Anonymity and privacy are two of the most thrown-around concepts in today’s digital landscape, and they’re often used interchangeably.
But they don’t actually refer to the same thing. There’s a fundamental difference between them.
Essentially, Privacy is the degree of control over your data, while anonymity means faking your identity or hiding all identifiable elements of your real identity!
Imagine that your life is a book:
Or, if it’s easier to understand, imagine privacy like an invisibility cloak. You can choose to wrap yourself in it and keep your personal information invisible from others. And you get to choose who can see it and share it.
Anonymity is like wearing a cloak and mask in public. Everyone knows you’re there and can see your actions but they don’t know who’s behind the mask.
Below, I’ll explain why these concepts matter, how to maintain them, legal implications, and more!
To get this out of the way, it’s impossible to be 100% private or 100% anonymous online. The concept of the internet is incompatible with true privacy or anonymity.
Someone knows who you are, no matter how well you protect yourself.
Being private means being in control of who sees the real you and what pieces of you they can collect. It’s like being alone in your home and you get to decide who can visit you.
Being anonymous means hiding your real identity from the public. You’re no longer hidden but part of the crowd. You’re indiscernible from everyone else because you are not identifiable.
But the internet doesn’t allow you to be 100% private. Your ISP knows who you are and where you’re located. Your device also knows who you are because it collects cookies about you.
And you also can’t be 100% anonymous. No matter how incognito you are, there’s at least one party who knows the real you, or they can find out who you are. And if they choose to dig deeper, they will.
But does this mean you can’t protect yourself online? Or that you can’t be anonymous and private?
No, of course not. You can achieve near-perfect anonymity and privacy if you do the right things.
While the right to privacy is acknowledged in most Western countries, you don’t have privacy by default when you go online.
Your browser, search engine, and websites you visit will collect cookies, track your activities, and send you personalized ads.
Similarly, your IP address is clearly visible for anyone who cares to look. You’re a public entity when you go online. You’re not private by default.
You can use private browsers that disable trackers and ads but cookies are integral to the proper functionality of many of these programs. Even if you limit cookie collection, you can’t stop it entirely.
Anonymity is a right just as much as privacy is, but just like privacy, you don’t benefit from it by default when you go online.
Unlike privacy, though, anonymity is more intentional and action-oriented, requiring you to adopt a certain digital lifestyle in your online dealings. VPNs, for instance, are almost a no-brainer for the anonymity-conscious individual who doesn’t want to leave digital footprints.
Here are a couple of things you might be doing related to anonymity – using the Tor browser, using Incognito mode in your browser, avoiding publishing PII on social media, using non-identifiable email addresses, using virtual credit cards, paying with crypto instead of fiat, and more.
In other words, anonymity is all about limiting the amount of PII about you on the web and making your presence as unassuming and indistinguishable as possible.
One of the key distinctions between privacy and anonymity is that the former is more of a state of being online, while the latter is related to specific actions or activities you engage in.
You are anonymous in relation to something you do online. For instance, you’re surfing the web anonymously or you’re accessing a geo-blocked service anonymously. Or you’re commenting on a social media post anonymously because you gave a fake name and email address.
There are multiple degrees of privacy and anonymity. For instance:
You can think of privacy as control and anonymity as illusion, in a nutshell!
The late John McAfee once said that “We are losing privacy at an alarming rate – we have none left.” And Gary Kovacs said that “Privacy is not an option, and it shouldn’t be the price we accept for just getting on the Internet.”
Your privacy matters because it’s who you are. It’s your identity, all that makes up your person, and if it goes into the wrong hands, they will exert complete control over you.
Here’s a quote from me – if you don’t control your privacy, someone else will. And you should discriminate unapologetically between who can and can’t control your sensitive data.
Identity theft is one of the foremost risks the 21st century person faces today. And:
Your identity is made up of countless elements – name, email address, phone number, banking information, credit card number, physical address, medical data, vacation plans, pictures, and more.
Every single one of these elements can be used against you by threat actors.
