An anonymous signature indeed makes no sense, but not everything needs a signature. Identification is an example for that:
In many scenarios, you (Alice) want to identify yourself to somebody (Bob), but you don't necessarily want Bob (or somebody hacking their database!) to be able to go to an unrelated third party (Charlie) and prove to them that Alice transacted with Bob.
The technical term for that property of digital signatures is non-repudiation, and some schemes go to some lengths to specifically avoid it, e.g. by using Diffie-Hellman key exchanges to prove ownership of a key without yielding a third-party verifiable proof of that exchange having happened.
For example, ICAO biometric passports specifically switched from public key cryptography and challenges (Active Authentication) to a Diffie-Hellman based scheme (Chip Authentication) because non-repudiation was considered a privacy risk as biometric passports were never intended as a signature mechanism.
Well in that case, Alice still needs a public key. The real issue is if the plain text of the signed message is leaked, at which point someone interested in Alice's message history can just go through the leaked messages and see which ones correspond to Alice's key. No need to reverse engineer the key from the message.
Yeah, one should definitely not assume that any signature scheme yields signer confidentiality out of the box, nor a non-signature-based, repudiable authentication scheme for that matter.
In many scenarios, you (Alice) want to identify yourself to somebody (Bob), but you don't necessarily want Bob (or somebody hacking their database!) to be able to go to an unrelated third party (Charlie) and prove to them that Alice transacted with Bob.
The technical term for that property of digital signatures is non-repudiation, and some schemes go to some lengths to specifically avoid it, e.g. by using Diffie-Hellman key exchanges to prove ownership of a key without yielding a third-party verifiable proof of that exchange having happened.
For example, ICAO biometric passports specifically switched from public key cryptography and challenges (Active Authentication) to a Diffie-Hellman based scheme (Chip Authentication) because non-repudiation was considered a privacy risk as biometric passports were never intended as a signature mechanism.