[d110af5ccf]

There's also nothing stopping the service from remembering this hypothetical SSN equivalent (or a fingerprint of it), exchanging data with other service providers, and tracking you that way.

There are certainly cryptographic primitives that can be used to solve the privacy concerns but I have approximately zero confidence that they would even be considered for use by the current technically illiterate batch of legislators.

[CobrastanJorji]

Maybe, if we're being idealistic, it needn't be particularly powerful. We could just say that every authority would get their own permutation of the ID, a hash of the real ID and the authority's ID or some such, just to make it fairly difficult for two companies to see if their respective IDs are identical. Not perfect, but simple and makes it harder to exploit.