There are very important roles for anonymity systems if they are properly designed and implemented.

NETWORK ANONYMITY: TOR provides critical network anonymity for a number of very important uses. Bitcoin wallets are looking to use it to protect users from the lack of privacy in the blockchain and the fact that users are literally broadcasting their bitcoin wealth and IP addresses when transacting effectively putting up a ‘come rob me’ sign on their network. This is just one example of the need for network anonymity. Our former Chief Scientist Dr. Ian Goldberg as chair of the TOR foundation ensures that the threat model & implementation of TOR provides the protection that users expect. Attacks against the TOR system are discussed openly continuing a cypherpunk & Zero-Knowledge tradition of not subscribing to security through obscurity.

Human rights workers, citizens seeking anti-censorship techniques, counter-surveillance uses are all among the many benefits of TOR and were the original use cases we envisioned for our Freedom Network.

CRYPTOGRAPHIC PSEUDONYMS: Despite this network layer of anonymity, we never offered anonymous identities. We offered cryptographically assured pseudonymous identities that came with email addresses, public keys and we spent millions developing cryptographic limited disclosure identity credentials that would allow someone to prove they were over 18, or a citizen or member of a group set without ever revealing their real identity.

The reason we never offered anonymous identities or communication, was a basic understanding of iterated prisoners’ dilemma. Conversations, communities, relationships and strong emotional bonds are formed through a social form of iterated prisoners’ dilemma.

When a participant in iterative prisoners’ dilemma has no identity or feels free from the responsibility of their actions in social interactions communities quickly degenerate into a race to the bottom. This is when trolls, abusers and the worst part of our humanity starts to become a strategic advantage in seeing your actions get more attention by continuing to push the envelope of acceptable behaviour.

We chose cryptographic pseudonyms for a reason. So our users could go to Usenet and develop relationships, share their stories, engage in two way communication while having total privacy.

We chose pseudonyms so that we could enforce anti-abuse provisions of shutting down identities that violated our service agreements (such as threatening someone or POTUS which happened more then once). We hired Dr. Adam Back to implement his cryptographic anti-abuse system Hashcash to ensure that pseudonyms were following the network rules.

Pseudonyms had a cost on purpose. Not only to provide us with revenue (which never amounted to a fraction of what the network cost to operate) — but to create a disincentive to use pseudonyms as throw away identities to anonymously harass or abuse people.

Did we have issues of abuse? of course. But the decisions we made imbued our product with a sense of being able to feel totally private & safe from prying eyes on the Internet. We saw thousands of more positive uses of our technology than ever negative.

We felt that the benefits of protecting users from profiling, national security mass snooping and hackers was critical to civil liberties on the Internet. We may have been 14 years too early (or Snowden was 14 years too late) but it was a worthy mission and we considered the consequences of every decision, security architecture and identity decision we made carefully.

We imbued our product, company and marketing with the goal of making the world a better place. We faced the potential issues of abuse ahead of time with strong technology development. We took time to have careful consideration of each policy, technical and operational decision.

TEENAGE IDENTITY EXPERIMENTATION & PRIVACY: I’m the proud uncle of 5 nieces (one nephew). My sister kept my older nieces off facebook and closely monitored their activities to insulate them from predators and some of the social issues affecting young women (and boys) online. My oldest niece is in high school and still does not have a Facebook account.

I’m also the ‘adopted’ uncle to my best friends’ daughter who is a beautiful 13 year old girl who looks like she could be 17. She has hundreds of friends on Facebook. She like many teenagers face new social pressures to establish her identity online mainly through Facebook. She also has been proposed numerous times by predators and child molesters attempting to get her to engage her in numerous age-inappropriate activities.

I’m her friend on Facebook and with her parents we often discuss the social pressure of positive affirmations that her peers provide to do things like selfies. Teens today engage in social exchange by posting selfies and conduct their much of their social lives online. I had to pull her technology challenged parents aside and suggest that they remove snapchat from her phone. She now understands the dangers of snapchat after one of her friends had age-inappropriate photo’s that were suppose to be ephermeral and dissapear captured and shared at school to her shame. I’ve had discussions with her (as have her parents) on how to find the right balance of interacting with her peers while being social and thinking of the long term consequences of her activities being searchable / archived forever.

When Moot (i.e. Chris Poole) spoke at the TED conference a few years ago he we had a great conversation about the value of anonymity in creative experimentation of identity as we develop into adults. I’m a big fan of Chris and the 4Chan community. There is a known expectation of silliness, anonymity, culture hacking and also identity free collaboration that allows that community to work. Personally it’s not my type of community but I think it’s important in that it’s elective. People choose to hangout there and the messages and discussions are ephemeral with their own version of pseudonymity.

A couple of weeks ago Chris sent me this link where he talks about our conversation and some of the nuances of identity and anonymity recently.

https://www.youtube.com/watch?v=otozNUPm_ig&t=4m22s

(note: Chris missed some details of the full goals of our design for Zero-Knowledge — but the conversation still holds true & to be fair, we had more than a few users who used our service to explore erotica)

The whole concept of how teenagers interact with identity, privacy and pseudonymity is an open problem set. I dislike like the current social default whereby activities are going on their permanent records without any privacy. The expansion of Facebook to younger teenagers I think was premature and I wish a greater thought went into providing them permission to have more selective identity disclosure, but this is not an easy problem.

