False dichotomy. Plenty of governments have a digitalised id/login service to log into the tax office, government portals, whatever. This is usually also offered as a "single sign-on". After signing on, the website can request any piece of information, the list of those pieces is presented to the user, who clicks Accept or Go Back. Pretty standard stuff.
Meaning: these websites simply need to request 2 pieces of data: a boolean stating whether you are older than 16 or younger, and a UUID. Zero other pieces of identifying information. Where does the mass deanonymisation enter into this? What does it even mean in the context of using algorithmic social media whose entire business model is surveillance of its users?
> Where does the mass deanonymisation enter into this?
Via the UUID. Also via the fact that the authentication service sees what you're logging into, regardless of whether the social media site does or not.
This isn't complicated. It's obvious if you're not desperately trying not to think about it.
The UUID is unique per service. All it tells you is that two people are not the same person.
The "authentication service" is the national id. The tax man already knows your name, address, date of birth, financial possessions, income, family members, etc etc. There is no further information, apart from which website you logged on and when. This quite literally the standard of Signal [1]. And this is of course assuming the worst from the national id implementation; any sensible law would require the id provider to delete all information as soon as the login is complete.
> This quite literally the standard of Signal [1].
Yes, Signal is weak in a similar way. Although there is a difference between having to set up a bunch of wiretapping to do traffic analysis, and having the information handed to you on a plate.
> And this is of course assuming the worst from the national id implementation; any sensible law would require the id provider to delete all information as soon as the login is complete.
Assumptions that laws will be followed are out of order. Yes, you have the laws. Yes, you punish violations. But you still deal with the fact that violations will happen.
Meaning: these websites simply need to request 2 pieces of data: a boolean stating whether you are older than 16 or younger, and a UUID. Zero other pieces of identifying information. Where does the mass deanonymisation enter into this? What does it even mean in the context of using algorithmic social media whose entire business model is surveillance of its users?