{ "meta": { "version": "1.0.0", "generated": "2026-03-13", "totalTracks": 14, "totalDrivers": 98, "totalPainPoints": 1478, "totalCategories": 146, "totalProducts": 4 }, "tracks": [ { "id": 1, "name": "PII Communities", "color": "#6c8aff", "points": 163, "categories": 16, "painFile": "pii-pain-points.html", "driverFile": "drivers-pii.html", "desc": "Foundation analysis of 100 global privacy organizations classified into 16 PII approach categories.", "tag": "Master Track" }, { "id": 2, "name": "AI Anonymization", "color": "#f87171", "points": 102, "categories": 10, "painFile": "ai-pii-pain-points.html", "driverFile": "drivers-ai-anonymization.html", "desc": "How AI probabilistic PII detection fails \u2014 statistical irreducibility, context limits, adversarial attacks, and the utility-privacy tradeoff." }, { "id": 3, "name": "Solutions Market", "color": "#fb923c", "points": 105, "categories": 10, "painFile": "solutions-pain-points.html", "driverFile": "drivers-solutions-market.html", "desc": "Current PII solutions market failures \u2014 vendor lock-in, coverage gaps, prohibitive costs, trust asymmetry, and regulatory uncertainty." }, { "id": 4, "name": "Re-identification", "color": "#fbbf24", "points": 100, "categories": 10, "painFile": "reidentification-pain-points.html", "driverFile": "drivers-reidentification.html", "desc": "Why de-identified data gets re-identified \u2014 linkage attacks, auxiliary data, composition effects, and the mathematical limits of anonymization." }, { "id": 5, "name": "Enforcement", "color": "#34d399", "points": 101, "categories": 10, "painFile": "enforcement-pain-points.html", "driverFile": "drivers-enforcement.html", "desc": "Why privacy enforcement fails \u2014 regulatory capture, jurisdictional gaps, resource asymmetry, and the structural limits of consent-based regimes." }, { "id": 6, "name": "User Behavior", "color": "#22d3ee", "points": 101, "categories": 10, "painFile": "user-behavior-pain-points.html", "driverFile": "drivers-user-behavior.html", "desc": "How user behavior undermines privacy \u2014 consent fatigue, mental models vs. reality, dark patterns, and the economics of convenience." }, { "id": 7, "name": "Data Brokers", "color": "#60a5fa", "points": 100, "categories": 10, "painFile": "data-broker-pain-points.html", "driverFile": "drivers-data-brokers.html", "desc": "The data brokerage ecosystem \u2014 shadow profiles, cross-device linking, government purchasing, and the impossibility of individual opt-out." }, { "id": 8, "name": "Sector Regulations", "color": "#c084fc", "points": 101, "categories": 10, "painFile": "regulatory-pain-points.html", "driverFile": "drivers-sector-regulations.html", "desc": "Sector-specific PII regulation failures \u2014 healthcare, finance, education, employment, telecom, and the fragmentation that creates gaps." }, { "id": 9, "name": "Cross-Border Data Flows", "color": "#e879f9", "points": 100, "categories": 10, "painFile": "cross-border-pain-points.html", "driverFile": "drivers-cross-border.html", "desc": "How PII crosses jurisdictions \u2014 EU-US transfer mechanisms, CLOUD Act conflicts, data localization mandates, and surveillance state access." }, { "id": 10, "name": "AI Training PII", "color": "#fb7185", "points": 102, "categories": 10, "painFile": "ai-training-pain-points.html", "driverFile": "drivers-ai-training.html", "desc": "PII in AI training pipelines \u2014 web scraping consent, LLM memorization, right to erasure from models, deepfakes, and provenance opacity." }, { "id": 11, "name": "Health & Genomic PII", "color": "#4ade80", "points": 100, "categories": 10, "painFile": "health-pain-points.html", "driverFile": "drivers-health-genomic.html", "desc": "Health data that cannot be reissued \u2014 genomic immutability, clinical de-identification failure, wearable data leakage, and discrimination risk." }, { "id": 12, "name": "Biometric & Immutable PII", "color": "#f97316", "points": 101, "categories": 10, "painFile": "biometric-pain-points.html", "driverFile": "drivers-biometric.html", "desc": "Biometric identifiers that cannot be changed after compromise \u2014 facial recognition, voice cloning, fingerprint breaches, and algorithmic bias." }, { "id": 13, "name": "Children & Education PII", "color": "#38bdf8", "points": 101, "categories": 10, "painFile": "children-pain-points.html", "driverFile": "drivers-children-education.html", "desc": "Children as the most surveilled and least protected population \u2014 EdTech surveillance, COPPA failures, age verification paradox, and regulatory gaps." }, { "id": 14, "name": "Financial & Payment PII", "color": "#a78bfa", "points": 101, "categories": 10, "painFile": "financial-pain-points.html", "driverFile": "drivers-financial.html", "desc": "Financial data revealing identity, location, and behavior \u2014 payment card exposure, transaction profiling, credit scoring, and wealth inference attacks." } ], "drivers": [ { "trackId": 1, "num": 1, "name": "Linkability", "subtitle": "The NAND gate of PII", "definition": "The ability to connect two pieces of information to the same person. Nearly every pain point is an expression of linkability being created, exploited, or failing to be broken.", "addressable": 1 }, { "trackId": 1, "num": 2, "name": "Irreversibility", "subtitle": "The second law of thermodynamics applied to information", "definition": "Once PII propagates, it cannot be un-propagated. The arrow of data only points one direction. PII exposure is a one-way function with no inverse.", "addressable": 1 }, { "trackId": 1, "num": 3, "name": "Power Asymmetry", "subtitle": "The gravitational constant of PII", "definition": "The collector designs the system, profits from