COMMERCE: I won’t go into the problems that the payments industry (especially bitcoin) face with lack of privacy and anonymity, but this is a huge industry that needs to be remade to provide users with more information self determination while engaging in commercial transactions. The lack of consumer empowerment to be able to authenticate payment validity while not revealing identity information is ridiculous given how long the technologies of privacy have existed. This is true for credit cards, book entry account based payment systems (Paypal etc) and is even more true for bitcoin where the public ledger provides less privacy & selective disclosure control then banking.

Aside from consumer information self determination in commerce, the entire financial products industry will face huge competitive intelligence issues when their trading activities can be data mined on the public blockchain.

DATING: I think there is a huge opportunity to do selective permission based disclosure for the entire dating sector. There is a huge group of people who may not be comfortable throwing themselves out there on Tinder and may want to reveal identity details in stages. I have yet to see someone do a smart, secure and trusted system to encourage staged selective disclosure of identity for a huge sector like dating.

These are just a few quick examples of areas where I think the default behaviour of pseudonymity or anonymity have a huge value. There are many others.

Now How I Really Feel — Criticisms

Recently a reporter (who I really like) wrote about a story I told during a panel discussion I participated in at Montreal’s FailCamp. He commented,

For those who haven’t had the pleasure of meeting Hill, he’s quite a likeable and bright tech geek. When he does public speaking engagements there’s a comfortable air of confidence in his tone, one that I’ve always perceived as “not-giving-a-shit.” This is probably because he’s built so many companies, encountered so much personal and work-related success and failure, made so much money and dealt with so many different people throughout his career.

What he got wrong is that I do give a shit. In fact I care deeply about theses issues. I’ve been building the Internet and involved in online communities / entrepreneurship since 1990. The reason I told the story he wrote about is because I care what kind of companies entrepreneurs create. I view entrepreneurship as almost a religious calling. It is our privilege to look into the future and create another type of world. The reason I told that story at FailCamp is because it was turning point for me where I eventually decided that I wanted to build a future that I could be proud of. It’s the responsibility of an entrepreneur to think of the lasting impact of their service. So when I criticize these companies it’s not because I don’t give a shit. It’s because I care about these issues more than most.

So……

I am going to focus my criticisms on the two well funded companies in this space, Whisper and Secret.

Some criticisms are similar to both companies and some are specific to the individual companies.

A Common Criticism & Their Collective Worst Sin

FALSE EXPECTATION OF ANONYMITY: The security model for both these applications is horrendous and irresponsible. They give the user an illusion of privacy, encourage users to say things without the burden of identity (both in good or bad cases) — but then provide no real anonymity or privacy is deceptive.

What happens when rumors of acquisitions are true and blow up a pending deal and destroy a company. What happens when the civil lawsuits and demands to disclose user information, IP address start to occur. What happens when a libel case, or a harassment case leads to a suicide and the lawsuits fly or criminal prosecution begins to reveal or force the retention of IP information of that user the next time they login. We will see both these companies and their users who thought they were anonymous dragged into court.

Think it won’t happen? Look at your history. From 1994-1996 Penet.fi was the default way to engage in discussions with some anonymity. In it’s third and final compromise the Church of Scientology sued (for the second time) to force the operator to turn over user information and Julf decided that since he couldn’t provide the anonymity users expected the responsible thing to do was shut down the service.

Neither of these companies have done the bare minimum to develop a security model that backs up their claims of anonymity and they both should be ashamed. It is the pinacle of irresponsibility to ignore basic security, cryptography, litigation and network design threat modelling but promote yourself as anonymous.

Criticisms of Whisper

I know that many consider these two companies and applications to be very similar but I don’t. I wrote this company off completely the minute they were celebrating the fact that they were the first to break the rumour that Gwyneth Paltrow was cheating.

Are you kidding me? Out of all the problems on our planet that need our skills as entrepreneurs, out of all the incredible opportunities to improve the lives of our customers or fellow human beings — we need to fund & waste engineering talent to build a better TMZ?

I do not doubt that voyeurism and rumour mongering are popular leading to profitability. It’s the reason why every grocery store check-out isle is packed with tabloid magazines and not Popular Science or The Economist. But really?

What a waste. If you’re an engineer at Whisper with any skills I suggest you recheck you goals & priorities and then start circulating your CV. There are so many worthy startups that are doing meaningful things. So many worthy ideas that need engineering, design or attention. I know Whisper is funded. I know they probably have aspirations of a massive exit. But if you are an engineer at Whisper try never reading anything but InTouch magazine & TMZ for your entire tenure at the company and then decide if that’s how your skills are best utilized.

As for the investors in the company, I’m at a loss. I learned during my time as a VC that VC partnerships are like marriages. It’s impossible to judge any individual one unless you are part of it. I’ve made my fair share of mistakes and compromises in VC partnership meetings where we decided on funding deals, but I seriously question why $54 million in capital decided that of all the opportunities out there an improvement on TMZ was a worthy use of partner time and capital allocation.

Criticisms of Secret

I’ve heard the defenders of Secret reference the incredible PostSecret project a number of times. Amongst the many horrible messages on Secret there are also many heartwarming, funny and touching stories.

Certainly allowing people to open up to a community with messages like discussed in this message do show some redeeming values.

From this article, https://medium.com/p/4ffa1043a0ef

From the same article, https://medium.com/p/4ffa1043a0ef

I’m a huge fan of PostSecret. Meeting Frank Warren and hearing first hand some of the incredible stories that he’s collated and curated was a personal highlight of mine.

At the same time it should be pointed out that Frank after only 6 months and 2 million users voluntarily pulled the PostSecret app off the app store due to overwhelming and in some cases horrific abuse.