[joho] JOHO August 21, 2006

  • From: David Weinberger <dweinberger@xxxxxxxxx>
  • To: joho@xxxxxxxxxxxxx
  • Date: Tue, 22 Aug 2006 19:09:57 -0400

Journal of the
Hyperlinked Organization
August 21, 2006
by David Weinberger (self@xxxxxxxxxxx)
To unsubscribe: send a message to
joho-request@xxxxxxxxxxxxx with "unsubscribe"
in the subject line.
For the fully glorious illustrated and
hyperlink-saturated online version, please visit:
To view this issue correctly, please use a
monospaced font such as Courier and stretch your
window until it all makes sense.

+---------------------------------------------+ | CONTENTS | | | | ANONYMITY AS THE DEFAULT: As digital | | identity management systems come on line, | | the norm is switching from being anonymous | | to being identified, with unintended | | consequences we may not at all like. | | | | ONE WEB DAY: Earth Day for the Web. Come | | celebrate! | | | | MY HUNDRED MILLION DOLLAR SECRET: I've | | self-published a kid's novel. You can buy | | it or read it for free. (My promise: Harry | | Potter does not die in it.) | | | | COOL TOOL: RoboForm is great...except for | | one thing. | | | | BOGUS CONTEST: A contest no one really | | enters | +---------------------------------------------+


[I ran a version of this in my blog [1] a couple of days ago.]


I wrote about the limits of transparency [2],
mentioning the value of anonymity. Eric Norlin used
this as a springboard [3]. Unfortunately, comments
on his site are not showing up. Then, Kim Cameron,
digital ID architect at Microsoft, reprinted Eric's
piece, but I was unable to leave a comment at his
site either [4]. Then, the debate discussion
expanded (my contribution seems to have been the
phrase "anonymity is the default"): Ben Laurie
argued that anonymity should be the substrate of
identity systems [5]. Kim replied [6]. David Kearns
posted on the topic, arguing that privacy, not
anonymity, is the issue [7]. He followed up here
[8]. Tom Maddox replied [9]. Eric has posted again
[10]. AKMA posted [11].

So, in lieu of leaving comments on other people's
sites, here's an attempt to be clearer about what I
mean by saying that anonymity should be the default.


"Anonymity should be the default" doesn't say what I
mean. Sorry to have put it badly. "Defaults" come to
us from the software world where shipping software
with the right options turned on can make or break a
product. It may be that anonymity is the right
default option for digital ID management software,
but that's not what I meant. And if it is the right
default, it will be due to anonymity's social,
political and personal roles. Those roles are what
interest me.

I probably should have said "norm" instead of
"default." In fact, it's helpful (I think) to put
this in moral terms. Philosophers have the useful
concept of the prima facie. (If you disagree with
how I describe the prima facie, then skip the phrase
and go straight to the concept.) Something is prima
facie good if you don't need a special justification
to do it, but you do need a justification to do its
opposite. Telling the truth is prima facie good
because you don't need a special justification to do
so, but you do to tell a lie. Likewise, anonymity is
prima facie good in our culture: We don't need a
special reason not to ask you to identify yourself
and we do need a special reason to ask you to whip
out your drivers license. There are places and
contexts where this doesn't hold, e.g., entering a
nuclear facility or the Nebraska State Twine Museum
(on Homeland Security's Vulnerable Sites list) these
days. But still, in general, anonymity is prima
facie good and is the norm.

I don't want that to change on line. Here's why.


While obviously what we do -- and who we are -- on
the Net keeps surprising us, we would be fools not
to learn from our experience as selves in the real
world. So, here's something I think the real world
teaches us. The term "anonymity" has a bad
connotation because it's used primarily where
there's an expectation of identification. We don't
say that someone entered a movie theater anonymously
unless we're implying that the person had reason to
hide her identity, even though, in truth, anyone who
pays cash for a theater ticket is entering it
anonymously. So, because we use the term "anonymous"
mainly where identification is expected, this may
lead us to think that being identified is the usual
state -- the default state -- in the real world. In
fact, the rarity with which we use the term actually
indicates that the opposite is the case: Anonymity
is the norm in the real world.

That of course doesn't mean that we're always
anonymous. There are zones where being identified
becomes the norm by law or policy. And, in a small-
ish town or within a work community, we may expect
to know who everyone is. But, even so, the people in
the small town are not entitled (by law or custom)
to demand to see a drivers license of a visiting
aunt walking down the street. You need a special
justification (in the real world) for demanding ID,
but you don't need special justification for not
demanding ID.

