zlacker

[parent] [thread] 2 comments
1. mister+(OP)[view] [source] 2020-04-22 04:32:14
If you're going to go as far as "it's perfectly possible that the nonce was stored with the mouse info", then your example following:

> If you want to avoid a connection to a "specific human", it would go like this:

doesn't work either. It's perfectly possible that the server stored that info with the IP address and session information, since it also has access to those, and that could then be connected up with the transaction. I don't understand at this point what standard you're trying to meet, because it sounds like by what you're saying, literally any data sent to a server is "PII" if at some point that server also can, in principle, know your name.

replies(1): >>TheDon+l5
2. TheDon+l5[view] [source] 2020-04-22 05:31:15
>>mister+(OP)
I don't think it's PII. My point is just that your scheme of signed tokens doesn't avoid an association. There isn't a way to.

And that's fine because it's not PII and it's the only way to implement this (in my mind). What you're proposing is just shuffling around deck chairs, not actually sinking the ship.

replies(1): >>mister+U5
◧◩
3. mister+U5[view] [source] [discussion] 2020-04-22 05:36:05
>>TheDon+l5
Oh, I mistook you for the previous commenter. Yeah, I agree that what I proposed doesn't really buy you anything unless you for some reason need the mouse data not to touch the server that's processing the transaction, which seemed to be what they were saying was required. There are multiple layers to why what they're saying doesn't make sense.
[go to top]