collection, writes the rules, and lobbies for the legal framework. The individual is a passenger in a vehicle they did not build.", "addressable": 0 }, { "trackId": 1, "num": 4, "name": "Dual-Use", "subtitle": "The Heisenberg principle of PII", "definition": "Every capability that enables functionality simultaneously enables surveillance. They cannot be separated at the technical level.", "addressable": 0 }, { "trackId": 1, "num": 5, "name": "Complexity Cascade", "subtitle": "The inverse of defense-in-depth", "definition": "PII protection requires perfection across ALL layers simultaneously. One failure anywhere collapses everything.", "addressable": 1 }, { "trackId": 1, "num": 6, "name": "Knowledge Asymmetry", "subtitle": "The resistance in the circuit", "definition": "The gap between what is known and what is practiced. Solutions exist in papers that practitioners never read. Rights exist that individuals never exercise.", "addressable": 1 }, { "trackId": 1, "num": 7, "name": "Jurisdiction Fragmentation", "subtitle": "The clock skew of the system", "definition": "PII flows globally in milliseconds. Rules are local and take decades to write. The gap between the speed of data and the speed of regulation is the exploit surface.", "addressable": 0 }, { "trackId": 2, "num": 1, "name": "Statistical Irreducibility", "subtitle": "The noise floor of detection", "definition": "AI PII detection is inherently probabilistic. No model achieves 100% precision and 100% recall simultaneously \u2014 the uncertainty is irreducible.", "addressable": 1 }, { "trackId": 2, "num": 2, "name": "Context Boundedness", "subtitle": "The horizon of understanding", "definition": "NLP models operate within fixed context windows and lack world knowledge. Coreference resolution, cross-document tracking, and pragmatic inference remain unsolved.", "addressable": 0 }, { "trackId": 2, "num": 3, "name": "Distribution Mismatch", "subtitle": "The training-deployment gap", "definition": "Models trained on one distribution fail on another. Language, domain, format, and cultural variation create systematic coverage gaps.", "addressable": 1 }, { "trackId": 2, "num": 4, "name": "Modality Isolation", "subtitle": "The format silo", "definition": "PII exists in text, images, audio, video, sensor data, and structured databases. No single tool spans all modalities.", "addressable": 1 }, { "trackId": 2, "num": 5, "name": "Adversarial Unboundedness", "subtitle": "The asymmetric arms race", "definition": "Adversaries can craft unlimited evasion strategies. Defense must be comprehensive while attack needs one bypass.", "addressable": 0 }, { "trackId": 2, "num": 6, "name": "Utility-Privacy Duality", "subtitle": "The conservation law", "definition": "Information content and identifiability are the same property measured differently. Maximizing utility and maximizing privacy are mathematically opposed.", "addressable": 1 }, { "trackId": 2, "num": 7, "name": "Compliance Indeterminacy", "subtitle": "The legal uncertainty principle", "definition": "No regulator has formally defined what level of AI anonymization satisfies legal requirements. Organizations invest with uncertain legal status.", "addressable": 1 }, { "trackId": 3, "num": 1, "name": "Vendor Fragmentation", "subtitle": "The integration tax", "definition": "Organizations need 2-4 vendors for discovery, detection, anonymization, and governance. Each vendor speaks a different language with incompatible APIs.", "addressable": 1 }, { "trackId": 3, "num": 2, "name": "Coverage Incompleteness", "subtitle": "The detection ceiling", "definition": "No vendor covers all PII types, all languages, all formats, all domains. Every tool has blind spots that become attack vectors.", "addressable": 1 }, { "trackId": 3, "num": 3, "name": "Cost Exclusion", "subtitle": "The paywall barrier", "definition": "Enterprise PII tools cost $50K-500K/year. Mid-market organizations, nonprofits, and Global South entities are priced out of protection.", "addressable": 1 }, { "trackId": 3, "num": 4, "name": "Trust Asymmetry", "subtitle": "The vendor paradox", "definition": "To protect PII you must share it with a vendor. Cloud processing requires trusting the processor. The solution creates a new vulnerability.", "addressable": 1 }, { "trackId": 3, "num": 5, "name": "Regulatory Indeterminacy", "subtitle": "The compliance maze", "definition": "121+ privacy regulations worldwide with different definitions, requirements, and enforcement. No vendor can guarantee compliance across all jurisdictions.", "addressable": 1 }, { "trackId": 3, "num": 6, "name": "Modality Blindness", "subtitle": "The format gap", "definition": "Most tools handle text. Images, PDFs, spreadsheets, audio, video, IoT data remain underserved. PII exists in every format; tools cover few.", "addressable": 1 }, { "trackId": 3, "num": 7, "name": "Formalization Gap", "subtitle": "The guarantee void", "definition": "No product can provide formal privacy guarantees for document anonymization. The gap between what is promised and what is provable is the market's structural weakness.", "addressable": 0 }, { "trackId": 4, "num": 1, "name": "Quasi-Identifier Combinatorics", "subtitle": "The linkage explosion", "definition": "87% of the US population identifiable by zip code + gender + date of birth. As attributes increase, uniqueness approaches certainty exponentially.", "addressable": 1 }, { "trackId": 4, "num": 2, "name": "Auxiliary Data Abundance", "subtitle": "The external threat", "definition": "External datasets grow continuously, shrinking the anonymity set of any released dataset. Re-identification risk increases over time without any action by the data