European Workshop on Trust & Identity

In cooperation with GeantLogo184x80


  • Session 7 - Fields of anonymity: understanding the dimensions and futures of identifiability

    Session 7 <Fields of anonymity: understanding the dimensions and futures of identifiability> (11:30/Room K2)

    Convener: Paula Bialski

    Abstract: Fields of anonymity from a sociological perspective: How are the regimes of anonymity changed and maintained? How do they affect social life?
    Topics discussed include: perceived forms of anonymity vs. real form of anonymity, pseudonyms, linkability, risk assessment and more generally, data collection policies by companies and the question of how to raise awareness regarding privacy.

    Tags: Anonymity, Pseudonymity, Unlinkability


    This topic is part of a research concerning anonymity.

    Background of convener

    • Worked on trust, in-house sociologist. PhD: studied couch surfers. How to promote trust to start sharing their trusts. ("What is a couch surfer?” from the pre-airbnb era; two people don't know each other -> need to interact online)

    Project just began in August; it is a trans-disciplinary endeavour between sociologists, anthropologists, psychologists etc.

    Maintaining contemporary high offline world

    Regimes of anonymity: How are they changed and maintained? How do they affect social life?

    Forms of anonymity:

    Useful tool, important for freedom and trust

    Anyone from starting an app, to airbnb, to Wikipedia, etc.

    Q: What are they doing to protect their users? How do they deal with their data and addressing humans?

    --> 20 interviews, half hour to 2 hours.

    Mozilla: contextual identity: promoted pseudonymity in browsing: new system: open tab browsers. You can browse with different names and contexts -> don't have to log in separately, they are going to launch it soon.

    Q: What tools are they inventing and envisioning -for- the users?

    Practise forms of anonymity

    Difference between (1) perceived forms of anonymity <-> (2) real form of anonymity

    • Facelessness/namelessness doesn't mean we're not fully anonymous online.

    Question to audience: incentive for research.

    What tools are being developed to help maintaining the anonymity of the user?

    1. Perceived forms of anonymity

    2. Real form of anonymity

    Convener: you can think of forms of encrypting anonymity -- architectural level: where they 'log in': hardware or more abstract?

    aud3: risk: between (1) and (2): no one goes online to interact with their IDP

    Pfitzmann&Hansen wrote a relevant paper on anonymity, pseudonymity and linkability (

    Online world: anonymity becomes a hard task

    Austrian national ID system: citizens are provided with pseudonymous ID

    Your poster code may be enough to link driver's licence ID to health care ID (-> linkability)

    aud4: opinion on online vs. offline verification processes?

    You can upload documents, videos etc. -> doubtful quality

    Convener: can't really comment on this at the moment.

    aud5: general remark: real anonymity: you can't really achieve it. Triangulation.

    Where does my personality start? Name, address, date of birth...

    Cookies: part of ID. Always possible to link it to my person, always part of it. Behaviour tracked online.

    Organisers of this conference developed a federated model with limited linkability and limited observability. Not a single actor in the system would be able to get back to the ID if the user uses a pseudonym. If one single point of info is given, the relying party does not know everything. This system needs at least two actors to get link. However, there are several levels (IP address, browser fingerprinting) where unlinkability is broken.

    aud6: background: psychologist. Data that is augmented onto your personality. Psychological research: people can assess personal traits reliably by looking at a FB profile for 2 minutes. // guesses on personality traits. Humans use that data // huge privacy issues

    Convener: Is this question something that is discussed -only- in the 'privacy by design' discourse or also in -your- field? Where does this discussion take place? If it doesn't take place at all, is it packed up without wanting anyone to touch it or talk about it?

    Aud7: Background: trusting 3rd party - policy of not storing anything.

    Another issue is acceptance: 'the internet remembers everything'. Company: if you move from one office to another, they should remove everything but in fact, organisations tend to keep everything. As to my experience, a discussion is not happening.

    Aud8: What do we keep anonymity for? What are the goals? Risk assessment/management: What's the current threat and what could go wrong? What measures are the most important to take?

    Conv: quite general, how does it work?

    Bizarre: people want to give away information in community (offline) <-> but in another community, they don't want to give away ID data (online) - WHY?

    aud10: representing ideas of needs of companies and individuals - being in a community: relevant to job - discussing, being in forums etc. -> attributed to CV. what you have posted etc. makes your CV more or less reliable. Companies need proof, they need that to assess someone's qualifications. CV data is not reliable enough at the moment. They’re moving towards social linked data.

    Jamie: Not an expert in the sociological field but it seems that in the offline world, contextual relationships matter. From an early age on, you behave differently towards parents, teachers etc. -> different people -> different expectations. In later life, you apply that to your profession, and private life, respectively, by keeping personal data separated in different contexts. Where does your personality start? Someone got a neighbour since 7 years, doesn't know his name but trusts him because he brings him his parcels. He knows the name of his other neighbour, however, he doesn't trust him, as he throws nails into his garden ;)

    Keeping online contexts separate from offline contexts: sometimes necessary, sometimes it's difficult to maintain separation, e.g. work phone / personal phone.

    Mozilla wiki site: Contextual Identity Project/Containers:

    Convener: How useful are these (which) tools - both for users, developers and site administrators?

    What are the issues which prevent the mass adoption of these tools?

    aud12: Most people don't care although they got responsibility.

    aud13:Awareness is all around. ID security research: Developers only start using tools as soon as it gets into their framework.

    User thinks: somebody has to take care of this. How do we engage people to use it (?)

    aud14:Create a legacy environment (by and large it's not amendable) to practice anonymity. Users can project themselves by means of organisations.

    aud15: incentives! Many people don't care. Legislation is able to create incentives as well to create more privacy. /// There must be something economic about it /// paying fines i.e. (something bad happening). Identity is often not the goal but the key to access something. ID helps me to establish a relationship with government agencies or organisations. They have the ability to change the conversations that help foster relationships.

    aud16:Encrypting products is hard: The vendors of products usually don't have a user interface, hence implementation is sometimes real bad. Crypto-implementations should be created together with the vendor.


    website: reconfiguring anonymity

    Get in touch if you're interested!