Furthermore, is it really up to a book review site to solve the problem of identity and anonymity on the Internet? Seems like the wrong place in the stack to focus on that.
Yea, I think it's a good model for other type of companies and have thought of it before which is why I brought it up here, just felt like clarifying it is possible to do if desired.
I'm defining "anonymous to the world" or "anonymous publicly", whereas you're defining it as "anonymous to everyone, even the company".
But in the scope of a book review website, and this thread about preventing spam by having ID enforced, my comment made sense as that. The company knows you, but you can have an anonymous handle to the world. I had clarified that with the line about trust.
I considered that, but most people who get annoyed about privacy are upset that private companies have any data at all. e.g. location data on Facebook.
It's good opsec to assume all private data at companies may get leaked, including links between your ID and your name.
Consider the scenario where somebody is reviewing books on dangerous subjects (politics, religion, LGBT+, etc...) and is suddenly outed to the whole world due to a data breach.
For some set of people it would be a problem, I think for book reviews that’s a tiny set, not to be dismissive of them, but still.
For other types of applications you’d want to have a better system, like a writing platform.
But still, there’s ways to do it. You can validate the high res copies of whatever you want to validate, then make a hash using a few key numbers, in partial. Stuff like that gets you close to ideal, even the worst case break would expose almost nothing, and you’d prevent duplicate accounts. Only risk is losing the documents during validation before they’re deleted.
You can actually do validation for completely anonymous accounts. The most common version is DDOS protection where even read only websites can still benefit.
An anonymous review website could similarly rate limit how quickly reviews change, so someone spamming 1,000 reviews accomplishes little.
Actually, a decent anonymous single login you could do today roughly is basically TouchID. You’d have to implement it yourself with ML, a webcam and some client side code that hashes it.