holder.", "addressable": 1 }, { "trackId": 4, "num": 3, "name": "Behavioral Uniqueness", "subtitle": "The human fingerprint", "definition": "Writing style, movement patterns, typing rhythms uniquely identify individuals even with perfect technical anonymization. Behavior IS identity.", "addressable": 0 }, { "trackId": 4, "num": 4, "name": "Structural Invariance", "subtitle": "The graph signature", "definition": "Network topology, community structure, and degree sequences survive entity-level anonymization. The shape of relationships identifies as surely as the labels on nodes.", "addressable": 0 }, { "trackId": 4, "num": 5, "name": "Temporal Persistence", "subtitle": "The time dimension", "definition": "Anonymized data re-identified through temporal correlation. Timestamps, sequences, and longitudinal patterns create persistent identity signatures.", "addressable": 1 }, { "trackId": 4, "num": 6, "name": "Privacy Model Fragility", "subtitle": "The theoretical limit", "definition": "k-anonymity, l-diversity, t-closeness, differential privacy \u2014 each model has known attack vectors. No single model provides complete protection.", "addressable": 1 }, { "trackId": 4, "num": 7, "name": "Irreversible Disclosure", "subtitle": "The point of no return", "definition": "Once data is published, re-identification cannot be undone. The only defense against irreversible disclosure is preventing disclosure in the first place.", "addressable": 1 }, { "trackId": 5, "num": 1, "name": "Resource Asymmetry", "subtitle": "The enforcement gap", "definition": "Data Protection Authorities are outmatched by the entities they regulate. Ireland's DPC handles most Big Tech complaints with a fraction of Big Tech's legal budget.", "addressable": 0 }, { "trackId": 5, "num": 2, "name": "Jurisdictional Fragmentation", "subtitle": "The border problem", "definition": "PII flows globally; enforcement is local. No DPA has jurisdiction over the full data lifecycle of a multinational corporation.", "addressable": 1 }, { "trackId": 5, "num": 3, "name": "Accountability Opacity", "subtitle": "The black box", "definition": "Organizations self-certify compliance. Audits are rare, shallow, and announced in advance. The gap between claimed and actual compliance is vast and unmeasured.", "addressable": 1 }, { "trackId": 5, "num": 4, "name": "Consent Fiction", "subtitle": "The legal theater", "definition": "'Informed consent' is a legal fiction at internet scale. 76 work days/year needed to read all privacy policies. Consent is manufactured, not given.", "addressable": 1 }, { "trackId": 5, "num": 5, "name": "Temporal Mismatch", "subtitle": "The speed gap", "definition": "GDPR investigations take 3-5 years. Technology cycles are 6-18 months. By the time enforcement acts, the violating product may no longer exist.", "addressable": 1 }, { "trackId": 5, "num": 6, "name": "Structural Capture", "subtitle": "The revolving door", "definition": "Regulated entities fund the regulators, lobby the legislators, and hire the enforcement alumni. The regulatory ecosystem is captured by the entities it governs.", "addressable": 1 }, { "trackId": 5, "num": 7, "name": "Remedy Inadequacy", "subtitle": "The hollow victory", "definition": "Maximum GDPR fine: 4% of revenue. Median GDPR fine: under 100K. Fines are a cost of business, not a deterrent. Individuals receive no compensation for privacy violations.", "addressable": 1 }, { "trackId": 6, "num": 1, "name": "Cognitive Overload", "subtitle": "The decision fatigue", "definition": "Users face 100+ privacy decisions daily. Cookie banners, app permissions, terms of service, privacy settings \u2014 each demanding attention that humans cannot sustain.", "addressable": 1 }, { "trackId": 6, "num": 2, "name": "Hostile Defaults", "subtitle": "The opt-out trap", "definition": "Every major platform ships with maximum data collection enabled. Privacy requires active, repeated, expert intervention against deliberately hostile design.", "addressable": 1 }, { "trackId": 6, "num": 3, "name": "Mental Model Failure", "subtitle": "The understanding gap", "definition": "Users believe incognito mode prevents tracking, VPNs ensure anonymity, and antivirus protects PII. The gap between belief and reality is the vulnerability.", "addressable": 1 }, { "trackId": 6, "num": 4, "name": "Trust Miscalibration", "subtitle": "The misplaced confidence", "definition": "Users trust platforms that have been breached, VPNs that log, and apps that sell data. Trust is based on marketing, not architecture.", "addressable": 1 }, { "trackId": 6, "num": 5, "name": "Social Coercion", "subtitle": "The network effect trap", "definition": "Privacy tools require network adoption to be useful. Switching to Signal is useless if contacts stay on WhatsApp. Privacy is a collective action problem.", "addressable": 1 }, { "trackId": 6, "num": 6, "name": "Exclusion by Design", "subtitle": "The accessibility barrier", "definition": "Privacy tools require technical expertise, English literacy, modern devices, and stable internet. The most vulnerable populations are the least equipped to protect themselves.", "addressable": 1 }, { "trackId": 6, "num": 7, "name": "Learned Helplessness", "subtitle": "The surrender response", "definition": "Repeated privacy violations with no recourse create the belief that privacy protection is futile. Users stop trying because trying has never worked.", "addressable": 1 }, { "trackId": 7, "num": 1, "name": "Collection Ubiquity", "subtitle": "The invisible harvest", "definition": "Data brokers collect from hundreds of sources \u2014 public records, app SDKs, IoT devices, retail loyalty cards, credit bureaus \u2014 creating profiles