Really good article. One of those things that are beyond obvious to those of us close to this field, but not at all obvious to the general software dev (who also mightn't know the difference between a good cryptographic hash and a good password hash).
What would make this article great is general ideas on what is a good way to anonymize data. I'm surprised that info is missing, actually.
What would make it world class great is discussion about GDPR ramifications, keeping in mind that one need not necessarily be perfect for GDPR, even if you're FB/Google.
I was trying to avoid the general ideas on what is a good way to anonymize data, because I don't think there are general rules that apply, and I'm not in a position to give authoritative advice on this. The more I dug in, the more I realized this is probably one of the hardest technical problems that exists right now, and there isn't yet a right answer that works (like use scrypt for passwords).
As for GDPR, I think digging into this in more detail would be a great follow up.
everyone is going to have different requirements so yeah, hard to claim there is a general solution. but an idea or 2 can be thrown out there. like an anonymizer microservice that only remembers the mapping for a limited time period. even stating explicitly that it’s a hard problem and very very hard problem if you want perfection, would be a worthwhile addition. as it stands, the article doesn’t convey the difficulty of addressing the problem.
What would make this article great is general ideas on what is a good way to anonymize data. I'm surprised that info is missing, actually.
What would make it world class great is discussion about GDPR ramifications, keeping in mind that one need not necessarily be perfect for GDPR, even if you're FB/Google.