Privacy Decrypted #4: Understanding anonymity vs. privacy

Anonymity is not the same thing as privacy, and confusing these related but different concepts can weaken your online threat model

  • Anonymity – Keeping your identity private, but not your actions. For example, using a pseudonym to post messages to a social media platform.
  • Privacy – Keeping some things to yourself, which can include your actions. For example, messaging friends privately so they know who sent the message, but only they can read it. 

Both concepts are different from security, which can often add to the confusion.

  • Security – The precautions used to keep you safe. What exactly “safe” means can very much depend on your threat model. 

Good security is generally a prerequisite for staying private online, but is often less important for anonymity. In fact, anonymity can often be detrimental to security.

A good example of this is ProtonMail’s optional authentication logs feature. Enabling this prevents you from logging into your account anonymously, but it improves your security by allowing you to detect suspicious logins (for example, a login from another country).

For most people, privacy is a great deal more important than anonymity, although there is a limited set of circumstances where anonymity is a valid concern.

What the law says

The right to privacy is a common legal concept enshrined in over 150 constitutions worldwide. It is, for example, incorporated into:

The “right to anonymity”, on the other hand, is not so clearly defined and does not enjoy the same legal protections (if any at all).

Who needs anonymity?

Anonymity has become a particularly charged subject in recent years because the lack of accountability it brings has unleashed a torrent of online abuse, hate speech, trolling, and cyberbullying. It has also become associated with unethical marketing practices, such as spamming and phishing — as well as with terrorism. 

This is not to say there is no legitimate need for anonymity — for example, whistleblowers and political dissidents might be in personal danger if their identities are revealed. What most people really require, however, is privacy — the ability to keep what you say and do on the internet to yourself and those you wish to share with. 

And for most people, the need to be secure against the many threats posed by the internet outweighs any need for anonymity.

Anonymity should also not be viewed as an absolute state. A dissident who needs anonymity from their repressive government does not need the same level of anonymity from the Swiss legal system. 

True anonymity is hard

Every server you connect to on the internet — be it a web server, a mail server, or a VPN server — can see your IP address. This is a number that uniquely identifies your internet connection and can be easily traced back to you. Achieving true anonymity on the internet therefore requires good operational security (OPSEC) on your part to ensure your real IP address is not revealed.

Tools that can hide your IP address and protect anonymity include VPNs and the Tor anonymity network, but there’s no solution that can guarantee 100% anonymity. Tor is sometimes considered to be more anonymous than VPNs due to its decentralized nature, but it comes at the cost of lower performance, ease of use, and stability.

Full anonymity is difficult because you must always use anonymity tools for all aspects of your online life, as even a temporary lack of anonymity is sufficient to expose your identity.

Proton offers privacy by default, with optional anonymity

Proton’s mission is to make online privacy available to all, and we have designed a highly secure suite of tools to accomplish this goal.

With the Proton suite, you can:

  • Send end-to-end encrypted emails that no one else can read.
  • Browse the web without anyone watching.
  • Store your files securely where no one else can access them.
  • Plan your life without sharing your schedule with anyone else.

In other words, you can mind your own business on the internet without someone looking over your shoulder.

All Proton services provide privacy by default. One Proton service, ProtonVPN, also provides anonymity if you use it consistently. ProtonVPN does not have an obligation to keep data retention logs of online activity and cannot be forced to log user activity under current Swiss law.

 By always using a VPN or Tor to access Proton services, it is also possible to achieve a high level of anonymity. For users that require anonymity, we offer Tor email access via the ProtonMail onion site.

Learn more about how to use ProtonMail more anonymously

Know your threat model

It is vital to understand the difference between privacy, anonymity, and security when assessing your threat model. All Proton tools were designed from the ground up to be both private and secure because that is what most people on the internet need. They can also be anonymous, but remember that that requires you to take extra steps to ensure your own OPSEC.

About the Author

Douglas Crawford

Douglas has worked for many years as a technology writer in the cyberprivacy and cybersecurity sector. He is now very pleased to work for a company with a mission that he passionately believes in.