In a comment on an earlier post Stephen Engberg says:
Ben, I think you are missing the main issue here. The clue to online security is not anonymity but the ability to isolate a context. Within the context, you can achive convenience without adding substantially to linkability.
â€œFreedom with accountabilityâ€ means that it is ok to be accountable in a context, but not to have all contexts linked. It is a one-way street from context to person without the link from person to context.
In other words, we need to break the illusion that privacy is about non-accountability. It is true in some instances such as the protection of certain rights of minorities. But not in the general term when it comes to commercial or government transactions.
I don’t really understand where this is coming from at all. Firstly, “online security” is way too general for me to have any idea what he really means.
Secondly, I didn’t say that anonymity was required in all circumstances, but unless you have anonymity you cannot achieve unlinkability, so its a requirement that the underlying system supports anonymity. Anonymity is the TCP/IP of Identity Management.
Of course, there are contexts in which transactions are inherently linkable – for example, if I get stuff physically delivered to me, then different deliveries are linkable, at least to my address, if not necessarily to just me. But, if I want any chance of separating contexts, then I have to have access to resources anonymously.
Anonymity, of course, provides non-accountability. So, rather than “need[ing] to break the illusion that privacy is about non-accountability”, we need to do exactly the opposite – make everyone understand that in order to have any privacy at all, we must accept the side-effect of non-accountability.