Cerf carefully balances anonymity and identification by making a clear distinction between an identifier, which is some unique blob of data, and identification, which relates to a specific person or computer. What hangs in the balance is the user's ability to determine to whom and when they want to identify themselves to someone else. If you are a corporate whistle blower or a rebel in an oppressive regime, you probably want to protect your identity lest you be fired, jailed or killed for your actions.
However, if you are using the Internet to buy shoes with a credit card, you want the shopping application to ensure that you are using your credit card and not someone who has stolen your identity. There are a number of examples where you want to share your identity--or not--and organizations like ISOC, standards groups, nations and concerned parties are trying to define policies and technologies that can address competing concerns.
Identity leakage is pervasive, and it exists up and down the application stack. For example, IPv6 nodes using Stateless Address Auto Configuration (SLAAC) will typically use a computer's NIC MAC address as the host portion of the IPv6 address. MAC addresses are globally unique and, when combined with network components from router advertisements, should enable globally unique IPv6 addresses. However, since MAC addresses don't change, the host identifier is a good way to track computers and therefore users, as they move from network to network, globally. IETF RFC 4941 "Privacy Extensions to Autoconf" defines "mechanisms that eliminate this issue in those situations where it is a concern."