every time we update our profile pictures, send tweets, post Instagram stories, or comment on our favorite blogs, we’re giving away personal information. This is intentional—we want people to see our vacations or read our thoughts on a recent TV show premiere. But a trove of identifying information is available without so much as a click of the “share” button. In part one of this four-part series, I discussed misattribution in general. Now, I will take a look at technical misattribution specifically.

Listen to the Ntrepid Cast podcast on this topic.

What Is Technical Misattribution?

Technical misattribution is the process of masking the identifying information that computers and networks reveal. There are many different pieces of identifying information that can be learned from one’s computer and network. Accordingly, each piece of information needs to be chosen intentionally to support the identity of an operator’s alias. Perhaps the most obvious identifier is browser cookies: small bits of data that websites place on computers to recognize users each time they return.

A user’s visible IP address also provides significant information about who and where they are. IP addresses are globally unique identifiers for each connection to the internet. An IP address also reveals the user’s ISP and place within the network. In many cases, it is static and assigned to just one user or organization.

Computers and other devices may also provide location information in other ways. Many mobile devices will provide GPS, cell tower, or WiFi-based location information to applications and websites. In addition, city-level location information is available for many IP addresses from commercial IP location lookup services.

Less well-known are the various elements that comprise a system fingerprint. Every computer provides significant information about itself to allow websites and other services to better serve their users. Individually, elements like operating system, browser type, installed fonts, and plugin versions seem unimportant. Collectively, they can often uniquely identify an individual computer.

Finally, if an opponent can install malware on someone else’s computer, they can access even more identifiers—but at that point, identification may be the least pressing concern.

The Importance of Technical Identifiers

All computers provide identifying information. Hiding this information completely, where possible, is very revealing to an observer. It shows a clear intent to hide, and is only appropriate when the goal is to be overtly anonymous. In most cases, it’s better to mask or replace the identifiers with identity-appropriate false information.

When developing an online alias, operators should remember that visible technical information tells a story about who the alias identity is. By choosing what to show, operators can tell any story they want. Aliases can be easily identified as fake unless all of this information is consistent with that story. If even one element is inconsistent, an observer can discover an operator’s attempt to hide and might uncover their true identity.

In the next part of this series, I will cover non-technical misattribution. Then, in part four, I discuss the challenges that come with trying to remain misattributed in the presence of an alert opponent.

Read the introduction to this series:
Part 1


Read the next parts of this series:
Part 3
Part 4