Online anonymity often gets a bad rap and complaints about antisocial behavior from anonymous Internet users are as old as the Internet itself. On the other hand, research has shown that many Internet users seek out anonymity to protect their privacy while contributing things of value. Should people seeking to contribute to open collaboration projects like open source software and citizen science projects be required to give up identifying information in order to participate?
I was part of a team led by Nora McDonald that conducted a two-part study to better understand how open collaboration projects balance the threats of bad behavior with the goal of respecting contributors’ expectations of privacy. First, we interviewed eleven people from five different open collaboration “service providers” to understand what threats they perceive to their projects’ mission and how these threats shape privacy and security decisions when it comes to anonymous contributions. Second, we analyzed discussions about anonymous contributors on publicly available logs of the English language Wikipedia mailing list from 2010 to 2017.
In the interview study, we identified three themes that pervaded discussions of perceived threats. These included threats to:
- community norms, such as harrassment;
- sustaining participation, such as loss of or failure to attract volunteers; and
- contribution quality, low-quality contributions drain community resources.
We found that open collaboration providers were most concerned with lowering barriers to participation to attract new contributors. This makes sense given that newbies are the lifeblood of open collaboration communities. We also found that service providers thought of allowing anonymous contributions as a way of offering low barriers to participation, not as a way of helping contributors manage their privacy. They imagined that anonymous contributors who wanted to remain in the community would eventually become full participants by registering for an account and creating an identity on the site. This assumption was evident in policies and technical features of collaboration platforms that barred anonymous contributors from participating in discussions, receiving customized suggestions, or from contributing at all in some circumstances. In our second study of the English language Wikipedia public email listserv, we discovered that the perspectives we encountered in interviews also dominated discussions of anonymity on Wikipedia. In both studies, we found that anonymous contributors were seen as “second-class citizens.
This is not the way anonymous contributors see themselves. In a study we published two years ago, we interviewed people who sought out privacy when contributing to open collaboration projects. Our subjects expressed fears like being doxed, shot at, losing their job, or harassed. Some were worried about doing or viewing things online that violated censorship laws in their home country. The difference between the way that anonymity seekers see themselves and the way they are seen by service providers was striking.
One cause of this divergence in perceptions around anonymous contributors uncovered by our new paper is that people who seek out anonymity are not able to participate fully in the process of discussing and articulating norms and policies around anonymous contribution. People whose anonymity needs means they cannot participate in general cannot participate in the discussions that determine who can participate.
We conclude our paper with the observation that, although social norms have played an important role in HCI research, relying on them as a yardstick for measuring privacy expectations may leave out important minority experiences whose privacy concerns keep them from participating in the first place. In online communities like open collaboration projects, social norms may best reflect the most privileged and central users of a system while ignoring the most vulnerable
This blog post was originally posted on the Community Data Science Collective blog. Both this blog post and the paper, Privacy, Anonymity, and Perceived Risk in Open Collaboration: A Study of Service Providers, was written by Nora McDonald, Benjamin Mako Hill, Rachel Greenstadt, and Andrea Forte and will be published in the Proceedings of the 2019 ACM CHI Conference on Human Factors in Computing Systems next week. The paper will be presented at the CHI conference in Glasgow, UK on Wednesday May 8, 2019. The work was supported by the National Science Foundation (awards CNS-1703736 and CNS-1703049).
I’ve only read this post, not the paper, but:
The distinction between “anonymous” and “pseudonymous” seems important here. Someone might want to aggregate all their activity under a single, consistent identity, and just not have that identity be connectable to their real-world physical self. (Indeed, for various reasons I do that myself in a few forums.)
Are the findings about anonymous activity, or pseudonymous, or both?
It’s not just two those categories! There are many different types, dimensions, and levels of anonymity. Our paper discusses this briefly. For example: Hiding your real-world identity? Hiding your location or IP address? Hiding the fact that you are the same person who did a particular thing on the website yesterday? Also: Hidden from whom? Other users? Website administrators? From ISP or service providers?
In the previous research I mentioned about anonymity seeking users, my collaborators were looking at Tor users and Wikipedia. This paper is broader but that’s part of the context and Tor users are reasonable stand-in for at least the extreme end of what we’re talking about in terms of anonymity-seekers. People use Tor because they want strong protection of information on their IP address, geographic location and, by extension, their real-world identity. Wikipedia welcomes pseudonyms and does not publicly disclose IP addresses for pseudonymous users but it blocks Tor because Tor can be used to evade IP-level banning that Wikipedia uses heavily.
The semantic ambiguity around “anonymity” that you point out lies at the heart of the different ideas behind anonymity we document. Some “anonymous” users have not have gotten around to creating an account yet. Some are concerned about obscuring specific pieces of information about their identity or location. Service providers think of “anonymous” users as the former, but not the latter.
Thanks! Okay, ball’s in my court to dig into the details, then. :-)