Comment by dwattttt
15 days ago
Just to make the claim clearer: it can't matter what the authentication mechanism is.
If a Privacy Pass token is needed for access to your email, then redeeming the token tells the service you (the client) can access your email. That's identified you.
This is why I said it depends [on whether the service needs to identify you.] In some cases, identification is not necessary for authorization.