I am by no means a security researcher, expert or professional. Most of this post is my opinion using more higher level concepts about the topic at hand. If there’s something I missed here, please reach out and let me know!
After being interested in privacy issues for the past few years (on/off) and on the Fediverse for the past months, I often see folks conflating privacy and anonymity as the same thing. Although I agree there there is some dependency of one of these to the other, I don’t think it’s fair or practical to combine the concepts.
A 💩 and Imperfect Analogy
I believe I saw this analogy somewhere on Reddit, so I don’t claim to take credit for it, nor do I believe I’m paraphrasing it one to one. But I think a good way to compare these concepts is when you’re using a public restroom bathroom stall (assuming it’s a stall without those gaps in between the panels):
- Privacy: The bathroom stall is closed, and someone may have seen you go into the stall, but no one can see what you’re doing in the stall.
- Anonymity: There is no bathroom stall walls, but you’re wearing an outfit the completely hides your identity.
- Privacy & Anonymity: You enter the bathroom stall without your identity revealed.
To me, privacy is the ability to be able do something without others knowing what you’re doing, while anonymity is the ability is to do something without knowing who did it. Thus, privacy and anonymity is the ability to do something without others knowing what you’re doing and who is doing it.
The most common one I see is when criticizing Signal, the private end-to-end encrypted messaging app, for using phone numbers for registration. Although I have many criticisms of Signal, I do think it’s one of the best privacy-focused messaging platforms, in terms of ease of use and wide availablity.
The claim is that using phone numbers reduces its ability to be private. Using my definitions of privacy and anonymity above, using your phone number means you cannot hide who you are while registering the Signal service; thus the service is not anonymous. However, when you are speaking to folks on the service, which has been shown to have no data to give away, it is extremely difficult to show what you’re doing on the service, i.e. who you are talking to and what you’re talking about.
On the other extreme, I wanted to give an example of someone being anonymous, but not necessarily private. On many Mastodon instances, it is fairly easy to make an account without revealing much personal information at all; it only requires registering with an email account, which there are ways to register an email anonymously. Hence, you use an alias and a throwaway email to join anonymously. However, there are many folks who use an alias on Mastodon, but make all their posts publically available across the Fediverse. In this instance, people know what you are doing, but do not know who you are. Thus, using Mastodon this way is anonymous, but not private.
Not much to conclude here other than saying, I think we need to be clear on our definitions when talking about privacy and anonymity. Security often gets conflated here too, but I think it has a more intertwined role with privacy in many aspects, which I don’t want to try to explain here. I think in some situations, you do need both, but that largely depends on various factors depending on your situation, the software being used, etc. Let me know if I missed something, as these are just my opinions!