> Do please be specific about those.

Here is one example: It's likely that we will never know who was behind the attempted backdoor in the xz library, which was almost successful in making a huge number of Linux installations worldwide vulnerable to remote exploitation. [1]

That malicious contributor is protected by online anonymity. Now, I know that it's probable that a state actor was behind "Jia Tan", meaning they could have been supplied with a fake ID as well, but that's still a higher barrier.

I don't think (and have not stated) that anonymity is worthless - it definitely is, especially if you're persecuted minority or under other kinds of threat. I just don't think it's helpful to pretend that it is completely unproblematic.

[1]: https://tukaani.org/xz-backdoor/