Some of the most interesting security debates involve anonymity and privacy.  Everyone seems to have a different idea about what those words mean.  For example, some people think anonymity is a binary thing – you’re either anonymous or you’re not.  But when I think of anonymity I think of two axis.

The first is how much or little someone knows about you.  For example, if you know what I look like, I don’t feel completely anonymous.  But I feel more anonymous than if you also know my name.  Perhaps that’s because I’m a 6’7” bald guy and if you went around Ottawa asking security professionals if they knew a tall bald security/writer/photographer guy chances are that my name would come up pretty quick.  Or, perhaps, it’s because my name is only part of my identity.

The other axis is how difficult it is to breach someone’s anonymity. For example, it might not be too hard to get the clerk at a small-town store to tell you the name of the customer that was in front of you in line.  But getting information from other sources is more difficult.

So, when I think of anonymity, I picture a quadrant.  In the upper right corner you know nothing about me and it would be really hard to find out who I am.  In the lower left corner my name, address, telephone number and photo are on the front page of the Ottawa Sun.

Privacy is even more complex because it is hard to define.  For example, it has been defined as:

  • The right to be left alone;
  • The right to exercise control over one’s personal information; and,
  • A set of conditions necessary to protect our individual dignity and autonomy.

When it comes to telemarketers, the right to be left alone appeals to me. I’d also like to stop businesses from selling my name to other businesses (or telemarketers). And I’d prefer some privacy when I’m in the washroom too, thank you very much!

Anonymity and privacy are obviously related. But the interesting debate is whether anonymity is required to achieve privacy.  In some cases it certainly helps: When I buy a coffee from Starbucks and pay cash, I have a relatively high level of anonymity, at least until they install cameras with face recognition software that links back to that one time I pulled out my debit card. (Of course if it expedited my mocachino with an extra shot of espresso I might not feel too violated.) But other privacy controls exist, including legislation, corporate policy and the desire to avoid negative publicity.

The problem with such privacy mechanisms is that they are outside the control of the individual.  When I surf the net, I have no way of knowing what companies do with that data. I don’t know for a fact that Google isn’t building a database of every search request from my IP address and that some point in the future they’re not going to acquire (or be acquired by) companies and link my IP address to my credit card information or Facebook profile.  And there are online advertising companies that make it their business to track users across multiple Web sites using cookies of the not-so-tasty variety.

Whether this matters to you or not really depends on who you are and what you do online. You may not care and it might not matter. Or, you might prefer that the only people who have your personal information are those you give it to.

As more people understand these issues, the anonymous Web surfing services will continue to gain popularity.  For example, one of the best known is Anonymizer, started by astrophysicist Lance Cottrell in 1995. He was concerned about online privacy and as an early Internet user saw first-hand how much information could be captured.  And his company was recently acquired by a larger firm that provides anonymous Internet access to corporations, governments and law enforcement agencies.

But before you rush out and buy, it’s important to consider the big picture. Anonymous proxies hide your real IP address, and are a great first-line defense of your online privacy. But, to be effective, you also must control cookies and carefully consider what personal information you give to businesses, including social networking sites. Remaining anonymous on the Internet to protect your privacy requires much more than hiding your IP address.  It requires that you also think before you type.

2 Responses to Anonymity and Privacy

  1. Wendy
    Feb 23, 2009

    Seth Godin (Small is the New Big) turned me on to this issue. The only time anonymity brings safety is when you are up to no good. The internet would look very different if everyone had to give valid ID in order to use it.

    Privacy is a different issue. It ought to be possible to ensure privacy in our highly governed society, but the recent ‘Do Not Call List’ mess up shows how difficult protecting data can be. Knowledge is power and data is easily marketable knowledge. Until we sort this out the internet will have to remain anonymous . . and somewhat dangerous.


  2. Eric Jacksch
    Feb 24, 2009

    Hi Wendy, glad to see you reading, and I hope people check out your site at!

    I agree that would make the net look different, but I don’t think it would be a good kind of different unless we somehow managed to make everyone abide by solid privacy practices.

    I like the fact that I can buy a chocolate bar without showing ID. I don’t have to walk around in public wearing a nametag, and I shouldn’t have to do the same on the ‘net.

    …although it would be interesting to see how it impacts behaviour…

Leave a Reply