[dcow]

> There are plenty of places where default anonymity makes a lot sense and it is important to a good societal structure.

Can you list some examples of the types of places where you think this property holds true and explain what you mean by "good social structure"?

> History has shown time and again that those in positions of advantage will abuse their access to information for their own gains.

What are some examples of scenarios where this has happened in relation to online identity where there have been legal restrictions in place that would have otherwise prevented it? The healthcare industry and credit card industry seem to do a pretty good job of protecting sensitive information, for example.

> Increasing the surface of your online activity trail can and will be used against you by a bad actor when the opportunity arises.

How anonymous do you think you are online? If you're not deliberately taking steps to conceal your identity, your trail is thick and clear for the people who know how to track it. And that's an actual problem: people track you even if you think you're anonymous and we have no legal protection in place to prevent abuse of data that can identify you online. If you are in a position where you need to *depend* on anonymity, you simply can't because nobody will respect your wish. So the internet operates in this grey zone where because we have no rules governing abuse of PII, everyone throws on the cloak and turns to anonymity as the answer. This degrades our ability to fight spam and makes things like strong mutual authentication very very hard to do because platform vendors can't ever expose any sort of fixed identifier because privacy. Look at the insane things Apple does: zero out your mac address when scanning for wifi networks and recently issue a new certificate for every single use so that a persistent identifier does not show up. And look at IPv6, we invented "privacy extensions" where you generate a random IP every few minutes. These hacks break functional systems because we don't understand how to regulate the internet as a society.

All that is somewhat irrelevant, though. We're talking about the identity relationship between you and a service, not necessarily "the features of interacting with the internet that can be recorded and tracked either on purpose or incidentally". Do you think your email address makes you anonymous? Again, unless you're deliberately taking steps to maintain pristine op sec with your online browsing, you identify yourself to service providers one way or another. And again, the problem is people think they're anonymous when they really aren't so they misinterpret what it means to be anonymous and its importance in good societal structure. I honestly don't see a difference between providing a service your email address or your physical address or telephone number. What's so bad about having a third party say "yeah, this person is who they say they are" and optionally "and here's the list of verified fields"? The internet is the only place where people get weirded out when someone asks for an ID. Do you not show the bar tender your ID when asked because you need to be anonymous at a restaurant? How about at the gas station, the liquor store, the axe throwing range, the DMV, the hospital, when making a purchase on a credit card, taking out a loan, etc. What real world interactions do you have that are primarily anonymous? It's not normal.

Strong identity combats spam and abuse. I would choose strong identity over spam almost every single time. I do not disagree that there are some online communities that are respectfully anonymous. But do you think e.g. Reddit is one of those? Because I do not. Regardless, you can still both a) identity check and b) run an anonymous community (and c. not store identity information). You don't have to expose the identity data in the product/community/forum itself, so nothing about making identity easier to use and more streamlined defeats the ability to operate pseudonymous services in the least. I really don't understand the "anonymity by default is good for a wholesome society" angle whatsoever.

[potamic]

Oh no, I'm not going to go down that slippery slope. We are not talking about CIA whistleblower levels of anonymity here. This is just basic sanity. You may never be able to fight abuse 100%, so it's good practice to reduce the surface of compromise as much as possible. If the information is not needed, just don't send it. It's about de-risking the possibilities. The fact that banks, healthcare institutions etc. are trusted within a boundary does not automatically mean every tom and dick company out there should be trusted as well. There must be a strong justification for access to identity and spam is certainly the weakest out there. Fake identity is not hard to create. Bank fraud is rampant in many countries where fraudsters run large rings using such fake accounts. If banks are not able to stop these, online communities for the purpose of bot detection most certainly won't.

[dcow]

Fake identity is is not hard to create online. You’re right! That is the problem. Fake identity is orders of magnitude harder to create in meatspace. You don't solve that problem by saying “welp I guess we just have to deal with spam to realize pseudo-security via anonymity”. I don't disagree about privacy, even. I think you’d find we agree about not sending information you don't need. Where we talking past each other is on the topic of anonymity vs privacy. I want strong identity and privacy and tools and laws that protect my identity and privacy online as well as offline. Tools that let me manage who has access to my private information and for what use cases. Tools that alert me when that information is accessed or shared. Tools to allow me to verify the information provided by others is genuine. This has nothing to do with anonymity.