privacy vs. anonymity
A service promising to protect your privacy is not able to keep you anonymous. Why is that?
This distinction is actually really important in data protection and privacy laws.
Anonymity is about the inability to link an action, message, or data point to a specific individual. If attribution is possible (even if difficult, like with pseudonymization), you are identifiable and therefore not anonymous.
Privacy, however, is about the ability to limit or control access to personal information. The focus is not identity removal, but boundaries of who can observe, store, or process personal data. Personal data has to, by default, be linked to an individual, which makes you identifiable and not anonymous. If it isn't, it no longer counts as personal data. You can see this in the way the GDPR works; it doesn't apply to anonymous data, but personal data, and pseudonymous data still counts.
Privacy can exist with full identification: Your doctor knows you and your diagnoses, but is protecting your health file from unauthorized access.
On the other hand, anonymity can exist without privacy, like anonymous browsing that is still heavily tracked behaviorally.
The way we ensure privacy has different mechanisms. In data protection law, this is referred to as "technical- and organizational measures" (TOMs). For example, these can be access controls, confidentiality obligations, encryption, and following the general principles of data minimization, storage and purpose limitations in the way your systems and organization are set up.
Where we think they overlap is when we expect an entity to protect our privacy so an external actor cannot identify us.
This is problematic in a variety of ways: When we are offered privacy, we implicitly assume privacy from everyone, while most privacy guarantees actually mean privacy from the public or third parties or less tracking than other services; not privacy from the service provider itself, or legal obligations/the state. Companies who aim to protect your privacy act more like privacy intermediaries: They shield users from outsiders or offer a service where less data is harvested or data isn't sold to third parties, but they still maintain some capability to associate activity with an identity.
If you want anonymity at a service offering you privacy, you have to create it yourself by not giving the service a way to identify you. This can be done via using a fake name and address, using a way to pay that doesn't directly link your bank accounts or other payment info (privacy.com cards, or crypto, etc.), accessing it via a VPN, and possibly more precautions on an OS level (Kali Linux, containers etc.). That's cumbersome and not realistic for most people, as their threat level is not one of a whistleblower; however, you can of course decide to do it anyway.
Even then, it might be impossible, depending on the service and what you share with it. You can be anonymous on a blog, but over the years, the very little vague information you share can paint a picture. If you use an email service for your normal email needs, you will likely receive all kinds of de-anonymizing information: Doctor's appointments, booking confirmations, event tickets and more, all with your real name and location. The correct move here would be to separate your different email needs into different accounts and addresses. Sensitive political organizing, for example, should be separated from your personal information, either the one you give the service directly, or any other private email coming in.
Just remember at the end of the day:
Privacy is conditional access to identity.
Anonymity is the absence of an identity link.
If the right legal conditions are met, access to identity is given. But if the service doesn't know who you are, it cannot reveal it.
Reply via email
Published