undefined | Better HN

0 pointsy425y ago0 comments

As long as you can connect the id to one single client / user, it is PII. It does not matter, where this id comes from, a random hash, an encrypted IP adress. If it's unique, it's PII.

If you only save it on the server, not on the client side, it's not PII. But then it's almost useless for analytics. Because next time the user comes around, you create another hash and therefore another user.

0 comments

3 comments · 2 top-level

dorgo5y ago· 1 in thread

> If it's unique, it's PII.

Ok, Ill just reuse each generated ID twice and I'm safe. The data gets only a little blurry.

chii5y ago

yep. And then you just run this tool twice, with different initial nonces, and then combine the data...

howscrewedami5y ago

> If you only save it on the server, not on the client side, it's not PII. But then it's almost useless for analytics.

You can get a lot of useful information by only saving stuff on the server. e.g.: number of visits per day, user behavior on certain pages, etc etc...

j / k navigate · click thread line to collapse