Security vs Privacy vs Anonymity
On this page, I want to explain security, privacy, and anonymity. These subjects often compliment each other, but they are not always dependent on each other. It is important to remember that to some extent, there are no wrong answers here. For example, it’s okay to pick a product because it has better security even though that product may offer little in the way of privacy. The important thing is that you need to be aware what these products and services are offering you so that you can use them correctly.
- Security is defined as “freedom from danger,” or “protection; measures taken to guard against espionage or sabotage, crime, attack, or escape.” Think of it the ability to keep unauthorized people from accessing information, accounts, or other similar things. A real world example could be the way a lock is designed to keep unauthorized people outside of your home.
- Privacy is “the quality or state of being apart from observation; secrecy.” I think of it as the ability to control information. This typically refers to information about your identity, like your metadata. Using the above house again, privacy can be thought of as your ability to control who has the key or the address.
- Anonymity is the state of being anonymous, or “of unknown authorship or origin, not named or identified.” It is the ability to be completely unknown by anyone. Anonymity can be thought of as privacy on steroids. While parivacy refers more to information about you, anonymity refers your actual identity. A good example is Satoshi Nakamoto, the famous and unknown creator of Bitcoin.
All definitions courtesy of Merriam-Webster Dictionary.
As I said, these topics often - but don’t always - overlap. Privacy can help your security, for example, because if people don’t know information about you they can’t answer your security questions. Security can protect your privacy by ensuring that nobody has access to that information about you except who you want.
Security without Privacy or Anonymity
Google has had almost no major data breaches in all their years of existence, yet they know almost everything about everyone to the point that the former CEO Eric Schmidt remarked ”We can more or less know what you’re thinking about.” Google offers world-class security with zero privacy or anonymity.
Privacy without Anonymity
MySudo is a great example of this. MySudo is not anonymous. They can see your metadata, and if you sign up for their masked-card service, they know exactly who you are. However, they help you protect your privacy by giving you phone numbers, email addresses, and cards to give to other companies and individuals so that you can compartmentalize your life and choose who knows what about you. Another example is privacy.com, who allows you to use masked debit cards with literally any information attached to them. Privacy has to know who you are by law to prevent fraud, so they’re not anonymous, but they can help you control who else has access to your real identity and information.
Anonymity without Security
Paying for a product in cash preserves your anonymity - unless the business requires it, you don’t have to give any kind of information at all. Yet, you have no security if the seller doesn’t deliver the item, and you have no protection from fraud or anything like that.
Security & Privacy without Anonymity
With Signal, because your phone number is required, you can be unmasked by a court order or even a web search depending on the phone number you use. However, Signal is renowned for having some of the best security in the world, and the content of your messages and the information you transfer will be protected and controlled even if your identity is not.
Privacy without Security or Anonymity
Forgive the crass example, but think of using the restroom when you go camping. You can find some bushes to hide behind and that will give you privacy, but have no security or anonymity. There is nothing to stop anyone from finding you, and if the police decide to ask for ID you have no protection from that request.
Security with Privacy & Anonymity
XMPP is a perfect example of this. XMPP allows you to sign up without any real information, over a VPN or Tor connection for total anonymity. Additionally, the conversations can be protected by OMEMO encryption, meaning the data itself is also secure and private. When used properly, this is as closed to perfect as you can get.
As I said before, these three concepts are not necessarily dependent on each other. A secure product does not guarantee privacy, a private product does not guarantee security, and anonymity does not guarantee either. Also as I said before, there is nothing wrong with valuing one facet over another. Just be sure you understand how a product is meant to be used and what the risks are. It would be awful to use Google thinking that it will give your communications privacy and then your financial details get stolen by a rogue employee. Or if you used a service like Signal to organize protests in a hostile country only to be arrested once your phone number is unmasked with a warrant. Know the limitations of the services you choose and decide what features are important to you. This website largely focuses on basic security and privacy, and attempts to find the best blend between the two, in addition to keeping user-friendliness in mind.