Przemek Jaroszewski suggested that we need a new approach to privacy on-line: actually trying to achieve privacy, rather than anonymity.
Privacy is a very basic human instinct: a need to have control over information about what happens in our private spaces. Unfortunately there also seems to be a matching basic instinct to be interested in what happens in other people’s private spaces! Furthermore, even concepts of what spaces are private, and what behaviour in them is appropriate, seem to vary significantly between both individuals and cultures, so the situation is complex even in the real world. On the Internet we haven’t even worked out what our private space is: some people consider anything on the Internet to be public, even though a lot of what we send across the Internet (credit card numbers, health data, etc., etc.) would clearly count as private in the off-line world.
One response to this has been to attempt to provide on-line anonymity, by making it impossible to link Internet activity to a real-world person, or even to other Internet activity by the same person. Using technology to reduce the amount of information we expose, and to limit the possibility of it being linked, may well be a good thing, but complete anonymity seems more likely to promote bad behaviour than good. You also need to be very careful in your choice of anonymisation service, since they will probably have access to more personal information about you than any other Internet service! Furthermore research is also suggesting that it may actually be hard or impossible to prevent linking.
So we need to take another look at real privacy: establishing technologies, norms and laws to give individuals the ability to control what is done with their personal data, and building trust in the organisations that do need to use information about us that they will take good care of it. Unfortunately the interest of users in anonymity/secrecy has been matched by a similar attitude among organisations favouring secrecy over privacy. To break this spiral, organisations need first to be open about what information they hold and what for, and then to demonstrate that they live up to these statements. As they become more trusted, the flowof private information around the Internet should approach a natural and appropriate level, rather than the extremes inspired either by secrecy or by commercial gain.