without the subject's knowledge.", "addressable": 1 }, { "trackId": 7, "num": 2, "name": "Identity Resolution", "subtitle": "The linking engine", "definition": "Data brokers link fragments from different sources into comprehensive profiles using deterministic, probabilistic, and device graph matching.", "addressable": 1 }, { "trackId": 7, "num": 3, "name": "Supply Chain Opacity", "subtitle": "The invisible pipeline", "definition": "Data flows through resale chains of 5-10 intermediaries. No single entity can map the complete data flow from collection to end use.", "addressable": 1 }, { "trackId": 7, "num": 4, "name": "Opt-Out Futility", "subtitle": "The Sisyphean task", "definition": "Individual opt-out from 4,000+ data brokers is practically impossible. Opt-out processes are deliberately complex, temporary, and incomplete.", "addressable": 1 }, { "trackId": 7, "num": 5, "name": "Regulatory Fragmentation", "subtitle": "The legal vacuum", "definition": "No comprehensive federal data broker law in the US. Vermont's registration law covers a fraction. Most countries have no data broker regulation at all.", "addressable": 1 }, { "trackId": 7, "num": 6, "name": "Information Asymmetry", "subtitle": "The knowledge gap", "definition": "Data brokers know everything about individuals; individuals know nothing about data brokers. The asymmetry is by design and commercially advantageous.", "addressable": 1 }, { "trackId": 7, "num": 7, "name": "Harm Externalization", "subtitle": "The cost displacement", "definition": "Data brokers profit from collection but bear none of the costs of stalking, discrimination, fraud, or democratic manipulation their data enables.", "addressable": 0 }, { "trackId": 8, "num": 1, "name": "Vertical-Horizontal Collision", "subtitle": "The regulatory pileup", "definition": "Sector-specific laws (HIPAA, GLBA, FERPA) collide with horizontal frameworks (GDPR, CCPA). Organizations must comply with overlapping, sometimes contradictory requirements.", "addressable": 1 }, { "trackId": 8, "num": 2, "name": "Jurisdictional Fragmentation", "subtitle": "The compliance maze", "definition": "Same data type regulated differently across 200+ jurisdictions. Financial data has different rules in US (GLBA), EU (PSD2), and Asia (various).", "addressable": 1 }, { "trackId": 8, "num": 3, "name": "Cross-Border Transfer Instability", "subtitle": "The shifting ground", "definition": "Transfer mechanisms (Privacy Shield, SCCs, adequacy decisions) are invalidated, modified, and replaced on political timelines, not technical ones.", "addressable": 1 }, { "trackId": 8, "num": 4, "name": "Surveillance-Privacy Contradiction", "subtitle": "The impossible mandate", "definition": "Governments mandate privacy protection while simultaneously mandating surveillance capabilities. AML requires comprehensive data collection; GDPR requires minimization.", "addressable": 1 }, { "trackId": 8, "num": 5, "name": "De-Identification Impossibility", "subtitle": "The mathematical wall", "definition": "Formal anonymization is mathematically impossible for useful datasets. The tension between utility and privacy cannot be fully resolved by any method.", "addressable": 0 }, { "trackId": 8, "num": 6, "name": "Consent Architecture Failure", "subtitle": "The broken interface", "definition": "Consent mechanisms designed for simple data relationships cannot handle the complexity of modern data ecosystems with hundreds of processors and purposes.", "addressable": 1 }, { "trackId": 8, "num": 7, "name": "Enforcement Asymmetry", "subtitle": "The paper tiger", "definition": "Sector regulators have different powers, budgets, and political independence. Some enforce vigorously; others are captured or underfunded.", "addressable": 0 }, { "trackId": 9, "num": 1, "name": "Sovereignty Collision", "subtitle": "The jurisdictional paradox", "definition": "Multiple nations claim legal authority over the same data simultaneously. GDPR demands protection; CLOUD Act demands access; China's NSL demands localization.", "addressable": 1 }, { "trackId": 9, "num": 2, "name": "Adequacy Fiction", "subtitle": "The political determination", "definition": "Adequacy decisions are political, not technical. The same country's protections are 'adequate' or 'inadequate' based on geopolitical relationships, not data protection reality.", "addressable": 1 }, { "trackId": 9, "num": 3, "name": "Encryption Insufficiency", "subtitle": "The compellable key", "definition": "Encryption protects data in transit but keys are compellable by law. Court orders, national security letters, and intelligence agencies can force decryption.", "addressable": 1 }, { "trackId": 9, "num": 4, "name": "Corporate Arbitrage", "subtitle": "The compliance gap", "definition": "Multinational corporations exploit jurisdictional gaps, routing data through favorable jurisdictions and using structural complexity to avoid the strongest protections.", "addressable": 1 }, { "trackId": 9, "num": 5, "name": "Surveillance Asymmetry", "subtitle": "The intelligence gap", "definition": "Five Eyes, FISA 702, SORM \u2014 intelligence agencies collect data globally with minimal oversight. No technical measure can prevent state-level collection.", "addressable": 0 }, { "trackId": 9, "num": 6, "name": "Temporal Fragility", "subtitle": "The expiring protection", "definition": "Transfer mechanisms expire, are invalidated, or politically undermined. Privacy Shield lasted 4 years. DPF's duration is uncertain. Legal protection has a shelf life.", "addressable": 1 }, { "trackId": 9, "num": 7, "name": "Extraterritorial Overreach", "subtitle": "The long arm", "definition": "Nations apply their laws beyond their