undefined | Better HN

0 pointsHizonner1mo ago0 comments

> Where does the mass deanonymisation enter into this?

Via the UUID. Also via the fact that the authentication service sees what you're logging into, regardless of whether the social media site does or not.

This isn't complicated. It's obvious if you're not desperately trying not to think about it.

0 comments

andrepd1mo ago

The UUID is unique per service. All it tells you is that two people are not the same person.

The "authentication service" is the national id. The tax man already knows your name, address, date of birth, financial possessions, income, family members, etc etc. There is no further information, apart from which website you logged on and when. This quite literally the standard of Signal [1]. And this is of course assuming the worst from the national id implementation; any sensible law would require the id provider to delete all information as soon as the login is complete.

HizonnerOP1mo ago

> apart from which website you logged on and when

Which is the whole damned problem, obviously.

> This quite literally the standard of Signal [1].

Yes, Signal is weak in a similar way. Although there is a difference between having to set up a bunch of wiretapping to do traffic analysis, and having the information handed to you on a plate.

> And this is of course assuming the worst from the national id implementation; any sensible law would require the id provider to delete all information as soon as the login is complete.

Assumptions that laws will be followed are out of order. Yes, you have the laws. Yes, you punish violations. But you still deal with the fact that violations will happen.

j / k navigate · click thread line to collapse