← Back to context

Comment by imiric

7 months ago

I did. It doesn't matter that the website might not be able to directly associate a real-world identity with a digital one. It takes a small number of signals to uniquely fingerprint a user, so it's only a matter of associating the fingerprint with the ID, whether that's a real-world or digital one. It can still be used for tracking. By having a static ID that can only be issued by governments or approved agencies we'd only be making things easier for companies to track users.

6 comments

imiric

Reply
JimDabell  7 months ago

> It can still be used for tracking.

This doesn’t make sense. The whole point of using IDs in this way is in an authenticated context.

Did you think I was suggesting that this ID would be accessible to any website without asking? This is something you would send as part of a registration step. So, for instance, if you spam Hacker News, you get banned, you try to register again, it receives the same ID as before and knows not to let you register.

  • Nextgrid  7 months ago

    Every website would just move on to force people to register. That's already happening - good luck browsing public posts on Twitter/X.

    • JimDabell  7 months ago

      Again, this is a mechanism for making existing auth more resilient.

      As you note, websites can already force people to register, so this isn’t adding anything new there.

Dylan16807  7 months ago

This sounds like a red herring to me.

If the only way to associate a user with their ID is by fingerprinting them, you can do the same thing without an ID with having shadow profiles. If the proof system is designed for privacy, the ID doesn't make you more trackable.

In other words, if the ID never directly leaks companies can just make up a static ID for you and get the same results.

  • imiric  7 months ago

    Kind of. A fingerprint is an implicit ID, whereas the ID suggested by GP would be semi-permanently associated to an individual. So it would make tracking even easier, since most web sites outside of adtech don't bother with sophisticated fingerprinting. It would be similar to a tracking cookie, except the user would have no control over it.

    • Dylan16807  7 months ago

      > the ID suggested by GP would be semi-permanently associated to an individual

      There is a permanent ID, but it doesn't have to be told to the site.

      In which case it doesn't make tracking any easier than the site making up a "fake" ID for you.