Troels Oerting, head of Europol’s Cybercrime Centre, said in a recent interview:

I think that you have [the] right to privacy but that doesn’t mean that you have the right to anonymity.

Explicitly hiding your identity (i.e. anonymity) is not something we need to do in the real world to have some privacy. This may explain where Oerting’s statement comes from. On the Internet this doesn’t make sense however. You cannot have privacy there without anonymity. For many people this is perhaps counter intuitive, so it’s important to discuss why this is so.

In the real world you don’t necessarily need to hide your identity in order to have some form of privacy. For example, if you walk in the street you will only be recognised by people that know you. For everybody else you are just a passer-by that they will forget about in an instant. Unless you are famous, there is no need to wear a mask or dress in a burqa to have some privacy.

We would be very uncomfortable if suddenly everybody around us would be walking around wearing a motorcycle helmet. Full anonymity in the physical world is frowned upon. In fact New York Police applied an 1845 law prohibiting groups of people to wear a mask during the Occupy Wall Street protests in September 2011.

Consider another example. If you mention your name in passing to someone else, they would have to make an effort to remember it for later reference. They would have to actively memorise it, or take a note. Without this effort even in this case you have some level of privacy. (Ignoring for the moment the additional effort required to remember what else you were saying, what you were doing, what you were wearing, etc.) In the real world interactions are ephemeral by default: they leave no trace, at least not a perfect one that lasts forever.

We would be uncomfortable if we would be photographed, videotaped or recorded wherever we go. We rely on a certain restraint (which is exercised less and less unfortunately, witnessing the increasing use of video surveillance for example) in this regard to keep this fragile level of privacy in public space without having to resort to conscious efforts to conceal our identity. Google glass certainly sparked some controversy in this respect, resulting in it being banned in certain venues. We would be similarly upset if shopkeepers would start copying our photo-id whenever we have to prove we are over eighteen when buying cigarettes.

As a result it typically takes considerable effort for the average person out there to retrieve your full identity, or to recall details about a particular event you were involved in. Theoretically speaking they could, so formally speaking you are not anonymous, but in practice this is only worth the effort in extreme cases. For example when investigating a crime. Law enforcement has to invest a similar effort in establishing the full identity of a person, given some physical identity information. What’s more, this effort increases linearly with the number of people they want to keep an eye on. Laws of nature therefore limit the scope of surveillance in the physical world, without ordinary people having to go through the effort to be (more) anonymous. This creates a balance in power.

Summarising: you don’t need to do anything special to have quite a bit of privacy in the real world.

How different is identity on the Internet. There identity is a binary concept: either you are anonymous, or you are fully identified. There is hardly any middle ground. Any identifier is useful for anyone that knows it to single you out, and trace your activity on the Internet. Even if at the start it is unclear who exactly a particular identifier points to, the picture will get clearer in due time as more information is collected that is associated with that identifier. Cookies are great examples of such identifiers. So are user names, email addresses and the like. Given one such identifier your privacy goes up in smoke.

Whereas in real life you need to make an effort to remember something, on the internet you need to make an effort to forget. Systems routinely copy all information they get their hands on. Storage cost is very very low. While there may be an initial cost associated with building an automated system to recover the full identity of a person given some identifier, the marginal cost (once you have that system) to link identifiers to full identities is also very low. The laws of physics do not protect us here.

Summarising: you have to do something quite special simply to have just a tiny bit of privacy in the virtual world.

In the real world, browsing the items for sale in a shop in relative privacy is trivial. On the Internet you have use Tor, or block cookies and scripts. What is the default in the physical world takes considerable effort online. On the Internet you cannot have privacy without anonymity.