I have implemented the Trusted Computing Group's TSS Version 1.2 Direct Anonymous Attestation according to their specification and this includes the Anonymity Revocation. There have been papers discussing privacy flaws among corrupt administrators but it seems that it's only a problem if the base names are not random - that is if they are named. I use random basenames and I like that idea anyway because it enhances privacy. Random base names are useful for unlinkable applications, such as anonymous web browsing (see "Direct Anonymous Attestation: Enhancing Cloud Service User Privacy." - references it sites for flaws are concerned with linked basenames). The literature over the years has been ambiguous. I sent out email to one of the algorithm designers of the TPM 1.2 DAA schemes and he has not responded. I'm wondering if anyone out there has an answer. I am holding off of deployment of this implementation I spent many hours on until I can get an answer on whether the anonymity revocation feature of the 1.2 spec is useful. Thanks in advance.