Thursday, May 8, 2014

Multi-Persona Anonymity

Recently Janet Vertesi, an assistant professor of sociology at Princeton University, tried to hide her pregnancy from the internet.  While she found it was extremely hard and some have questioned the value of going to the trouble, I believe her experiment may be seminal.  Here's why.

Anonymity vs Privacy
But before the why, a little discussion of privacy and anonymity.  There has been much debate about privacy, but it is assuredly dead.  This report proves it.  None of the things Janet did were private.  Each was logged, tracked, analyzed.  However, they were anonymous in that they were not correlated back to a central persona; to her.  I think this is the fundamental difference between privacy and anonymity.  Privacy means no-one or few know what you did.  Anonymity means no-one or few know it was you.

What Janet did was anonymity.  Her purchases were tracked and shared.  Her browsing habits were tracked and shared.  Her purchases were associated with an anonymous address, (an Amazon delivery locker).  Of the things she did, communicating her pregnancy by phone or in person was probably the only private thing she did.  Even that was probably not a great idea as the metadata from the phone calls and the phone call content it's self could easily have been recorded.

Why What She Did Was Important
What Janet did was seminal:

  1. She proved you could could disassociate multiple personal personas through anonymity.  Something that is no longer possible through privacy.
  2. She identified the touch points necessary to disassociate and proved they could be disassociated, at least for a short period.

To expand on the first bullet, people think they want privacy.  They don't.  They want to do things without everyone knowing they did them.  That will never again be accomplished through privacy.  However, it can be accomplished through anonymity.  The trick is to maintain multiple disjointed personas.  In this case, Janet had two: "a pregnant woman" and "indeterminately pregnant Janet".  However, people could have multiple personas: "Work", "Family", "Hobbies", etc.  All kept completely separate.

The 'how' of keeping them completely separate is captured in number two of what Janet did.  She determined what the touch points were. As an example:

  1. Communication
  2. Physical interaction.  (In this case transfer of goods)
  3. Economic interaction
  4. Authentication

She also identified ways of dealing with all of these: in-person communication, amazon lockers, pre-paid debit cards/cash, separate email addresses to create accounts with.  Unfortunately, there are multiple issues with what she identified such as monetary limits, potentially monitored phone calls, physically accessing the amazon locker, etc.  This is where the technology community needs to come together.

The Future
We need to stop trying to ensure privacy and instead start trying to ensure anonymity between personas.  We already have the building blocks.  Bitcoin provides economic interaction.  VPNs, anonymizing proxies, TOR, etc provide communications.  Crypto-currency based identities such as namecoin can provide anonymous identities for personas to authenticate against.  Even physical interaction could be anonymized through things like full-body suits.  Just such a physical situation is envisioned in the movie Surrogates.  However, we need to make anonymizing multiple personas the explicit goal of the tools we create to ensure they provide the security we desire.

This does not eliminate the need for privacy.  There will be locations where a person's personas interact.  Historically, this is a person's home.  This is why it receives unique legal protection.  However, this could also be a business model, allowing people to change personas, allow interaction between personas or shed/create personas in privacy.  This would likely be a physical facility with little to no monitoring behind closed doors. An example even exists in the Game of Thrones universe.

Ultimately, it will end in an arms race.  Those hoping to attempting to associate different personas will compete against those maintaining different personas and the projects to produce the tools to allow them to do so.  However, as the abuse of breaches of privacy become more egregious, the practice of strictly maintaining multiple personas will become more socially acceptable and the act of attempting to associate personas more malevolent.

In Summary
What Janet did is seminal and should open our eyes to the world we really live in.  The sooner we start work on maintaining separate personas, the sooner we may be able to enjoy the benefits we will never again get from privacy.