One of the online forums I participate in is commonly referred to as the Identity Gang (it is now part of identity commons). An interesting conversation took place last week on the topic of anonymity and privacy. The conversation did branch out a bit (as these conversations often do), but it did bring to the fore some important concepts that need to be clarified.
I found the conversation on anonymity particularly interesting. Those of us in the field of identity management tend to get hung up on terminology a lot. It’s an important aspect to any emerging field, as improperly used or appropriated terms tend to create confusion in the marketplace, and act as a barrier to productive engagements. It is with that in mind that I raised the question on the forum last week “Isn’t a pseudonym the same as a persona?”. Dave Kearns weighed in on my question in this weeks Network World IdM Newsletter.
Much of the conversation last week was on the nature of anonymity and, by extension, pseudonymity. One of the important ideas established is that they are transactional constructs, existing within the context of some identity-based interaction. My question was posed with that frame of reference.
True anonymity in the digital world is pretty hard. While there are sites (like this website here) to create fake identities, it must be understood that there are certain limitations to it. There is always some sort of trail (IP addresses, etc) that can lead back to the original user. So it would seem to me that all we have today is varying degrees of anonymity – starting from the barest minimum of information, ranging through being able to piece together a picture based on multiple interactions, having semi-anonymous interactions based on the establishment simply of a username, to a full-fledged fake identity being set up in a website. In other words, all that exists today is pseudonymity.
Does that mean that anonymity is simply an edge case of pseudonymity? I think not. Just because anonymity doesn’t exist today does not mean that we don’t want to achieve it. Therefore retaining the separation (that an anonymous interaction can never lead back to the originating identity, while a pseudonymous interaction is simply an imposed barrier between the interacting party and the originating identity) is important as a way of enabling us to work towards the technological solutions necessary to achieve anonymity in the digital world.
More interesting is where digital personas fit into this conversation. Look at the definition of a Persona as defined in the ID Commons Lexicon, and in particular at comment 1:
A Persona is something put forward by a user, but how it is perceived, recognized, accepted, rejected, trusted, used etc. by a Relying Party cannot be specified or in any way implied.
Based on the underlined part, it seems to me that a pseudonymous identity is simply a persona. When a user sets up a persona, they specify the information they want to present through that persona. This information can be completely fake, as minimal as necessary, and set up solely for the purpose of interacting with that one party. In other words, the interaction using that persona is pseudonymous in nature. Since personas and digital pseudonyms seem to share the same characteristic of having a range with respect to amount and transparency of identifying information, it would seem to me that they are one and the same thing.
Understanding these constructs will be important as we move beyond identity management systems and start building persona management systems for use on the web. In particular, understanding the relationship between persona and pseudonymity will help frame the requirements for these systems as they help protect us in our online interactions.