It is certainly a discussion we are having internally often. Overall we focus on identifiers that are not uniquely identifiable to a person on their own without taking them in aggregate, which makes them harder to share across unrelated domains. We also generally avoid anything personally identifiable (name, email, etc) that could be tied back to anyone in particular - we aim only to accurately identify a browser or app instance itself.