[znkr]

> If you are going to add semantic structure to an identifier, which is frequently useful and a good idea, best practice is usually to encrypt it before sending it to the external world. Encrypting a UUID-like structure is approximately free on modern computers.

Been there. Problem is, now you can’t rotate your keys without breaking users and everyone and everything needs access to this key. This means the key is going to leak sooner or later. Also, someone will inevitably create an endpoint that does not encrypt, nay obfuscate, the identifier. Might as well not have bothered to obfuscate the ID to begin with.