Of course that doesn't mean that anonymity should be
the default online, just as e-commerce sites
shouldn't replicate the real world experience of
waiting on check-out lines. But, it's worth looking
at the real world in this case because it can help
undo anonymity's bad reputation, so that we can make
a better judgment about what we want online.

Anonymity (including pseudonymity) does much good
online. It also allows bad things to happen, but so
does free speech. Before we tinker with the
defaults, we ought to at least recognize what we may
be giving up in the realms of (1) the political, (2)
the social, and (3) the personal.

1. Anonymity allows people to say and do things that
those in power don't like. It enables dissidents to
speak and whistleblowers to blow their whistles.

2. Anonymity allows people to say and learn about
things from which social conventions otherwise would
bar them. It helps a confused teen explore gender

3. Anonymity (and especially pseudonymity) enables a
type of playing with our selves (yes, I know what I
just said) that may turn out to be transformative of
culture and society.

Anonymity also allows some awful things to happen
more easily, but we can't fairly decide what we want
to do about it unless we also acknowledge its
benefits. Just as with free speech.

As David Kearns points out, some of these issues
have to do with privacy. Since I'm interested in
norms, I don't want to stipulate definitions of
"privacy" and "anonymity," which is probably the
only way to make their relationship crisply clear.
The fact is that the two terms, as we use them in
the real world, are murky alone and in relation.
Roughly, when we talk about anonymity, we generally
mean not knowing who I am, whereas when we talk
about privacy, we generally mean not knowing things
about me. (Logically, privacy includes anonymity
since who I am is something to know about me, but in
practice we use the terms separately.) In many
instances, a strong right to privacy confers the
benefits of anonymity. But, the real not-knowing of
anonymity may be required in some regimes for people
to feel free to speak. And it may have a subtle,
liberating effect on the selves we're building in
the new connected public.

Worse -- at least if you insist on clarity -- both
terms are complex and gradated. Privacy is obviously
something we can parcel out in dribs and drabs;
that's what the new digital identity management
systems enable. Anonymity sounds more binary, but
because "who we are" is complex, so are the ways in
which we can hold back information about who we are.
An anonymous donor has probably identified herself
to the organization that has agreed to withhold her
name. An anonymous author may disclose that she has
twenty years experience in the trade she's writing
about. An anonymous stranger who runs after you with
the wallet you dropped makes no effort to hide her
face, even if she refuses to give her name. And the
range of ways in which we are pseudonymous is

We don't have to sort this out entirely. Privacy,
anonymity, publicness, responsibility, shame,
freedom, self, community...these and other core
terms are properly in a royal stew of meaning.

Before we have all this clear, we're going to have
to make some decisions. My fear is that we are in
the process of building a new platform for identity
in order to address some specific problems. We will
create a system that, like packaged software, has
defaults built in. The most important defaults in
this case will not be the ones explicitly built into
the system by the software designers. The most
important defaults will be set by the contingencies
of an economic marketplace that does not
particularly value anonymity, privacy, dissent,
social role playing, the exploration of what one is
ashamed of, and the pure delight of wearing masks in
public. Economics will drive the social norms away
from the social values emerging. That is my fear.

I have confidence that the people designing these
systems are going to create the right software
defaults. The people I know firsthand in this are
privacy fanatics and insistent that individuals be
in control of their data. This is a huge and welcome
shift from where digital ID was headed just a few
years ago. We all ought to sigh in relief that these
folks are on the job.

But, once these systems are in place, vendors of
every sort will of course require strong ID from us.
If I want to buy from, say, Amazon, they are likely
to require me to register with some ID system and
authenticate myself to them...far more strongly and
securely than I do when I pay with a credit card in
my local bookstore. Of course, I don't have to shop
at Amazon. But why won't B&N make the same demand?
And Powells? And then will come the blogs that
demand I join an ID system in order to leave a
comment. How long before I say, "Oh, to hell with
it," and give in? And then I've flipped my default.
Rather than being relatively anonymous, I will
assume I'm relatively identified.

Does that matter? I think it does, for the
political, social and person reasons mentioned
above. Don't make me also argue against being on
one's best behavior and against being accountable
for everything one does! I'm willing to do it! I
will pull this car over and do it! Just try me!

The basic problem is, in my opinion, that the
digital ID crew is approaching this as a platform
issue. Most places on the Web have solved the
identity problem sufficiently for them to operate.
Some ask for the three digits on the back of your
credit card. Some only sign you up if you confirm an
email. Some only let you on if you can convince an
operator you know the name of your first pet and the
senior year season record of your high school's
football team. Sites come up with solutions as

Good. Local solutions to local problems are less
likely to change norms and defaults. But the push is
on for an identity management platform. It's one
solution -- federated, to be sure -- that solves all
identity problems at once. Because of Microsoft's
market dominance, its building identity management
into the operating system is an important plank in
the platform. Even the sprouting of multiple
identity management systems results in a platform
because they will make it possible for vendors to
expect you to use one.

