Monday, August 14, 2006

More on Privacy vs Anonymity

"Anonymity as default," which I mentioned in the previous post, is taking on a life of it's own. Now Tom Maddox has posted in his Opinity weblog, commenting on Ben Laurie's commentary about Kim Cameron's mention of Eric Norlin's post concerning David Weinberger's original thought that "Anonymity should be the default."

(I'll just sit here and whistle for a moment while you follow that set of links)

The point I wanted to mention was Maddox' statement:
"We need to begin with anonymity/pseudonymity as the default, Laurie's 'substrate choice'. Otherwise, whatever identity system we employ, we'll always be trying to get the cat back in the bag (or the scrambled egg back in the shell)"
The fallacy here is that he seems to believe that there can be an "identity system" in which anonymity is a choice! And not only a choice, but the default choice. But without a unique identifier for each object in the system, there is no identity system. And with a unique identifier there is no anonymity within the system. Rather, the default should be PRIVACY for all objects, with any dispersal or publishing of identity attributes only done with the consent of the entity if it's sentient, and the entity's controller if it isn't. Maddox is correct that once the data is published you can't unpublish it completely. That argument shouldn't be overlooked. But it's equally as important to realize that the "anonymity bandwagon" is out of control and headed for the cliff. Privacy is the key, and privacy should be the issue.

In not so distant past (before the "user centric" world of today), most application had the concept of anonymous user or guest. The basic idea being that a single digital identity (i.e. anonymous or guest) is mapped to numerous actual entity/users which I guess is being refered to by these people.

So, unless the world is not moving toward the idea of prove-your-identity-or-else-i-will-not-play (the antithesis of the no-body-knows-you-are-dog) application still have the option to support anonymous access.

Did I miss the point you were making?
"Did I miss the point you were making?"


One-time anonymous access to something isn't a very interesting case, especially when you wish to be recognized as 'returning' to the site, or as someone allowed to post/download/comment/etc. See the "NaughtyGirl" comments in the original post.
The way I see this discussion, the anonymous/guest usecase is just one end of the complete identification spectrum (as others have referred to it). The specific example of NaughtyGirl is probably the next step in idenfication spectrum where pseudonym/digital identifier is connected to one person (instead of being connected to multiple person) but the relationship between the real person and digital person is unknown. The next step could be the whole trusted thing where either you or a third party (Identity Provider any one?) validates/claims/asserts/... the relationship between the legal entity(i.e. the real person) and the digital person. And may be there is something beyond in this spectrum that I can not think of.

Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]