It’s hard not to appreciate the long way we did in studying anonymity and pseudonymity. We know a lot and can do a lot. Each time I read on a zero-knowledge scheme or on another untraceable digital cash I am amazed by the amount of knowledge that the security community has gained and by its arsenal of mechanisms that can buy us any sort of anonymity or pseudonymity we want to deploy. But do we? In spite of our having the ability to establish anonymous surfing, have untraceable digital cash tokens, and carry out anonymous payments, we don’t really use these abilities, at large.
If you are not in the security business you are not even likely to be aware of these technical abilities.
If I may take a shot at guessing the reason for the gap between what we know how to do and what we do, I would say it’s due to the overall lack of interest of the stakeholders. Fact probably is, most people don’t care that much about anonymity, and most of the ones who do, are not security geeks who appreciate the technology and thus trust it. So, we use what does not require mass adoption and do not use what does.
Anonymous browsing is easy, because it does not need an expensive infrastructure that requires a viable business model behind it; fortunately. Most people could not care less about logs storing their browsing habits. They don’t care if someone learns what sites they visit and creates a spamming profile for them; they get (or not) their share of spam anyway, so they may just as well have it better tailored. They also don’t use the web for illegal activities of the type that requires covering their tracks. And what about the few who do care? A few anonymity supporters run TOR servers on their already-existent machines, anonymity-aware users run TOR clients and proxy their browsers through them, and the anonymity need is met. The onion routing technology that TOR is based on is used; not too often, but is used.
The problem starts with systems that require a complex infrastructure to run, such as anonymous payment systems. These require vast changes to legacy applications and complex and massive roll-outs. Since there are real costs involved, business considerations come to play. Unfortunately, it seems that the audience for anonymous payments is less than what is needed to justify the migration. As much as some of us don’t like to admit it, most consumers do not care about the credit card company compiling a profile of their money spending habits. Furthermore, of the ones who do, most are not security engineers and thus have no reason to trust anonymity schemes they don’t see or feel intuitively (as one feels when paying with cash). The anonymous payment systems are left to be used primarily by the security-savvy guys who care; they do not form a mass market.
I believe that for anonymity and pseudonymity technologies to survive they have to be applied to applications that require them by design, rather than to mass-market applications that can also do (cheaper) without. If anonymity mechanisms are deployed just to fulfill the wish of particular users then it may fail, because most users don’t have that wish strong enough to pay for fulfilling it. An example for such an application (that requires anonymity by design) could be E-Voting, which, unfortunately, suffers from other difficulties. I am sure there are others, though.