Anonymity at the System Level – The Ultimate Privacy Protection
More and more messaging apps are introducing usernames, allowing users to communicate without having to share their phone number with everyone. This is certainly a step in the right direction. However, it’s not enough to provide comprehensive privacy protection. To protect users’ privacy, anonymity has to be part of the system architecture.
Many messaging services identify users by means of their phone numbers. Since a phone number is generally linked to its owner’s identity, such services cannot be used anonymously. But why is this a disadvantage? Why does anonymity matter if you’re only chatting with friends who already know who you are anyway?
In order to address these questions, it’s useful to distinguish two kinds of anonymity:
Anonymity in regard to chat partners – “horizontal anonymity”
Anonymity in regard to the chat service – “vertical anonymity”
Conventional messaging services that introduce usernames on top of a phone-number-based architecture – such as WhatsApp – only provide the first type of anonymity:
Users can optionally choose a username that is shown to other users instead of their phone number. This allows users to communicate with people they don’t know without revealing their identity.
However, providing a phone number to the service operator remains a requirement. As a result, companies – such as Meta – can still use the phone number as a cross-platform identifier.
Horizontal anonymity is useful in certain situations. For example, it allows users to communicate with people they meet online without disclosing their identity. Another possible use case is whistleblowing. However, this scenario requires caution unless vertical anonymity is also provided. Even if the identity is not immediately apparent, there may still be ways to uncover it.
While horizontal anonymity is crucial for specific use cases, it’s not of equal importance for all users. Vertical anonymity, on the other hand, is essential to ensure user privacy across the board.
The Gold Standard for Online Privacy
Providers of ad-funded online services have a strong economic incentive to learn as much as possible about their users. The more a company like Meta knows about its users, the more precisely it can target ads to them. And the more precisely ads are targeted, the more advertisers are willing to pay for their placement.
In order to gather as much information as possible about the users, data from different sources is collected, correlated, and merged into one comprehensive profile per user. If a phone number has to be provided to register for a service such as WhatsApp, Instagram, and Facebook, establishing the user identities across platforms and correlating user data is particularly easy.
As WhatsApp’s privacy policy shows, cross-platform correlation of user data is not just a theoretical possibility:
“WhatsApp […] shares information […] with the other Meta Companies. We may use the information […] to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the Meta Company Products. This includes: […] showing relevant offers and ads across the Meta Company Products […].”
Vertical anonymity, on the other hand, ensures that user data cannot be linked to, or merged with, personal data from other sources for advertising or other purposes. As long as someone’s identity is unknown, their privacy can’t be violated. That’s why anonymity at the system level is the ultimate privacy protection – it is to privacy what end-to-end encryption is to security.
