Five reasons why online anonymity is here to stay, and why it’s (mostly) good

I’ve written about this before, but in the wake of the appalling racist abuse faced by members of the England men’s football team, there has been yet another (well-meaning) call to “ban anonymity on the internet”, and variations on this theme. I understand why this is so popular. Anonymity can be intoxicating and just as some people get happy-drunk, others start swinging fists. In just the same way, this Gyges effect can breed some of the worst kinds of behaviour online. People become unidentifiable and next thing they’re murdering the king and seizing the crown, or pouring out racist tirades on Twitter. A knee-jerk reaction, then, is to remove the invisibility ring from their finger. Snatch away the mask. Pull up the rock. Expose the creeps hiding in the darkness beneath.

But removing anonymity from the internet will not be the glorious utopia that people imagine. In fact, it would actually be quite the opposite. For many, it would be a dangerous, living nightmare, fraught with appalling human rights atrocities and daily fear of persecution. Here are just five reasons why:

Knowledge is power, so who gets all this power?

When you argue for disclosure of identity online, who exactly are you wanting it to be disclosed to? Who is the gatekeeper that accepts your credentials and lets you on the internet? Basic authentication requires holding huge databases of information about people to check IDs and passwords against, so someone has to hold onto a lot of data. Let’s say you think it should be held by the social media platform. Well, commercial entities have an extremely dubious track-record of handling private, sensitive information well. I refer you to Cambridge Analytica, just as a start, but it’s more than this. Some of these corporations make plenty of money selling information, some actively harvest as much information about people as possible that’s far beyond the remit of anything they need to know (e.g. sexuality, religion, etc.), and some find it easier to operate in certain territories if they grant various agencies access to their databases.

So you might say, well, then, each government can store all its citizens’ data. Sure. It could. And it could also be a government in a regime that has serious issues with your particular ethnicity, religion, sexual orientation, gender identity, politics, voting history, whatever. And now they have access to all your social media, which they might decide to analyse to identify “people of interest” with whom they “just wanna talk”. Some governments would absolutely use this insight to facilitate quiet acts of genocide. To create an even more hostile environment for refugees, immigrants, and other vulnerable groups. To target individuals with pro-government messages. (Again, Cambridge Analytica.) To engage in hostile state acts across borders. To censor, tyrannise, disinform, and manipulate.

And how this would all interplay with people operating in dangerous contexts, such as journalists in warzones, or people with extremely high levels of clearance, and so forth, I can’t even begin to imagine.

Knowledge is valuable, so who safeguards all this value?

Data breaches are one of the biggest under-reported travesties of this current decade. And any entity with a stockpile of valuable critical info is a prime target. But (a) no matter what the law might say, massive data-holders are in no hurry to advertise when they’ve been breached, (b) plenty don’t even know until years after the fact that breaches have taken place, and (c) some of them, quite hilariously, “accidentally publish” your data because oops. Think I’m kidding? Organise this table by method and then scan over the reasons. You will cry. Then organise it by number of records and have a look at some of the names in the top twenty breaches: Yahoo!, Facebook, Yahoo!, Facebook (this is not a typo), Instagram… Heck, just order it by name and tick off all the major social networks and governments.

So even if the identifying information is simply held on a back system and only handed to authorities when required, imagine that there’s a giant breach of everyone’s information one day. If you’re lucky, you’ll just be short some shiny gold coins of the realm when your banks get emptied. If you’re unlucky, the online offenders now know which accounts belong to your kids.

Who enforces and who pays?

The platforms most people are bothered about – Twitter, Instagram, SnapChat, etc. – are quasi- or fully-global and not all countries have robust, or even any identification laws. So, to make the removal of online anonymity happen, an agency or organisation (who? where from?) will just need to…

  1. overhaul and harmonise identification law standards worldwide, from the ground up, and
  2. find ways to check meaningful segments of the population to make sure everyone has just one ID, otherwise you’ll be cutting some people out of critical infrastructure whilst other people get two or three identities online, and
  3. service this new system, including updating records as people are born, change names, move, lose their old email address, die, etc. and
  4. police this new system, including writing, implementing, and enforcing similar legislation worldwide, and prosecuting identity thefts and frauds, which would turn into a raging black market overnight, and so forth.

And of course this all will take extraordinary amounts of resources – staff, bureaucratic systems, policing and courts, computing – and that all means money. So who is going to pay for this? How will it be managed with countries that have a lower GDP? Should countries with very little online infrastructure have to take part? Why? And no matter what you do, individuals in more rigorously vetted and enforced countries will be at an immediate disadvantage.

In all of this I haven’t even nailed down anything like the actual logistics of how this would even operate. Would you have to log into the internet at the point of access? Or just when you go on social media? If the latter, would interactive platforms have to join a register so that they can have users comment on their sites? What happens if you accidentally leave yourself logged in at the phone shop and someone takes your profile for a racist ride through football Twitter? And what if you get drunk and take your own profile on a disgusting Twitter streak but then you play the “I got hacked” card? Is that for the police to investigate? The social media platform? This special Anti-Anonymity Agency with its giant budget and seamless global operational record?