I’m sure you’ve heard the saying – “If you have nothing to hide, you have nothing to be afraid of“. Only someone who’s content with being controlled and who doesn’t understand the risk of abuse would say this.
Make no mistake about it – sensitive data can be weaponized against you. This has been going on since the dawn of humanity. Phishing, identity theft, BEC (Business Email Compromise), and various other cyberattacks use your personal data against you.
The simple fact that you’re not in control of your data means that bad actors can get their hands on it. Privacy doesn’t mean hiding your data to commit illegal deeds. You’re doing it to protect yourself preemptively from those who would harm you using that very data.
If privacy is a passive protection against external threats, anonymity allows for a more active participation in society without succumbing to cybersecurity risks.
Here are some of the most important reasons why you should care about anonymity:
There’s a prejudice against anonymity that’s deserved, more or less. Anonymity is an integral factor in cybercrime, helping threat actors stay hidden from the authorities and aiding them in their attacks.
However, anonymity isn’t bad by itself. It’s merely a tool, to be used however you see fit. One person may use it to launch a DDoS attack against a mega corporation while another might use an anonymous identity when shopping online.
Just like with privacy, you should be entitled to your anonymity, and you should be allowed to seek anonymity whenever possible. Especially in today’s digitized world, anonymity has become a luxury that most of us simply don’t have anymore.
There’s a special kind of relief when you’re going online and you know that no one knows who you are and they can’t track you down because you’re anonymous and private.
Paranoia? Maybe, a bit.
Security and privacy, though? Oh, yeah!
Privacy and anonymity as two sides of the same coin. They define your online identity, and they can be used against you to dangerous ends. That’s why there are serious legal implications around both of them.
Data privacy breaches are particularly nasty because they involve people’s sensitive data that could put their livelihoods at risk if misused by bad actors.
That’s why there are laws that protect a person’s right to privacy and their private data in most civilized countries. In Europe, it’s known as the GDPR, and it oversees all European citizens’ right to privacy and information security.
In the US, there are multiple data privacy laws, including HIPAA for health data, CRPA (California Privacy Rights Act), GLBA for financial data, and more.
Case Study – Cambridge Analytica Scandal
2018 wasn’t a good year for privacy. The Cambridge Analytica scandal rocket the boat when it was discovered that the political consulting firm had been collecting and using the personal data of millions of Facebook users without their consent.
According to the New York Times, the company had been creating voter profiles based on Facebook data, and there was also the Russian connection that caused controversies.
Mark Zuckerberg was brought before Congress and made to ensure them that Facebook wasn’t involved in the debacle. Then, the Federal Trade Commission announced that Facebook would have to pay a $5 billion fine because of these privacy violations. The social media company received a 20-year settlement order.
They also paid a £500,000 fine to the UK Information Commissioner’s Office because they’d inadvertently exposed the users’ data.
Cambridge Analytical filed for bankruptcy on May 2018, and that’s the last we’ve heard of it.
Anonymity breaches are usually less dangerous because they don’t necessarily involve exposing sensitive data that make you highly vulnerable (health data, financial data, etc.)
An anonymity breach would only expose your public identity. A platform, a site, or a number of people will become aware of who you are publicly. And typically, your public information won’t get you in trouble unless you’ve done bad things under the cover of anonymity.
We’re talking about two case scenarios here:
1. Engaging in illegal activities
Cyber criminals use anonymity to hide from the law while they engage in illegal activities. Clearly, this isn’t desirable, permissible or acceptable.
And even more so, eliminating a cyber criminal’s anonymity is one of the goals in catching them.
2. Hiding from oppressive governments
Anonymity is highly useful for individuals living under oppressive governments who would limit their freedom, harass them, and retaliate against them.
In this case, anonymity is the single best tool of the disenfranchised to achieve freedom and have a fighting chance. Many simply want to leave the country, while others are content with only communicating with the outside.
Case Study – Silk Road
The Silk Road bust is one of the most notorious anonymity breaches in recent history. The Silk Road was an online black market on the Tor network that dealt in anything imaginable using Bitcoin.
