[salawat]

I'm calling bullshit on the unlinkability asserted in the Github reading here. Sure, you can make it so the API in question can't relink, but that doesn't mean you can't use extraneous unmentioned metadata to do it. Without proof that no other systems are siphoning off or tracking individual token state, this just looks like more "Lets use dubious cryptography to get pressure off our backs til a credible researcher we haven't hired/paid to be quiet blows the whistle".

The having to be logged in to Chrome bit is exactly what has me thinking something about that arrangement allows them to deanonymize, otherwise, they wouldn't even be able to measure the difference between real and fake. They'd also be more than happy to make an explicit business related contractual obligation of not sharing logs with them, because they don't need them, 1 and 2, to the uninitiated, it looks like they are trying to make an active attempt to anonymize things in spite of the fact they have enough extra OOB telemetry that they can continue with business as usual.

K-anonymity isn't anonymity at all, and is at best, less identifiable internal to the dataset.