Anonymity does not equal privacy

Derived from Ancient Greek for „without name“, according to the Cambridge dictionary, the term anonymity describes a situation where “someone’s name is not given or known“. In the digital age, anonymity is important in two facets: online users should be able to surf the internet anonymously, likewise user data gathered by online service providers must be stored in an anonymous fashion (in other words: with the identity element removed from it; data not being tied to a specific person.)

In an online context, we must consider three types of anonymity: sender anonymity, recipient anonymity and unlinkability of sender and recipient.

The GDPR defines anonymous data as such that “does not relate to an identified or identifiable natural person“. Anonymous data is stored in such manner, that it can never be linked to the subject that provided the data.

Being anonymous. A fantasy or achievable?

By default, the internet is anything but anonymous. Based on the Internet Protocol (IP), every connected entity on the web is assigned a unique IP address (format: ###.###.###.###) making users (senders and receivers of data packets and online communication) personally identifiable. Usually, this IP address is assigned by internet services provider (ISP) who may record and track/protocol every website a user visits (although many users are completely unaware of this).

A commonly used security measure is a Virtual Private Network (VPN) service. Here, a user connects to a VPN server through which their entire online connection is routed. The user appears on the internet through the IP address of the VPN server. As the connection is encrypted, third parties (including the user’s own ISP) cannot log the user’s online activities and browsing history.

Different shades of anonymity

Moreover, anonymity is not a binary issue but rather exists in many different shades. As such, it is important to distinguish between total anonymity and pseudonymity. Many services that promise anonymity actually only offer pseudonymity.

While pseudonymous data has the actual identity of the person removed from it, it can still be tied to the data subject that provided the data. If a number of identifiers such as age, gender and location can be tied together, it may actually become possible to unveil the actual identity of the data subject.

A famous example is the Bitcoin blockchain. Bitcoin is only pseudonymous, as transactions can be tracked by the public wallet addresses between which they are taking place. Hence, using a Bitcoin blockchain explorer, any external party can track the amount, frequency and points in time at which the owner of a blockchain wallet engaged in sending/receiving transactions.

Security in relation to computing devices and all things online

As concerns the internet and computing devices, security is largely equated with data security which captures how user data is stored (e.g. encrypted or non-encrypted) so that user data is free from unauthorized access, corruption or theft.

Data security is to be assured at two levels. For one, users themselves need to secure their personal devices through installing anti-virus software, firewalls, anti-malware software and using VPN services to encrypt their internet connection. However, most user data concerning online services is stored with service providers who must guarantee that their data storage cannot be hacked or tampered with, otherwise facing both reputational damage and severe penalties.

The general rule is: the more sensitive user data is, the more stringent security measures must be applied (and the higher the potential negative consequences of data breaches). For example, medical patient data and financial data are particularly sensitive.

Exploring the almost endless possibilities of cybersecurity measures to protect data is beyond the scope of this article. Yet, at Cryptix, we invest heavily in cybersecurity and support the development and accessibility of in-depth knowledge to protect against attacks and data breaches. Make sure to follow us for cybersecurity insights, tips and recommendations on our channels.

At the intersection of privacy, anonymity and security

Privacy ensures the definition and enforcement of rules as to how data is to be gathered, stored, managed and shared. Security concerns the prevention of data hacks by malicious actors and parties. Anonymity warrants that users can surf online without generating data that can be tracked back to their identity. As shown in the following Venn Diagram: The 3 factors overlap and necessitate each other:

This can best be illustrated by a negative definition: Insufficient security threatens anonymity and privacy of user data. Personally identifiable information (being non-anonymous) inhibits privacy by definition and is insecure to be stored.

Conclusion

Technology can both be an enabler and the biggest threat to user’s anonymity, privacy and security on the internet. Here at Cryptix, we believe that technology usage must follow a user-centric approach.

The intersection of privacy, anonymity and security is where users expect and demand the modern web to be. Strict regulation guidelines like the EU’s GDPR serve as frameworks within which such a web can flourish. If implemented correctly, users can surf on the internet guaranteed of their anonymity, privacy and the security of their data.

In fact, in 2021, this state must be the inalienable norm, any deviation from it must be justified by explicitly for every single case.

Sources

Business Week (1998), A Little Net Privacy, Please, 16 March, available at: www.businessweek. com/

Osorio, C. (2001), “A new framework for the analysis of solutions for privacy-enhanced Internet commerce”, eJETA: The eJournal for Electronic Commerce Tools and Applications, Vol. 1 №1, pp. 1–8.

Rosenberg, R. (1992), The Social Impact of Computers, Academic Press, New York, NY..