[jll29]

A cookie is not a PII identifier, it is an "identity discriminator".

In other words cookies let them tell you the _same_ person 104898 that was already here in March, welcome back!, and not any other person e.g. 298472, but without telling them your actual name etc.

In contrast, a PII identifier is a unique ID that is linked to personal attributes in real life like a person's name ("John Doe"), address ("6400 Boulevard Court, Beverly Hills, CA"), e-mail address ("john.doe@acm.org") or credit card number ("VISA 4879 5223 6537 9935").

So, this is indeed different from visiting a Website that places a cookie.

[tzs]

> VISA 4879 5223 6537 9935

I'm curious where that number came from. It passes the Luhn check so it probably isn't just some random number, and has the right first few digits for Visa but doesn't match any of the Visa test card numbers that I happen to know.

Looking up the issuing bank from the first 6 digits gives inconsistent results. Half of the several BIN lookup sites I tried just say it is from the US. The other half say it is from Blom bank in the country of Lebanon.

Googling it gives me a small number of sites about "unlimited credit card numbers that work 2022" which seem quite shady but I can't quit figure out what the heck that are actually trying to accomplish.

Here are those sites: https://www.financegab.com/credit-card/unlimited-credit-card... and https://paisabank.org/unlimited-credit-card-numbers-that-wor...

[colejohnson66]

Credit card number generator websites exist: https://randommer.io/Card

[jhoelzel]

i have been following up on that and for me too the results where inconclusive.

My bet is, that is a honeypot card.

Oh and by now we are the first result on google for it too :D

[amelius]

Apple ID is still a cookie and that is enough for me to avoid them like the plague.

[colejohnson66]

Cookies are a required part of any login system. Your Apple ID is used to identify you, just as @amelius identifies you here.

[amelius]

HN doesn't offer so many services across which they can track and identify users.

[scarface74]

If you don’t want to use services where the site keeps a cookie on your computer, you might want to avoid HN…

[Rygian]

PII is never black or white. "_same_ person 104898" will become PII at any moment when the site can collate it on a one-to-one mapping with some other PII of yours (e.g. your email or login).

From GDPR Recital 30: "Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."

So your Apple ID becomes PII for a specific site at the precise instant you share any other PII to that site, that they are able to link to the Apple ID.