In my last posting, I stated that “privacy is not anonymity”. I received a few questions about that, so today I want to elaborate on the subject.
Let’s get something out of the way right off the bat – there is not, nor can there be, true “anonymity” on the internet – or almost anywhere else, for that matter. Someone, or something, knows who you are – even if they don’t know your “real” name.
Here’s an illustration from real life.
A man walking his dog, we’ll call him “Mr. A”, gets into an altercation with another man (Mr. B) and knocks him down, then runs away. Speaking to the police, Mr. B describes his attacker as six feet tall, reddish hair, goatee wearing a denim jacket and carrying a Starbucks cup, and his dog was a black Labrador.
The police head to the nearest Starbucks and ask if someone matching that description had been in that morning. “Oh sure,” the barista answers, “he comes in most mornings.” But he always pays cash so the Barista doesn’t know his name or where he lives. “But he calls the dog “swarzie” and has an accent. The brighter police officer recognizes the term as possibly “schwarze,” German for black. He instigates a house-to-house search looking for a German immigrant with a black Labrador and is told that “the man in the first floor apartment speaks German and has a black Lab.”
So without ever knowing the suspect’s name, the police can track him down because a relatively unique set of attributes (description, dog, accent, etc.) identifies the individual who committed the crime. What, on the face of it, would be considered an “anonymous attack” was, in reality, anything but.
On the internet, every computing device that’s connected is identified by a unique number – it’s IP (Internet Protocol) address. This number must be unique so that data can find the device, whether it’s a web page, an email, a tweet or some other form of transaction. Not all IP addresses are fixed for all time, though. Most of us connect through an Internet Service Provider (ISP) who gives us a locally unique IP address which can change every time the connection is renewed. Here’s an example: the router I connect to at my ISP’s site has an IP address of 188.8.131.52, and this is the address it shows to the internet. My connection is given the locally unique identifier of 184.108.40.206 and the router knows my device and can correctly route traffic coming from the internet to that device without actually revealing my (locally unique) IP address. But that router does know that address and – more importantly – who it was assigned to at a given time.
But suppose I don’t use MY computing device – there’s internet cafes, public libraries, and other places. But each of those has other people around who can “identify” me (i.e., give a complete description) or require me to use some form of ID token (credit card, library card, etc.). Using a smartphone or tablet is tracked by the service provider so I can be billed properly. In those instances where I don’t have to be identified by name, the same scenario as the dog-walking Starbucks customer cited above still works.
There really is no true anonymity.
There is, though, relative anonymity or pseudonymity. Pseudonyms have a long history, especially among writers (where they may be known as “pen names” or “noms de plume”). The English author we call George Elliott (“The Mill on the Floss,” “Silas Marner,” “Middlemarch”) was actually a woman named Mary Ann Evans. She used the pen name because, at that time, it was nearly impossible for a woman to be published. The mystery author Ellery Queen was actually a collaboration between two men, Frederic Dannay and Manfred Lee. Even stranger, both of those names are pseudonyms: Dannay was actually Daniel Nathan and Lee was legally Manford Lepofsky!
On the internet, pseudonyms are normally referred to as personas or “digital identities” and people can have many of them. Why? Here’s a scenario:
Samantha Smith teaches first grade at the Houston Christian Day School. As such, she’s agreed to behave in such a way as to not reflect badly on the school. But Ms. Smith does like to flirt and does like to read and write “adult” material. So she has joined an on-line forum for folks with similar tastes where she is known by the handle “NaughtyGirl”. No one on the forum knows her real name and no one at the school knows about her on-line persona. NaughtyGirl is just as much a real identity as Samantha Smith. Whenever NaughtyGirl posts to the forum all the other users recognize her as that user – she’s authenticated herself in order to access the forum.
Now it is still possible for someone (probably in law enforcement) to trace the postings by NaughtyGirl back to Samantha Smith’s computer. But – unless she breaks some law – the likelihood of that is exceedingly small.
This is the identity distinction which baffled Google (and continues to baffle Facebook) known as the “nym wars”. The name on your birth certificate, your driver’s license, your national health card or even your passport isn’t the name that most people know you by. The best example is my friend Kaliya, better known as “Identity Woman”. Officially she is Kaliya Hamlin – her married name put on her official documents when she married her now ex-husband. But still legally her name. Some people know her by that name, a lot fewer by her birth, or maiden, name. Thousands upon thousands, though, know her as Identity Woman. Yet she had to fight, tooth and nail, with Google to use that identifier with Google+ who insisted that only “real names” could be used. I’d guess they’d only allow accounts for Daniel Nathan and Manford Lepofsky, rather than for Frederic Dannay and Manfred Lee – Ellery Queen wouldn’t stand a chance!
Facebook created a torrent of objections (what, again?) recently when they showed users a picture from a friend’s account and asked the user to verify the friends “real” name. As this story in Forbes notes:
“Like the bar Cheers of television fame, Facebook wants to be a place where everybody knows your name. Your real name. Not your nickname. Not a fake name you’ve created to protect your privacy. Not your Wiccan name. Your real name… and has tried to force at least one prominent user — Salman Rushdie — to go by the name on his passport on the site.”These so-called “social networks” don’t seem to understand that in real life (“meat space” as opposed to cyberspace) people do keep their social networks separate – work, home, school, church, activities (wine tasting, book clubs, sexual activity, volunteerism, etc.) – in large part from a wish to protect the privacy of their words and actions.
The bottom line is that I don’t believe true anonymity is available anywhere any longer (if it ever were available) but that pseudonymity is something to be desired, promoted, wished for and encouraged so that people feel safe and protected – and feel their privacy is protected – whenever they speak out. There’s a great marketing opportunity here for a new “social network” which preserves privacy but which can also be a commercial success. I’ll let you know if I find one.
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]