A cookie is not a PII identifier, it is an "identity discriminator".

In other words cookies let them tell you the _same_ person 104898 that was already here in March, welcome back!, and not any other person e.g. 298472, but without telling them your actual name etc.

In contrast, a PII identifier is a unique ID that is linked to personal attributes in real life like a person's name ("John Doe"), address ("6400 Boulevard Court, Beverly Hills, CA"), e-mail address ("john.doe@acm.org") or credit card number ("VISA 4879 5223 6537 9935").

So, this is indeed different from visiting a Website that places a cookie.

> VISA 4879 5223 6537 9935

I'm curious where that number came from. It passes the Luhn check so it probably isn't just some random number, and has the right first few digits for Visa but doesn't match any of the Visa test card numbers that I happen to know.

Looking up the issuing bank from the first 6 digits gives inconsistent results. Half of the several BIN lookup sites I tried just say it is from the US. The other half say it is from Blom bank in the country of Lebanon.

Googling it gives me a small number of sites about "unlimited credit card numbers that work 2022" which seem quite shady but I can't quit figure out what the heck that are actually trying to accomplish.

Here are those sites: https://www.financegab.com/credit-card/unlimited-credit-card... and https://paisabank.org/unlimited-credit-card-numbers-that-wor...

Credit card number generator websites exist: https://randommer.io/Card

i have been following up on that and for me too the results where inconclusive.

My bet is, that is a honeypot card.

Oh and by now we are the first result on google for it too :D

Apple ID is still a cookie and that is enough for me to avoid them like the plague.

Cookies are a required part of any login system. Your Apple ID is used to identify you, just as @amelius identifies you here.

HN doesn't offer so many services across which they can track and identify users.

If you don’t want to use services where the site keeps a cookie on your computer, you might want to avoid HN…

PII is never black or white. "_same_ person 104898" will become PII at any moment when the site can collate it on a one-to-one mapping with some other PII of yours (e.g. your email or login).

From GDPR Recital 30: "Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."

So your Apple ID becomes PII for a specific site at the precise instant you share any other PII to that site, that they are able to link to the Apple ID.

Except there's no opt-out or prompt to inform you. Quite a difference I'd say.

This seems pretty different. This is a _cross channel correlated ID_. In other words, this is able to (and presumably used for) tying the user record together between multiple, separate applications. This isn't a "generated ID that only identifies you within the current application vertical". Those IDs would not be able to cross-correlate between other app properties if leaked. The IDs as described in the article would be able to be used to build out a more rich "permanent record" on the given user as more information flows in from various apps.

But cookies I can choose not to allow, right?

Well yeah, your browser, your rules; it'll just come at a convenience fee of having to log back in every time, and that for the duration of your session you HAVE to have a cookie or your login won't work. There used to be an alternative of a session ID in every URL, but I haven't seen that in years.