Privacy doesn't mean anything anymore, anonymity does

Original Article ↗ Hacker News Discussion ↗

Data retention, business models, and regulation

  • Many argue most services keep far more data than operationally necessary; Mullvad-style minimalism is held up as an ideal.
  • Others counter that debugging and support require detailed logs, metrics, and user identifiers; typical users expect conveniences like password resets and SSO.
  • Retail, loyalty programs, and “smart” devices are cited as examples where data hoarding is a deliberate business choice, not a technical need.
  • Discussion of fines: GDPR and Japan theoretically punish mishandling, but commenters debate whether big firms actually suffer, with claims that enforcement hits small players harder and acts as a moat.

Anonymity vs privacy: definitions and trade-offs

  • Thread converges on:
    • Privacy = control/limits on who can access your data.
    • Anonymity = data may be public, but not linkable to your real identity.
  • Some think privacy promises are hollow without anonymity-by-design (no identifying data collected or stored).
  • Others insist privacy still “means a lot” because it can be backed by law, while anonymity is fragile or illusory.

Technical feasibility and limits

  • Service-level anonymity (random account tokens, no emails/IP logs) is contrasted with browser fingerprinting and network-level tracking.
  • Several note that even if a service doesn’t log, Cloudflare, ISPs, and stylometry can still deanonymize users; anonymity is seen as a spectrum, not absolute.
  • Tor, Mullvad Browser, Zcash, tumblers, remote attestation, and self-hosting are discussed as tools, but effective OPSEC is described as hard and burdensome.

Authentication, account recovery, and payments

  • Removing email/phone breaks standard password reset flows; some accept “lose credential = lose data,” others call that unacceptable UX.
  • Passkeys vs email as identifiers is debated; both can be cross-site correlators in practice.
  • Anonymous payment is highlighted as a key missing piece: crypto, prepaid cash cards, and cash-in-envelope models are mentioned, but KYC exchanges weaken anonymity.

Trust and criticism of the article/service

  • Many see the post as marketing for a new hosting provider, possibly LLM-written, with overblown claims (“privacy is marketing”).
  • Strong criticism for using Cloudflare, requiring JS and captchas, and initially keeping webserver logs while advertising “no logs.” The operator disables logging mid-thread but trust is damaged.
  • Later discovery that their site previously claimed ISO27001/SOC2 certification, then silently removed it, further fuels accusations of dishonesty.

Broader attitudes

  • Some say the privacy/anonymity battle is effectively lost and society must adapt; others reject this defeatism and push for incremental, architecture-based improvements.