borders. GDPR applies to non-EU companies processing EU data. CLOUD Act reaches data stored anywhere by US companies.", "addressable": 1 }, { "trackId": 10, "num": 1, "name": "Memorization Inevitability", "subtitle": "The learning paradox", "definition": "Large language models memorize training data. Learning IS selective memorization. PII in training data will be memorized and can be extracted.", "addressable": 0 }, { "trackId": 10, "num": 2, "name": "Extraction Asymmetry", "subtitle": "The output vulnerability", "definition": "Trained models can be prompted to reveal memorized PII. Defense must be comprehensive; attack needs one successful prompt.", "addressable": 0 }, { "trackId": 10, "num": 3, "name": "Provenance Opacity", "subtitle": "The data trail gap", "definition": "No one knows what PII is in which training dataset. Web scraping at scale makes comprehensive auditing practically impossible.", "addressable": 1 }, { "trackId": 10, "num": 4, "name": "Scale Incompatibility", "subtitle": "The volume problem", "definition": "Privacy tools operate at document scale; AI training operates at internet scale. The mismatch is orders of magnitude.", "addressable": 1 }, { "trackId": 10, "num": 5, "name": "Embedding Leakage", "subtitle": "The vector space problem", "definition": "PII is encoded in vector embeddings. Identity information is entangled with semantic meaning at the representation level \u2014 a conservation law.", "addressable": 0 }, { "trackId": 10, "num": 6, "name": "Consent Impossibility", "subtitle": "The retroactive problem", "definition": "Consent cannot be obtained retroactively from billions of people whose data was scraped. And already-trained models embed PII for which consent can never be obtained.", "addressable": 1 }, { "trackId": 10, "num": 7, "name": "Accountability Diffusion", "subtitle": "The responsibility vacuum", "definition": "Who is responsible for PII in AI? The scraper, the trainer, the deployer, the fine-tuner, the user? Responsibility is diffused across the pipeline.", "addressable": 1 }, { "trackId": 11, "num": 1, "name": "Genomic Immutability", "subtitle": "The permanent code", "definition": "DNA cannot be reissued, rotated, or changed. A compromised genome is compromised forever \u2014 for the individual AND their genetic relatives.", "addressable": 0 }, { "trackId": 11, "num": 2, "name": "Familial Entanglement", "subtitle": "The shared secret", "definition": "One person's genomic data inherently reveals information about all genetic relatives. Individual consent frameworks cannot govern inherently familial information.", "addressable": 0 }, { "trackId": 11, "num": 3, "name": "Clinical Context Dependency", "subtitle": "The utility-privacy tension", "definition": "Clinical data requires context to be useful. The same data point is life-saving in a clinical setting and discriminatory in an employment setting.", "addressable": 1 }, { "trackId": 11, "num": 4, "name": "Temporal Accumulation", "subtitle": "The growing file", "definition": "Health records accumulate over a lifetime. Each new data point increases re-identification risk and the comprehensiveness of the profile.", "addressable": 1 }, { "trackId": 11, "num": 5, "name": "Discriminatory Potential", "subtitle": "The preexisting condition", "definition": "Health data predicts cost. As long as health status predicts economic value, institutions will seek health data for discrimination.", "addressable": 0 }, { "trackId": 11, "num": 6, "name": "Research-Privacy Tension", "subtitle": "The dual mandate", "definition": "Medical research requires data access; patient privacy requires data restriction. Both are ethical imperatives that cannot be simultaneously maximized.", "addressable": 1 }, { "trackId": 11, "num": 7, "name": "Consent Inadequacy", "subtitle": "The blanket permission", "definition": "Broad consent for future unspecified research. Dynamic consent is theoretically ideal but practically unimplementable at population biobank scale.", "addressable": 1 }, { "trackId": 12, "num": 1, "name": "Biometric Immutability", "subtitle": "The permanent key", "definition": "Biometrics cannot be changed, revoked, or reissued. A compromised fingerprint, face, or iris is compromised forever.", "addressable": 0 }, { "trackId": 12, "num": 2, "name": "Capture Asymmetry", "subtitle": "The one-way mirror", "definition": "Biometrics can be captured without knowledge, consent, or proximity. The captor needs technology; the subject needs only to be alive.", "addressable": 0 }, { "trackId": 12, "num": 3, "name": "Modality Proliferation", "subtitle": "The expanding frontier", "definition": "The number of biometric modalities grows continuously \u2014 gait, keystroke dynamics, heartbeat, typing rhythm, driving patterns, brainwave patterns.", "addressable": 1 }, { "trackId": 12, "num": 4, "name": "Discriminatory Encoding", "subtitle": "The biased lens", "definition": "Biometric systems encode demographic bias at every layer. Error rates vary 10-100x across demographics. The most surveilled are those for whom systems perform worst.", "addressable": 1 }, { "trackId": 12, "num": 5, "name": "Consent Impossibility", "subtitle": "The choiceless choice", "definition": "Biometric collection occurs where refusal is not an option: borders, employment, school, government services, public spaces.", "addressable": 0 }, { "trackId": 12, "num": 6, "name": "Database Persistence", "subtitle": "The indelible archive", "definition": "Biometric databases are permanent by nature. Government databases have 75-year retention periods. The right to be forgotten is a legal fiction for biometric data.", "addressable": 1 }, { "trackId": 12, "num": 