If you want to change a social default, build a
platform. That's not why they're building it, but
that will (I'm afraid) be the effect. It's not
enough that anonymity be possible or permitted by
the platform. It's about the norm, the default. If
the default changes to being naked at the beach,
saying, "Well, you can cover up if you want to,"
doesn't hide the fact that wearing a bathing suit
now feels way different. Yes, there's something
wrong - and distracting - about the particulars of
this analogy. But I think the overall point is
right: We're talking about defaults, not

There are serious problems caused by weaknesses in
current identity solutions. Identity theft is
nothing to sneer at, for example. But are we sure we
want to institute a curfew instead of installing
better locks?*


About a year ago, my friend Ethan Zuckerman [12] - whose
blog is one of the great examples of why blogging
matters - and I wrote a paper on anonymity that we
never released. It tried to make two points: 1.
Anonymity isn't just for criminals and terrorists.
2. You'd have to change the entire computing
environment - hardware, software, operating systems,
the network, the way Internet cafes work - to
prevent bad people from operating anonymously.

The article in this issue of Joho is me blurting out
that first point. Thank you, Ethan. The ground has
shifted under the second point, however. We
originally wrote a description of all you'd have to
do to make it impossible for sufficiently motivated
evil doers to act anonymously on the Net. The idea
was that the list was obviously absurd. Now it is
not. It is in fact the shape of the computing
environment being imposed on us: Hardware with
identifiers burned into it, operating systems that
lock users out of their own computers in order to
keep the computers "secure," US government
requirements [13] for backdoor access to all
software that talks on the Net, policies such as
requiring showing a photo ID to use an Internet cafe
(as I experienced in Italy). What Ethan and I
intended as a modest proposal in the Swiftian sense
is being built by the most serious people on the

The irony is that this will stop almost everyone
from being anonymous except the people we're trying
to catch.


*The curfews-vs.-locks trope has started to sound
familiar to me. If I swiped it, it was

[1] http://www.hyperorg.com/blogger/mtarchive/anonymity_as_the_default_and_w.html
[2] http://www.strumpette.com/archives/162-Cluetrain-author-dispels-absolute-transparency-myth.html
[3] http://blogs.zdnet.com/digitalID/?p=60
[4] http://www.identityblog.com/?p=525
[5] http://www.links.org/?p=123
[6] http://www.identityblog.com/?p=528
[7] http://vquill.com/2006/08/anonymity-identity-and-privacy.html
[8] http://vquill.com/2006/08/more-on-privacy-vs-anonymity.html
[9] http://blog.opinity.com/2006/08/ben_laurie_on_a.html
[10] http://blogs.zdnet.com/digitalID/?p=61
[11] http://akma.disseminary.org/archives/2006/08/plus_a_change.html
[12] http://blogs.law.harvard.edu/ethan/
[13] http://scrawford.blogware.com/blog/_archives/2006/7/28/2174283.html

---------------------------------------------- ONE WEB DAY

Susan Crawford - law professor, Berkman fellow,
ICANN board member, blogger [1] - has been working
for the past year to make her idea real. Just as
Earth Day is a time to celebrate our planet, One Web
Day [2] is a day to celebrate the Web. Just as on
Earth Day it's up to each locality to decide how to
celebrate, on OWD it's up to each locality -
physical or virtual - to come up with an appropriate
activity, although OWD encourages doing something
that increases the Web's value and brings it to more

One Web Day is September 22, so it's coming up. But
it's certainly not too late to jump on board [3] as
an individual, as a member of a geographic
community, or as a group.

And if some politicians should happen to be reminded
that the Web is about more than delivering Hollywood
content to "consumers" - see Susan's brilliant
dissection [4] of the so-called Consumer Internet
Bill of Rights - that wouldn't be the worst thing to

[1] http://scrawford.blogware.com/blog
[2] http://www.onewebday.org/
[3] http://www.onewebday.org/wiki/index.php/Main_Page
[4] http://scrawford.blogware.com/blog/_archives/2006/8/18/2242836.html


I just published my novel for halflings (or "young
adults" if you prefer), called "My 100 Million
Dollar Secret" [1]. It's about a boy who wins
$100,000,000 in the lottery, but (for reasons
explained) can't let his parents know and refuses to
lie to them. In another sense, it's about the boy's
growing sense of the moral obligations that come
with having so much dang money. It's also supposed
to be a little funny.

