{ "categories": [ { "txNum": 1, "name": "LINKABILITY", "color": "#f87171", "definition": "Connecting two pieces of information to the same person — the atomic operation making PII dangerous. Nearly every pain point is an expression of linkability being created, exploited, or failing to be broken.", "evidence": [ "Browser fingerprinting", "Quasi-identifier re-identification", "Metadata correlation", "Phone number as PII anchor", "Social graph exposure", "Behavioral stylometry", "Hardware identifiers", "Location data", "RTB broadcasting", "Data broker aggregation" ] }, { "txNum": 2, "name": "IRREVERSIBILITY", "color": "#fb923c", "definition": "Once PII propagates, it cannot be un-propagated. The arrow of data only points one direction. PII exposure is a one-way function with no inverse. Information entropy only increases.", "evidence": [ "Biometric immutability", "Backup persistence", "Third-party propagation", "Shadow profiles", "Git history", "ML model memorization", "De-indexing illusion", "Breach databases", "Cache/index/warehouse copies", "Surveillance advertising records" ] }, { "txNum": 3, "name": "POWER ASYMMETRY", "color": "#fbbf24", "definition": "The collector designs the system, profits from collection, writes the rules, and lobbies for the legal framework. The individual is a passenger in a vehicle they did not build, cannot inspect, and cannot exit.", "evidence": [ "Dark patterns", "Default settings", "Surveillance advertising economics", "Government exemptions", "Humanitarian coercion", "Children's vulnerability", "Legal basis switching", "Incomprehensible policies", "Stalkerware", "Verification barriers" ] }, { "txNum": 5, "name": "COMPLEXITY CASCADE", "color": "#60a5fa", "definition": "PII protection requires perfection across ALL layers simultaneously. One failure anywhere collapses everything. The attacker needs to find ONE weakness; the defender must protect ALL layers with zero failures.", "evidence": [ "Tor + Facebook login", "E2EE + iCloud backup", "Perfect encryption + Pegasus", "VPN + DNS leak", "Anonymized dataset + external data", "Encrypted messages + metadata", "SecureDrop + journalist emails", "Printer tracking dots", "OS telemetry + Tor Browser", "Hardware IDs + software anonymization" ] }, { "txNum": 6, "name": "KNOWLEDGE ASYMMETRY", "color": "#a78bfa", "definition": "The gap between what is known and what is practiced. Solutions exist in papers that practitioners never read. Attacks are documented that defenders never learn about. Rights exist that individuals never exercise.", "evidence": [ "Developer misconceptions", "DP misunderstanding", "Privacy vs security confusion", "VPN deception", "Research-industry gap", "Users unaware of scope", "Password storage", "Unused cryptographic tools", "Pseudonymization confusion", "OPSEC failures" ] }, { "txNum": 7, "name": "JURISDICTION FRAGMENTATION", "color": "#f472b6", "definition": "PII flows globally in milliseconds. Rules are local and take decades to write. The gap between the speed of data and the speed of regulation is the exploit surface.", "evidence": [ "US federal law absence", "GDPR enforcement bottleneck", "Cross-border conflicts", "Global South law absence", "ePrivacy stalemate", "Data localization dilemma", "Whistleblower jurisdiction shopping", "DP regulatory uncertainty", "Surveillance tech export", "Government PII purchasing" ] } ], "painPoints": [ { "id": "pp-0-0", "txIdx": 0, "ppIdx": 0, "title": "Browser Fingerprinting", "entities": "device IDs, ad IDs, cookies", "regulations": [ "GDPR", "ePR" ], "slug": "browser-fingerprinting", "architecture": "api" }, { "id": "pp-0-1", "txIdx": 0, "ppIdx": 1, "title": "Quasi-identifier Re-identification", "entities": "zip codes, DOB, gender", "regulations": [ "GDPR" ], "slug": "quasi-identifier-reidentification", "architecture": "api" }, { "id": "pp-0-2", "txIdx": 0, "ppIdx": 2, "title": "Metadata Correlation", "entities": "email, timestamps, IP addresses", "regulations": [ "GDPR", "ePR" ], "slug": "metadata-correlation", "architecture": "api" }, { "id": "pp-0-3", "txIdx": 0, "ppIdx": 3, "title": "Phone Number as PII Anchor", "entities": "phone numbers, IMSI, SIM IDs", "regulations": [ "GDPR", "ePR" ], "slug": "phone-number-anchor", "architecture": "api" }, { "id": "pp-0-4", "txIdx": 0, "ppIdx": 4, "title": "Social Graph