7, "name": "Regulatory Fragmentation", "subtitle": "The patchwork shield", "definition": "Biometric protection varies from robust (Illinois BIPA) to nonexistent (40+ US states). No federal US biometric privacy law exists.", "addressable": 1 }, { "trackId": 13, "num": 1, "name": "Developmental Incapacity", "subtitle": "The unformed mind", "definition": "Children cannot meaningfully consent, comprehend privacy implications, or advocate for their own data rights. Privacy decision-making matures in the early 20s.", "addressable": 0 }, { "trackId": 13, "num": 2, "name": "Compulsory Participation", "subtitle": "The inescapable system", "definition": "Children cannot opt out of school, cannot choose not to use school-mandated devices, cannot refuse standardized testing.", "addressable": 0 }, { "trackId": 13, "num": 3, "name": "Temporal Permanence", "subtitle": "The lifelong shadow", "definition": "Data collected from a 5-year-old persists and remains usable for 70+ years. No other population has such a long gap between collection and consequence.", "addressable": 1 }, { "trackId": 13, "num": 4, "name": "Proxy Failure", "subtitle": "The broken guardian", "definition": "Parents are legally designated as privacy guardians but lack the technical literacy, time, and tools. 46% of teens say parents know little about their online activity.", "addressable": 1 }, { "trackId": 13, "num": 5, "name": "Ecosystem Opacity", "subtitle": "The invisible network", "definition": "Children's data flows through an opaque ecosystem of EdTech vendors, advertising networks, and data brokers that no single stakeholder can map.", "addressable": 1 }, { "trackId": 13, "num": 6, "name": "Exploitative Design", "subtitle": "The weaponized interface", "definition": "Platform design deliberately exploits developmental vulnerabilities: variable-ratio reinforcement, social comparison, reciprocity pressure, artificial scarcity, FOMO.", "addressable": 1 }, { "trackId": 13, "num": 7, "name": "Regulatory Inadequacy", "subtitle": "The paper shield", "definition": "COPPA (1998) predates modern EdTech, AI, social media. FERPA has never resulted in a single enforcement action with financial penalty.", "addressable": 1 }, { "trackId": 14, "num": 1, "name": "Transaction Ubiquity", "subtitle": "The paper trail", "definition": "Every financial transaction generates PII. Modern life requires financial transactions. Financial existence and financial surveillance are inseparable.", "addressable": 1 }, { "trackId": 14, "num": 2, "name": "Pattern Identifiability", "subtitle": "The behavioral fingerprint", "definition": "Transaction patterns uniquely identify individuals even without names. De-identified transaction data can be re-identified from just 4 data points with 90% accuracy.", "addressable": 0 }, { "trackId": 14, "num": 3, "name": "Regulatory Fragmentation", "subtitle": "The patchwork quilt", "definition": "Financial data governed by overlapping regulations: PCI-DSS, GLBA, PSD2, GDPR, CCPA, AML/KYC. No institution can fully satisfy all simultaneously.", "addressable": 1 }, { "trackId": 14, "num": 4, "name": "Real-Time Exposure", "subtitle": "The speed tax", "definition": "Financial systems require real-time processing. Privacy-enhancing techniques add latency incompatible with payment processing requirements.", "addressable": 0 }, { "trackId": 14, "num": 5, "name": "Pseudonymity Fragility", "subtitle": "The transparent ledger", "definition": "Cryptocurrency pseudonymity is trivially broken by chain analysis. Public ledgers create permanent, immutable records that anyone can analyze.", "addressable": 0 }, { "trackId": 14, "num": 6, "name": "Economic Coercion", "subtitle": "The financial gateway", "definition": "Access to financial services requires surrendering financial PII. Employment requires a bank account. Housing requires credit history.", "addressable": 1 }, { "trackId": 14, "num": 7, "name": "Systemic Concentration", "subtitle": "The data monopoly", "definition": "A handful of payment networks, credit bureaus, and tech platforms concentrate global financial PII. Network effects ensure concentration increases over time.", "addressable": 0 } ], "products": [ { "name": "anonymize.solutions", "color": "#6c8aff", "version": "v1.6.12", "tagline": "Umbrella platform \u2014 260+ entities, 3 deployment tiers", "site": "https://anonymize.solutions", "folder": "anonymize.solutions", "cases": 40, "specs": { "entities": "260+", "languages": 48, "nlpEngines": "spaCy + Stanza + XLM-RoBERTa", "methods": 5, "presets": 121, "deployment": "Cloud, Desktop, Self-Managed Docker", "compliance": "GDPR, HIPAA, PCI-DSS, FERPA, ISO 27001", "hosting": "100% EU (Hetzner Germany)" } }, { "name": "cloak.business", "color": "#fb923c", "version": "Analyzer 6.9.1", "tagline": "Air-gapped desktop \u2014 390+ entities, 317 custom regex", "site": "https://cloak.business", "folder": "cloak.business", "cases": 30, "specs": { "entities": "390+", "regex": "317 custom patterns", "formats": "7 (PDF, DOCX, XLSX, TXT, CSV, JSON, XML)", "ocr": "Tesseract image OCR", "deployment": "100% air-gapped offline", "auth": "Zero-knowledge" } }, { "name": "anonym.legal", "color": "#fbbf24", "version": "Desktop 7.4.4", "tagline": "Cloud platform \u2014 Chrome Extension, 260+ entities", "site": "https://anonym.legal", "folder": "anonym.legal", "cases": 40, "specs": { "entities": "260+", "detection": "3-layer (Presidio + NLP + Stance)", "extensions": "Chrome Extension, Office Add-in", "pricing": "Free / \u20ac9.90 / \u20ac29.90 / Enterprise", "compliance": "GDPR, HIPAA", "hosting": "EU cloud" } }, { "name": "anonym.plus", "color": "#34d399", "version": "v8.3.1", "tagline": "Licensed desktop \u2014 