I published it through Lulu.com [2], the on-demand
self-publishing outfit. You can get a nicely
designed paperback (thank you, Stellio! [3]) for
$13.90 plus shipping, or you can read it online
there for $4.00. Or you can read it online for free
at my site [4] for the book. Or you can download a
Word or PDF version for free. There's also a Google
group [5] for anyone who wants to talk about it.
(The book is licensed under Creative Commons [6],
although I must have pressed the wrong button at
Lulu because there it says it's got a plain old
copyright. I intend the CC rules to be in effect.)

Thanks to the people who read it and commented on it
before I posted it! [7]

[1] http://www.my100milliondollarsecret.com/
[2] http://www.lulu.com/content/376554
[3] http://www.stelliollc.com/
[4] http://www.my100milliondollarsecret.com/
[5] http://groups.google.com/group/My100MillionDollarSecret
[6] http://www.creativecommons.org/
[7] http://www.my100milliondollarsecret.com/books/html/thankyou.html

| COOL TOOL                                   |
|                                             |
| I've become attached to RoboForm ($30),     |
| Windows software that fills in forms and    |
| passwords automatically with intelligence   |
| and flexibility I haven't been able to      |
| match in the freebies I'd been using.       |
|                                             |
| It'll even generate passwords that are      |
| complex beyond memorization and that would  |
| twist your fingers into carpal tunnels      |
| trying to type them. But you don't need to  |
| type them or memorize them because          |
| RoboForm auto-enters them.                  |
|                                             |
| And there's the rub. My only trepidation    |
| about this software is that I haven't been  |
| able to find a way to export the passwords  |
| into a vendor-neutral format. I can't even  |
| print them out. So all is rosy so long as   |
| I never want to move to a different         |
| password manager.                           |
|                                             |
| 1Password, a password manager for Mac OS X, |
| says it imports RoboForm data. Until        |
| RoboForm itself provides some way to get    |
| its data out, I can't wholeheartedly        |
| recommend it, which is too bad because the  |
| software itself seems terrific.             |
|                                             |
| http://www.roboform.com/                    |
| http://1passwd.com/                         |

--------------------------------------------- BOGUS CONTEST: A CONTEST NO ONE REALLY ENTERS

With the semi-success of Snakes on a Plane - which
I've written really badly about [1] and even wrote a
sonnet [2] to (but be sure to read Jay Cross'
comment, which is funnier than what it's commenting
on, , and you should read Mark Federman on why hype
no longer leads to tickets) - marketers are going to
try to come up with equally honest, descriptive
titles. And how might this play out outside of
movies, hmm?

| Total Gym          | The Plank and Roller   |
| Exercise System    | Exerciser You'll Use   |
|                    | Twice                  |
| I Can't Believe    | Butter-Colored Grease  |
| It's Not Butter    | Tub                    |
| Super Bright       | Reassuring Phallic     |
| 5-Cell Mag         | Club with a Light in   |
| Flashlight         | Its tip                |
| SuperGlue          | Skin Bonder.           |
|                    | (Formerly:             |
|                    | Disappointment in a    |
|                    | Tube)                  |
| Gosh, Honey, Your  | Shampoo + Smell        |
| Hair Smells Great! |                        |
| Operation Iraqi    | Operation hit 'Em      |
| Freedom            | Where They're Not      |

Your turn. But who are we kidding?

[1] http://www.hyperorg.com/blogger/mtarchive/on_reading_the_reviews_of_snak.html
[2] http://www.hyperorg.com/blogger/mtarchive/two_reasons_snakes_on_a_plane.html
[3] http://whatisthemessage.blogspot.com/2006/08/snakes-on-yeah-yeah.html


JOHO is a free, independent newsletter written and
produced by David Weinberger. He denies
responsibility for any errors or problems. If you
write him with corrections or criticisms, it will
probably turn out to have been your fault.

You can UNSUBSCRIBE yourself at:


In case of difficulty, send me mail at
self@xxxxxxxxxxxx There is no need for harshness or
recriminations. Sometimes things just don't work out
between people.

Dr. Weinberger is represented by a fiercely
aggressive legal team that responds to any
provocation with massive litigatory procedures. This
notice constitutes fair warning.

The Journal of the Hyperlinked Organization is a
publication of Evident Marketing, Inc.

For information about trademarks owned by Evident
Marketing, Inc., please see our Preemptive
Trademarks™™ page at

This work is licensed under a Creative Commons

Other related posts:

  • » [joho] JOHO August 21, 2006