Comment by mortar

1 year ago

The method is secure until they change it. Their docs mention that generating a token is not anonymous, but using a token is. Considering they already know who generated it, it could be trivial for them (to change something server side where the validation occurs, if compelled) to link a particular search to a user.

2 comments

mortar

echoangle 1 year ago

You don’t get the token itself from the server though, you get something so you can make your own token for which the server doesn’t know who created it. So they can do whatever they like on the server, they can’t identify you.

mortar 1 year ago

Indeed, thanks for clearing that up!