Eventually, the founder of the Silk Road, Ross Ulbricht, was arrested in 2013 after he was finally identified. Multiple law enforcement agencies had been conducting extensive investigations on the Silk Road for years.
While the Tor network provides near-perfect anonymity, the authorities were able to piece together the puzzle and eventually de-anonymize Ulbricht . They traced Bitcoin transactions, analyzed server logs, and investigated his online activities (under the pseudonym Dread Pirate Roberts) to find him.
Ulbricht was charged with computer hacking, money laundering, and drug trafficking, among several other charges. He was sentenced to life in prison without the possibility of parole in May 2015.
The Silk Road bust reveals a singular truth about anonymity – it never lasts. If someone is determined enough to find you and they have enough resources at their disposal, they will find you.
This also serves as a lesson for cyber criminals around the world.
Both private and anonymous actions are legal within most Western countries. This means that you’re allowed to act in society while maintaining your privacy and anonymity, and there are no theoretical limits to this.
However, the law draws the line once you start engaging in illegal activities. That’s when your privacy and anonymity became expendable goods to be torn apart.
Generally, anonymity is more expendable than privacy, even when you’re within your right and are not engaging in dangerous activities.
You’ll receive less legal protection in the case of anonymity breaches compared to privacy breaches. Individuals usually have fewer expectations regarding anonymity because it’s something you choose to do yourself.
Privacy, on the other hand, is something you demand from those who control your data. There’s always someone who controls your data. You have exponentially higher demands and expectations from the data controller to protect your data.
The law will likewise protect you more against data breaches, and will penalize data controllers who fail to protect your data in harsher ways.
There are considerably fewer cases of anonymity breaches where an innocent victim loses their anonymity and is harmed in the process. In most cases, it is privacy breaches that are commonly associated with innocent victims preyed upon by cyber criminals.
When it comes to anonymity, the victim is often the criminal. Just like with the Silk Road, the criminal uses anonymity to hide their identity while committing crimes. And the authorities destroy that layer of anonymity to track them down and punish them.
There’s a very thin line between legal and illegal anonymity (or privacy). If you’re on the wrong side of the law, all of these rights will be selectively suspended until your eventual apprehension by the authorities.
Society needs to hold individuals accountable for their deeds, especially in the digital age. And so, there’s a balance between privacy as a protector and privacy as a tool to evade the law.
Personal efforts can only take you so far in enhancing your privacy and anonymity. That’s when you start using digital tools that help protect and maintain your online safety.
Here are some of the tools I’m talking about:
Some of these tools enhance your privacy, others help you become anonymous, and others do both. Then, some others will help maintain those data secure so it doesn’t reach the wrong hands.
One irony in all this is that the more tools you use to protect your privacy and anonymity, the more data controllers have your data and identity.
That’s not the case with some of the tools above, though. You’re going to be using a browser, search engine, and email provider either way, so why not select the most private ones?
As I said before, you can’t choose to withhold your private data and identity from everyone. All you can choose is who to share it with so that you obtain the biggest benefits without putting you at risk.
There’s no going around it – if you want to protect both your privacy and anonymity, there’s no better tool than a Virtual Private Network. A premium VPN, to be more specific.
Free VPNs are only ever good for bypassing some geo-blocks and dipping your toes into the VPN industry. But if you really care about your online security, privacy, and anonymity, you’ll eventually choose a premium VPN.
You don’t have to go for the most expensive one on the market, though. Surfshark is more than enough for many users – it’s outside the 14 Eyes Countries, it has a strict no-logs policy, solid encryption, and good anonymity features.
Here are some of VPN features known to boost your privacy and anonymity:
All the good premium VPNs offer these features because they’re indispensable to a privacy practitioner. When you decide to pay for a VPN, you’ve automatically done your homework and know what to expect.
All in all, you can’t hope to obtain or maintain privacy or anonymity without employing tools like privacy-oriented browsers, search engines, VPNs, private email providers, and more.