200+ entities, Ed25519 licensing", "site": "https://anonym.plus", "folder": "anonym.plus", "cases": 30, "specs": { "entities": "200+", "models": "23 spaCy NLP models", "formats": "7 + Tesseract OCR", "licensing": "Ed25519 machine-bound", "deployment": "100% local, zero cloud dependency", "pricing": "One-time \u20ac99" } } ], "ecosystem": [ { "trackId": 1, "product": "anonymize.solutions", "drivers": "T1,T5,T6,T7", "description": "260+ entity types, 48 languages, dual-layer detection, 3 deployment tiers, 6 integration points, 13 educational resources, 10 demos" }, { "trackId": 1, "product": "cloak.business", "drivers": "T1,T2,T5", "description": "390+ entities, 317 custom regex, image OCR, 100% offline \u2014 PII never leaves the machine" }, { "trackId": 1, "product": "anonym.legal", "drivers": "T1,T3,T6,T7", "description": "260+ entities, Chrome Extension, Office Add-in, MCP Server, \u20ac3 entry price" }, { "trackId": 1, "product": "anonym.plus", "drivers": "T1,T2,T5", "description": "200+ entities, local Presidio sidecar, Ed25519 licensing, zero cloud dependency" }, { "trackId": 2, "product": "anonymize.solutions", "drivers": "T1,T3,T6,T7", "description": "Dual-layer detection addresses statistical uncertainty; 48 languages address distribution; 5 methods address utility-privacy; 121 compliance presets" }, { "trackId": 2, "product": "cloak.business", "drivers": "T1,T3,T4", "description": "390+ entities, 317 custom regex span distribution gaps; image OCR addresses modality; 100% offline" }, { "trackId": 2, "product": "anonym.legal", "drivers": "T1,T3,T7", "description": "3-layer detection addresses accuracy; Chrome Extension addresses in-browser modality; 4 pricing tiers" }, { "trackId": 2, "product": "anonym.plus", "drivers": "T1,T3,T4", "description": "200+ entities, 23 NLP models; 7 document formats + image OCR; zero cloud dependency" }, { "trackId": 3, "product": "anonymize.solutions", "drivers": "T1,T2,T3,T5", "description": "Unified ecosystem, 48 languages + 260+ entities, 4 pricing tiers, 121 compliance presets" }, { "trackId": 3, "product": "cloak.business", "drivers": "T2,T4,T6", "description": "390+ entities span coverage, 100% offline eliminates trust, image OCR addresses modality" }, { "trackId": 3, "product": "anonym.legal", "drivers": "T1,T3,T5,T6", "description": "3-layer detection unifies pipeline, 4 pricing tiers, Chrome Extension + Office Add-in extend modality" }, { "trackId": 3, "product": "anonym.plus", "drivers": "T3,T4,T6", "description": "One-time \u20ac99 price, local processing after activation, 7 formats + OCR" }, { "trackId": 4, "product": "anonymize.solutions", "drivers": "T1,T2,T5,T6", "description": "260+ entity types detect quasi-identifiers, intercept PII before auxiliary ecosystem growth, temporal generalization, 5 methods + 121 presets" }, { "trackId": 4, "product": "cloak.business", "drivers": "T2,T6,T7", "description": "390+ entities maximize pre-release detection, multiple methods, 100% offline prevents irreversible cloud disclosure" }, { "trackId": 4, "product": "anonym.legal", "drivers": "T1,T5,T6", "description": "3-layer NLP detection of quasi-identifiers, timestamp anonymization, Chrome Extension + Office Add-in" }, { "trackId": 4, "product": "anonym.plus", "drivers": "T1,T6,T7", "description": "7 formats + OCR cover quasi-identifiers in documents, 5 anonymization methods, local processing prevents disclosure" }, { "trackId": 5, "product": "anonymize.solutions", "drivers": "T2,T3,T6", "description": "121 compliance presets navigate jurisdictional fragmentation, audit trails address opacity, structural independence" }, { "trackId": 5, "product": "cloak.business", "drivers": "T3,T4,T5,T6", "description": "Full audit trail, anonymize before consent needed, real-time detection, independent of cloud providers" }, { "trackId": 5, "product": "anonym.legal", "drivers": "T2,T3,T5", "description": "Multi-jurisdiction presets, explainable detection reports, immediate processing" }, { "trackId": 5, "product": "anonym.plus", "drivers": "T4,T5,T7", "description": "Anonymize data before submission, real-time local processing, proactive protection as remedy" }, { "trackId": 6, "product": "anonymize.solutions", "drivers": "T1,T2,T3,T7", "description": "121 presets eliminate complexity, zero-storage defaults, visual feedback corrects mental models, instant results break helplessness" }, { "trackId": 6, "product": "cloak.business", "drivers": "T1,T4,T6", "description": "Drag-and-drop simplicity, 100% offline eliminates trust, visual GUI accessible to non-technical users" }, { "trackId": 6, "product": "anonym.legal", "drivers": "T1,T2,T6,T7", "description": "3-layer auto-detection, privacy-first defaults, 4 pricing tiers including free, immediate results" }, { "trackId": 6, "product": "anonym.plus", "drivers": "T1,T4,T5,T6", "description": "One-time \u20ac99, local processing, works within existing workflows, 7 formats + OCR" }, { "trackId": 7, "product": "anonymize.solutions", "drivers": "T1,T2,T3,T6", "description": "Documents collection vectors, explains resolution techniques, maps supply chain, reduces information asymmetry" }, { "trackId": 7, "product": "cloak.business", "drivers": "T1,T2,T6", "description": "Detects PII before collection pipeline, disrupts identity resolution, gives users visibility" }, { "trackId": 7, "product": "anonym.legal", "drivers": "T1,T2,T3,T6", "description": "Anonymizes documents before sharing, breaks identity links, prevents data from entering broker supply chains" }, { "trackId": 7, "product": "anonym.plus", "drivers": "T1,T2,T6", "description": "Local processing prevents cloud collection, anonymizes identifiers, shows users what