alt Hacker Newsexactly. calling it 'anonymized' is pure security theater once you have enough data points to map out someones daily routine.
waiting for legislation or eulas to fix this is a lost cause since adtech always finds a loophole. the fix has to be architectural. moving toward stateless proxies that strip device identifiers at the edge before they even hit upstream servers. if the payload never touches a persistent db there is literally nothing to de-anonymize. stateless infra is the only sane way forward
Replies
uxhacker • yesterday at 6:06 PM
How is this legal under the GPDR? There is clear examples in the citizenlab document of a user been tracked inside of the EU from outside.
Is there not also a requirement for clean consent? Ie a weather app can’t track your precise location?
To be honest, I feel like this is where iOS and Android are failing us. Why is every app allowed to embed a bunch of trackers? Only blocking cross-app tracking on user request as iOS does is not enough (and data of different apps/websites can be correlated externally).