While privacy and anonymity might be important for you, don’t discount your public life either. You can’t do all three at the same time just as effectively. Some compromises are necessary.
Here’s what I mean:
While you can’t be 100% private or anonymous when online, that doesn’t mean you should give up them. There’s a delicate balance you must keep but that’s where you’ll find peace of mind and healthy social participation.
A rule of thumb is to limit your PII (Personally Identifiable Information) across all services and platforms you use. Don’t overshare your phone number or email address, for instance, as this can create needless vulnerabilities.
It’s unavoidable to share your PII with some services, but be more discriminate toward the third parties who have access to your data.
Obtaining privacy and anonymity is the easy part, but maintaining them is where things get more complicated. The most common vulnerability lies in the services you use, ironically.
A well-targeted data breach can expose your PII and put you in the hackers’ crosshairs for social engineering attacks. I’m sure you’ve heard about the Facebook data breach in August 2019 where over 530 million users had their data exposed.
Some of the information exposed included:
There was no health, financial, or credential information included in the data dump, fortunately. However, data breaches of this magnitude are becoming increasingly common these days.
In another post about the biggest cybersecurity attacks worldwide in 2023, we’ve found that the biggest data breach exposed 3.8 billion records in September 2023.
Particularly gruesome data breaches occur on services meant to protect you, like password managers. I’m thinking of LastPass here, who has a history of security incidents dating back to 2011.
The last one, and the straw that broke the camel’s back for many users, took place in 2022.
LastPass Attack Timeline:
The attacker now only had to use brute-force password attacks to try and mechanically decrypt the LastPass vaults. Still, the vaults are encrypted using AES-256 encryption, which makes them effectively impregnable to decryption, assuming that the user vaults are protected by strong passwords.
The two biggest issues were that this incident was far from the first, and that the attack origin was a LastPass DevOps engineer. The hacker had exploited a vulnerable third-party software installed on the engineer’s home device to gain access to their storage.
LastPass said that the attack “was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”
This showcases just how fragile privacy and anonymity are, and how difficult they are to maintain if you’re not careful about the service providers you use.
To summarize, here are the main challenges to maintaining your privacy and anonymity:
Your mobile device is especially guilty of data collection and aggregation from apps. Google services are notoriously bad for privacy but there isn’t much you can do beyond a certain point other than installing a custom OS like GrapheneOS or CalyxOS.
What I would recommend is getting a private browser like Brave or Librewolf, using a more anonymous search engine like DuckDuckGo (it will affect loading times and search result quality), switching to a private email provider like Proton, and choosing end-to-end encrypted messaging apps like WhatsApp or Telegram.
And it goes without saying that you should live by a certain code – your PII is your most important asset on the internet. Do not expose it liberally everywhere you go.
There’s been a growing concern among users about their privacy, security, and anonymity. The numbers show that consumers were more worried about their security in 2023 vs. 2022.
I’ll be using a Deloitte study for all the data below, so if you want the full picture, feel free to read their study.
Here’s a summary of their 2023 discoveries:
People are becoming increasingly aware about the risk of surfing the web without protection. Cybercrime has risen to obscene heights, and data breaches affect all of us. We’re no longer safe, and it’s time we did something about it!
I hope that you now have a better understanding of how privacy and anonymity define your online identity. Having the wrong expectations about how these two concepts apply to you can seriously impact your online identity and possibly even put you at risk.
Key points to remember:
This has been an illuminating study, even for me. The time for inaction is long gone, and I wholeheartedly recommend everyone to take their privacy and anonymity seriously!
Europa – Eurobarometer
Federal Trade Commission – Consumer Sentinel Network
ID Theft Center – ITRC 2017 Identity Theft and Fraud Predictions
Exploding Topics – 30+ Identity Theft Statistics for 2024
Association Secure Transactions – Terminal Fraud Attacks Increase in Europe
Trend Micro – Business Email Compromise (BEC)
Europa – Data Controller or Data Processor
The Hacker News – KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
Privacy Affairs – Biggest Cybersecurity Attacks Worldwide in 2023