PII documents contain" }, { "trackId": 8, "product": "anonymize.solutions", "drivers": "T1,T2,T3,T5", "description": "121 compliance presets span vertical-horizontal collisions, 48 languages cover jurisdictions, EU hosting eliminates transfer risk" }, { "trackId": 8, "product": "cloak.business", "drivers": "T2,T3,T4", "description": "390+ entities span jurisdictional coverage, offline processing eliminates transfer, zero cloud dependency defeats surveillance" }, { "trackId": 8, "product": "anonym.legal", "drivers": "T1,T2,T6,T7", "description": "Sector presets address regulatory collisions, multi-language detection, browser extension enables privacy-by-default" }, { "trackId": 8, "product": "anonym.plus", "drivers": "T3,T4,T5", "description": "Local processing eliminates transfer, air-gapped mode defeats surveillance, 7 formats + 5 methods" }, { "trackId": 9, "product": "anonymize.solutions", "drivers": "T1,T2,T3,T7", "description": "EU-only hosting resolves sovereignty; pre-transfer anonymization bypasses adequacy; irreversible methods replace encryption" }, { "trackId": 9, "product": "cloak.business", "drivers": "T1,T3,T4", "description": "100% offline eliminates cross-border risk; 390+ entities cover international PII formats; 317 custom regex" }, { "trackId": 9, "product": "anonym.legal", "drivers": "T4,T6,T7", "description": "Affordable pricing eliminates SME compliance gap; Chrome Extension anonymizes before AI submission; EU hosting" }, { "trackId": 9, "product": "anonym.plus", "drivers": "T1,T3,T5", "description": "Zero cloud dependency eliminates all cross-border transfer; 100% local Presidio sidecar; Ed25519 licensing" }, { "trackId": 10, "product": "anonymize.solutions", "drivers": "T1,T5,T6", "description": "Pre-training PII scrubbing prevents memorization; pre-embedding anonymization; anonymization eliminates consent requirement" }, { "trackId": 10, "product": "cloak.business", "drivers": "T1,T3,T5", "description": "390+ entities, 317 custom regex for deepest training data scrubbing; image OCR; 7 format support for data audit" }, { "trackId": 10, "product": "anonym.legal", "drivers": "T1,T2,T6", "description": "3-layer detection for high-accuracy scrubbing; Chrome Extension filters AI outputs in real time; 4 pricing tiers" }, { "trackId": 10, "product": "anonym.plus", "drivers": "T1,T3", "description": "200+ entities, 23 NLP models for local training data audit; 7 formats + OCR; zero cloud dependency" }, { "trackId": 11, "product": "anonymize.solutions", "drivers": "T3,T6,T7", "description": "5 anonymization methods address clinical utility-privacy spectrum; 121 HIPAA/GDPR presets; reversible encryption enables research-privacy balance" }, { "trackId": 11, "product": "cloak.business", "drivers": "T3,T4", "description": "390+ entities detect clinical PII; image OCR catches burned-in medical image annotations; 317 custom regex" }, { "trackId": 11, "product": "anonym.legal", "drivers": "T3,T7", "description": "3-layer detection handles clinical text ambiguity; Chrome Extension for EHR-adjacent anonymization; 4 pricing tiers" }, { "trackId": 11, "product": "anonym.plus", "drivers": "T3,T4,T7", "description": "7 document formats cover clinical range; Tesseract OCR for medical images; air-gapped for research environments" }, { "trackId": 12, "product": "anonymize.solutions", "drivers": "T4,T6,T7", "description": "48-language NLP reduces demographic blindspots; zero-knowledge architecture; 121 compliance presets navigate patchwork" }, { "trackId": 12, "product": "cloak.business", "drivers": "T3,T6", "description": "390+ entities detect biometric identifiers; image OCR catches biometric data in scanned IDs; zero-storage microservices" }, { "trackId": 12, "product": "anonym.legal", "drivers": "T4,T7", "description": "3-layer detection handles biometric references across languages; Chrome Extension; 4 pricing tiers for BIPA/GDPR compliance" }, { "trackId": 12, "product": "anonym.plus", "drivers": "T3,T6,T7", "description": "7 formats + Tesseract OCR; 100% offline with zero data egress; Ed25519 licensing for air-gapped environments" }, { "trackId": 13, "product": "anonymize.solutions", "drivers": "T3,T6,T7", "description": "5 anonymization methods address temporal permanence; 121 COPPA/FERPA/GDPR presets; 3 deployment tiers" }, { "trackId": 13, "product": "cloak.business", "drivers": "T5,T6", "description": "390+ entities detect children's PII across EdTech data flows; image OCR; 317 custom regex; 100% offline for school districts" }, { "trackId": 13, "product": "anonym.legal", "drivers": "T4,T7", "description": "Chrome Extension empowers parents as privacy proxies; 48 UI languages; \u20ac3 entry removes economic barriers" }, { "trackId": 13, "product": "anonym.plus", "drivers": "T3,T4,T7", "description": "7 formats cover school records; Tesseract OCR; air-gapped for school data; zero data egress" }, { "trackId": 14, "product": "anonymize.solutions", "drivers": "T1,T3,T6", "description": "317 regex patterns detect financial identifiers; 121 compliance presets; 5 methods; free tier democratizes access" }, { "trackId": 14, "product": "cloak.business", "drivers": "T1,T3", "description": "390+ entities with 317 custom regex for financial patterns; image OCR; 100% offline eliminates propagation risk" }, { "trackId": 14, "product": "anonym.legal", "drivers": "T1,T3,T6", "description": "API access from \u20ac3/month; Chrome Extension protects financial text in AI chatbots; 3-layer detection" }, { "trackId": 14, "product": "anonym.plus", "drivers": "T1,T4", "description": "7 formats including financial PDFs and spreadsheets; local processing; Ed25519 licensing for regulated environments" } ] }