What if some refuse to take part?

Some countries might, quite rightly, object to this plan for all the reasons I’ve given above, and more besides. And some might object because such systems could be extremely detrimental to the financial models that their countries rely on. Whether we like it or not, some places survive by being crime havens, and those countries would likely opt out so that they can also be the new “tax-havens” of online anonymity. This would appeal not just to less-than-savoury individual users, but also to platforms who decide that it’s high time to move their servers to that location. And there are *plenty* of countries happy to play safe harbour for dodgy practices if it means taking in a huge corporation that can pay handsomely.

And there are bigger, more practical problems. The general population is likely to have opinions on this matter and when they realise quite how extensive the invasion into their privacy would be, I would bet ready cash that they will think this idea is The Worst™. After all, the vast majority of people are not criminals, or really even close to it, and yet there aren’t many of us who would be happy with a total stranger recording and leafing through our browser history. The idea that a government or corporation might be logging everything that every one of us looks at, reads, researches, watches, is horrifying. And I refer you back to my first point. The idea that they wouldn’t use this is also laughable. So, once it becomes clear to everyone how many freedoms they will be exchanging in return for making the bad guys tell us their names, how in god’s name do you stop everyone from simply jumping on the likes of TOR? As a much more practical extension of this, how, exactly, would you stop someone from simply creating a brand new, anonymous internet – net2 – that everyone immediately colonises? Technically it wouldn’t be that difficult. There are multiple “internets” out there, it’s just that most people are only familiar with this one. But you know how fast Alex from Greenwich would download a new browser if it meant they could get back to anonymously tweeting Ryan Reynolds with tiny haiku.

But most importantly of all…

Who guards these new, anti-anonymity guards?

If each government holds the data and they clearly start using it for nefarious purposes, how do you stop them? How would you even investigate and police it? Another anti-corruption agency on top of the first one? And if a private corporation holds it, how do you stop them from having an army of lawyers on standby to advise them so that they get the absolute maximum flexibility to do with it exactly what they like? And at the micro-level, what do you do when one of the employees of this new system uses their access to stalk, harass, destroy someone? That will happen, by the way. It has happened so often there are lists on the internet of the 27 times Chad from Unnamed Ride-Hailing App sent creepy texts to customers. Anyway, an “accidental” leak of information could get someone killed, and that kind of power attracts interest, so your employees had better all be the very souls of integrity who would never accept money or favours in return for information or “accidental breaches”. What do you do when (and again, it will happen) the data-storage government or corporation sells off chunks of their information to other countries or corporations or organisations? What do you do if a previously compliant country elects an extreme government that withdraws from the agreement and now has a ton of data that they can play with as they like? Another war breaks out? A terrorist regime takes over a country and gets control of the data?

Okay, point made

And last but not least, let’s just tackle the most obvious logical counterpoint. Let’s imagine we could overcome all these problems and force people to disclose their identities. If this really were such a magical silver bullet, then why is Facebook a spectacular abyss of unspeakably awful content? Facebook “require[s] people to connect on Facebook using the name that they go by in everyday life” and yet you can find groups promoting violence, extremism, eating disorders, and more.

And let’s just take a moment to appreciate Nextdoor. On this hyperlocal app you are not only required to “use [your] full, real name” including first name and legal last name, you’re even expected to verify your address. This then puts you in a community of others living within a few kilometers of you. Surely no one would crap out a disgusting opinion on their own doorstep, right? Wrong. Nextdoor is so wildly unsuccessful at stopping people from being raging arsegibbons that Best of Nextdoor, which tweets all the most eyebrow raising content from the app it can find, has murdered the official Nextdoor Twitter account by amassing literally ten times more followers.

Finally, to return to our England team and the awful abuse they faced, remember that some of the people tweeting racism were doing so using accounts that disclosed not only their own names, but in some cases, their photographs, employers, kids, loved ones, religions, links to other profiles, regions, and more. And some of these accounts had histories of similar types of tweets. You might argue that every single one of these was a fake account. A clone. Some sort of plant to get an innocent person in trouble. Fair enough. Then what about prominent people with validated identities who have openly tweeted awful content? Too famous for you? Then have a glance at the innumerable “Top twenty tweets that got people insta-sacked” pages out there. (I’m not linking to any because they’re usually rife with pop-ups and spam. Pretty sure you can find your own.) Anyway, not every anonymous person is awful, and not every awful person is anonymous. And plenty of awful not-anonymous people have been getting away with their behaviour for years.

To bring this to a conclusion, anonymity cuts two ways. Yes, it absolutely does protect offenders and malicious actors of the worst kind, and we need to figure that out. But it also protects a substantially higher population of ordinary, innocent, and especially, vulnerable people. Online abuse like racism is, without question, unacceptable and we should be dedicating huge resources to tackling it, because it is abhorrent in its own right and because it is symptomatic of much bigger problems. However, removing anonymity from the internet would open the floodgates to a lot of far darker and more awful behaviours.