> The single identifier is what enables them to be linked
> If someone is signed into Google and then signs into their bank, does that mean they're the same person, or just two people who use the same computer?
You misunderstood my argument as “it’s okay to make things worse” rather than “spend your time on things which can matter”. You’re grossly overstating the importance of the unique identifier in era where databases are widespread. In your examples, you’re characterizing as hypothetical risks things which are routinely done by private companies right now. The modern Stasi wouldn’t need to an army of clerks to link government IDs, they’d pay Google or some other ad tech companies who’ve already linked your online activities (how many people even know if their bank uses Google Analytics?) and your email addresses and your phone numbers and your credit card transactions and the location data which the phone companies and mobile app analytics firms have already collected, etc. As a government agency, they’d even get stuff like the precise locations your phone is at. Even if you had your Amazon burner on a separate network, used a different email address with a different provider than you do for everything else, perfectly adhere to not using it for social media, etc. all you have to do is forget to turn off your phone once to link them, especially if you don’t live in a very crowded environment with many new people coming and going at unpredictable intervals.
Yes, having one identifier would make it easier but they’re already doing a good enough job that anyone who cares about it should be thinking about the safeguards which prevent abuse rather than pretending that there’s one weird trick to stop it. If we were in a scenario where any of the feared outcomes of a government are imminent, the range of bad outcomes either way overlap too much for the difference to matter.
The key thing to understand is that they don’t need it to be perfect: authoritarian governments don’t need to jail everyone who disagrees as long as they keep those people from organizing an effective opposition. If you’re opposed to them but keeping quiet and not doing much, they win. If you pull off perfect opsec and stay undetected, but they catch you because someone you know made a mistake, they win.
Worse, in the absence of effective accountability, minor mistakes only help build the fear of doing anything dodgy or subversive – if news gets out that someone went to a protest and the cops busted their roommate after linking the wrong phone, it _might_ help that one person be released but it will definitely ensure that a hundred other people get kicked out or turned in by roommates who don’t want to have the same thing happen to them (read accounts from East Germany, Russia, China, Mexico in the 70s, etc. for a reminder of how toxic the effects on social networks are), and a thousand people will stay quiet and avoid the next protest.
> The modern Stasi wouldn’t need to an army of clerks to link government IDs, they’d pay Google or some other ad tech companies who’ve already linked your online activities (how many people even know if their bank uses Google Analytics?) and your email addresses and your phone numbers and your credit card transactions and the location data which the phone companies and mobile app analytics firms have already collected, etc.
But it's not about clerks.
You go to your bank and sign in. If the bank is using Google Analytics then Google knows you've signed into your bank. But they don't know that this is the same "you" that signs into YouTube under a different account on a different machine.
If you make a government ID which is trivial to check over the internet then everything would start checking it, and then Google would know that it's the same "you" because you'd have to present your ID in order to use YouTube and it's the same ID you have to present to the bank.
> Even if you had your Amazon burner on a separate network, used a different email address with a different provider than you do for everything else, perfectly adhere to not using it for social media, etc. all you have to do is forget to turn off your phone once to link them, especially if you don’t live in a very crowded environment with many new people coming and going at unpredictable intervals.
This is the spy scenario where they magically associate the phone with you based on a single ambiguous data point. It doesn't work like that because if it did you could do it on purpose to link your identity with someone else. It also assumes that the other problems can't be improved. Suppose we stop forcing people to disclose a single identifier and we get phones that don't forcibly report our locations to large institutions. Then you have defense in depth and can make a single mistake without being automatically screwed.
> Yes, having one identifier would make it easier but they’re already doing a good enough job that anyone who cares about it should be thinking about the safeguards which prevent abuse rather than pretending that there’s one weird trick to stop it.
It's not that there's one trick to stop it, it's that forcing a single identity to be disclosed in order to do anything would defeat all other privacy measures. There is no point in preventing browser fingerprinting or using a VPN with a shared IP address or posting under a pseudonym if everything you do is still tied to your centralized ID number which in turn is tied to your face and home address and full transaction history with every extant bureaucracy.
> If we were in a scenario where any of the feared outcomes of a government are imminent, the range of bad outcomes either way overlap too much for the difference to matter.
Those are just the worst-case scenarios. If you get Nazis, they're going to push this on everyone anyway as soon as they can. It's better to slow them down as much as possible than leave everything already implemented and all they have to do is turn key, but that's hardly the only bad thing that can happen.
If corporations know everything about you, they can use machine learning to do price discrimination. They can predict when is the best time to present you with an agreement that has you sign your rights away for a song. They can influence public opinion to control election outcomes. Censor whistleblowers who are now incapable of publishing anything under a pseudonym. Blackmail anyone because no one has any secrets from them.
The longer it's possible for people to do these things, the more likely that they happen, and the more often. So it needs to be made not just illegal but technologically unavailable. That way it's harder to happen because they have to do two things and not just one.
Especially because many of these things are not necessarily things done by people who are already in power, they're things done by people who have the surveillance data and use it to seize power. "Accountability" doesn't work if the technology can be used to seize control of the government before the government can enforce a prohibition on that use of the technology.
> It doesn't work like that because if it did you could do it on purpose to link your identity with someone else.
It does work like that in too many cases. Yes, one data point is not definitive but since they can get many data points it works well enough to be a major privacy risk - for example, this was a cheap attack which required no governmental access:
I would suggest writing down exactly what you are concerned about in a structured manner. You’ve shifted the scope significantly and are well off topic from the original point. I appreciate the emotion but it’s hard to build a policy on quicksand.
> If someone is signed into Google and then signs into their bank, does that mean they're the same person, or just two people who use the same computer?
You misunderstood my argument as “it’s okay to make things worse” rather than “spend your time on things which can matter”. You’re grossly overstating the importance of the unique identifier in era where databases are widespread. In your examples, you’re characterizing as hypothetical risks things which are routinely done by private companies right now. The modern Stasi wouldn’t need to an army of clerks to link government IDs, they’d pay Google or some other ad tech companies who’ve already linked your online activities (how many people even know if their bank uses Google Analytics?) and your email addresses and your phone numbers and your credit card transactions and the location data which the phone companies and mobile app analytics firms have already collected, etc. As a government agency, they’d even get stuff like the precise locations your phone is at. Even if you had your Amazon burner on a separate network, used a different email address with a different provider than you do for everything else, perfectly adhere to not using it for social media, etc. all you have to do is forget to turn off your phone once to link them, especially if you don’t live in a very crowded environment with many new people coming and going at unpredictable intervals.
Yes, having one identifier would make it easier but they’re already doing a good enough job that anyone who cares about it should be thinking about the safeguards which prevent abuse rather than pretending that there’s one weird trick to stop it. If we were in a scenario where any of the feared outcomes of a government are imminent, the range of bad outcomes either way overlap too much for the difference to matter.
The key thing to understand is that they don’t need it to be perfect: authoritarian governments don’t need to jail everyone who disagrees as long as they keep those people from organizing an effective opposition. If you’re opposed to them but keeping quiet and not doing much, they win. If you pull off perfect opsec and stay undetected, but they catch you because someone you know made a mistake, they win.
Worse, in the absence of effective accountability, minor mistakes only help build the fear of doing anything dodgy or subversive – if news gets out that someone went to a protest and the cops busted their roommate after linking the wrong phone, it _might_ help that one person be released but it will definitely ensure that a hundred other people get kicked out or turned in by roommates who don’t want to have the same thing happen to them (read accounts from East Germany, Russia, China, Mexico in the 70s, etc. for a reminder of how toxic the effects on social networks are), and a thousand people will stay quiet and avoid the next protest.