Anonymity

- Reading time: 3 minutes -

Foreword

What is meant by “anonymity”?

  • A telephone number that can no longer be read as plain text?
  • No telephone number as an identifier?
  • No identification of one’s own address by third parties?
  • Use of an alias instead of the clear name?
  • Avoidance or reduction of metadata?
  • Not all chat accounts/contacts with the same server operator?
  • Own server operator sees the contacts?
  • Can be used without internet?
  • Concealment of IP addresses?
  • Recipient does not know from whom a message originates?

So you have to ask yourself, which degree of anonymity you want to achieve with which effort (and corresponding restrictions of comfort). For comparison and assessment, it is often helpful to make a mental comparison with e-mail, for example.

p2p systems

For example, do all P2P systems automatically provide complete anonymity? No.

The project Briar describes this very well and tries to prevent misunderstandings:

Briar does not hide your identity from your contacts. It provides unlinkability, but not anonymity. This means that no one else can find out who your contacts are, but your contacts might find out who you are.

Source: Briar-FAQ (external; English)

server systems

As with e-mail, completely anonymous use is not really possible with server-based systems - not even with XMPP or with Matrix. Here the focus is rather on data sovereignty (where do you want to have which data, who is allowed to see which data).

But by using different servers of a system, chat accounts and associated contacts can be separated from each other. Thus a server operator does not see which metadata are generated by another server operator. Deliberately distributing metadata is relatively easy and has practical advantages as well. For example, you can activate a business chat account on work days and deactivate it on weekends - but still be reachable privately via chat.

Push notifications

Push technology on Android or iOS enables de-anonymization and assignment even with supposedly “anonymous” messengers.

Many messengers advertise that they do not know any communication content and only a small amount of metadata and inventory data about their users. However, the messenger providers have a “push token” for almost every user account. And the push providers link these push IDs to a user account with them. This turns a pseudonymous Messenger ID into a Google or Apple account. And they contain lots of personal data. … that investigating authorities explicitly ask messenger providers for push tokens. He refers to them as “long-lived user IDs”. With this information, they can then go to Apple and Google to obtain further user data.

Source: https://netzpolitik.org/2023/push-dienste-behoerden-fragen-apple-und-google-nach-nutzern-von-messenger-apps/ (external)
Further information: https://www.kuketz-blog.de/google-firebase-verlockend-fuer-entwickler-datengrab-fuer-nutzer/ (external)

Conclusion

  • The buzzword “anonymous” sounds great and is therefore very popular in marketing.
  • In everyday life anonymous is often confused with pseudonym - difference according to Wikipedia (external).
  • Important for journalists, activists, secret keepers, terrorists etc. - but for the masses anonymity in chat is not really necessary.

Just like end-to-end encryption, anonymity is important, but **often overrated and differently understood