Exposure", "entities": "names, emails, social handles", "regulations": [ "GDPR" ], "slug": "social-graph-exposure", "architecture": "desk" }, { "id": "pp-0-5", "txIdx": 0, "ppIdx": 5, "title": "Behavioral Stylometry", "entities": "text content, timestamps, timezone", "regulations": [ "GDPR" ], "slug": "behavioral-stylometry", "architecture": "desk" }, { "id": "pp-0-6", "txIdx": 0, "ppIdx": 6, "title": "Hardware Identifiers", "entities": "MAC addresses, serial numbers", "regulations": [ "GDPR", "ePR" ], "slug": "hardware-identifiers", "architecture": "api" }, { "id": "pp-0-7", "txIdx": 0, "ppIdx": 7, "title": "Location Data", "entities": "GPS, addresses, zip codes", "regulations": [ "GDPR" ], "slug": "location-data", "architecture": "api" }, { "id": "pp-0-8", "txIdx": 0, "ppIdx": 8, "title": "RTB Broadcasting", "entities": "ad IDs, cookies, bid params", "regulations": [ "GDPR", "ePR" ], "slug": "rtb-broadcasting", "architecture": "api" }, { "id": "pp-0-9", "txIdx": 0, "ppIdx": 9, "title": "Data Broker Aggregation", "entities": "names, addresses, purchases", "regulations": [ "GDPR", "CCPA" ], "slug": "data-broker-aggregation", "architecture": "api" }, { "id": "pp-1-0", "txIdx": 1, "ppIdx": 0, "title": "Biometric Immutability", "entities": "biometric refs, facial, fingerprint", "regulations": [ "GDPR", "HIPAA" ], "slug": "biometric-immutability", "architecture": "local" }, { "id": "pp-1-1", "txIdx": 1, "ppIdx": 1, "title": "Backup Persistence", "entities": "PII records, database fields", "regulations": [ "GDPR" ], "slug": "backup-persistence", "architecture": "air" }, { "id": "pp-1-2", "txIdx": 1, "ppIdx": 2, "title": "Third-party Propagation", "entities": "names, emails, ad IDs", "regulations": [ "GDPR" ], "slug": "third-party-propagation", "architecture": "api" }, { "id": "pp-1-3", "txIdx": 1, "ppIdx": 3, "title": "Shadow Profiles", "entities": "names, emails, phone numbers", "regulations": [ "GDPR" ], "slug": "shadow-profiles", "architecture": "desk" }, { "id": "pp-1-4", "txIdx": 1, "ppIdx": 4, "title": "Git History", "entities": "API keys, tokens, passwords", "regulations": [ "GDPR", "ISO" ], "slug": "git-history", "architecture": "mcp" }, { "id": "pp-1-5", "txIdx": 1, "ppIdx": 5, "title": "ML Model Memorization", "entities": "names, emails, medical records", "regulations": [ "GDPR" ], "slug": "ml-model-memorization", "architecture": "train" }, { "id": "pp-1-6", "txIdx": 1, "ppIdx": 6, "title": "De-indexing Illusion", "entities": "names, addresses, contact details", "regulations": [ "GDPR" ], "slug": "de-indexing-illusion", "architecture": "desk" }, { "id": "pp-1-7", "txIdx": 1, "ppIdx": 7, "title": "Breach Databases", "entities": "emails, passwords, usernames", "regulations": [ "GDPR" ], "slug": "breach-databases", "architecture": "air" }, { "id": "pp-1-8", "txIdx": 1, "ppIdx": 8, "title": "Cache/Index/Warehouse Copies", "entities": "user records, analytics, logs", "regulations": [ "GDPR" ], "slug": "cache-index-warehouse-copies", "architecture": "air" }, { "id": "pp-1-9", "txIdx": 1, "ppIdx": 9, "title": "Surveillance Advertising Records", "entities": "ad IDs, browsing, location", "regulations": [ "GDPR", "ePR" ], "slug": "surveillance-advertising-records", "architecture": "api" }, { "id": "pp-2-0", "txIdx": 2, "ppIdx": 0, "title": "Dark Patterns", "entities": "consent records, interaction logs", "regulations": [ "GDPR" ], "slug": "dark-patterns", "architecture": "browser" }, { "id": "pp-2-1", "txIdx": 2, "ppIdx": 1, "title": "Default Settings", "entities": "device IDs, telemetry, ad IDs", "regulations": [ "GDPR", "ePR" ], "slug": "default-settings", "architecture": "browser" }, { "id": "pp-2-2", "txIdx": 2, "ppIdx": 2, "title": "Surveillance Advertising Economics", "entities": "ad IDs, browsing, purchases", "regulations": [ "GDPR" ], "slug": "surveillance-advertising-economics", "architecture": "api" }, { "id": "pp-2-3", "txIdx": 2, "ppIdx": 3, "title": "Government Exemptions", "entities": "government records, tax IDs", "regulations": [ "GDPR" ], "slug": "government-exemptions", "architecture": "desk" }, { "id": "pp-2-4", "txIdx": 2, "ppIdx": 4, "title": "Humanitarian Coercion", "entities": "biometric refs, refugee data", "regulations": [ "GDPR" ], "slug": "humanitarian-coercion", "architecture": "desk" }, { "id": "pp-2-5", "txIdx": 2, "ppIdx": 5, "title": "Children's Vulnerability", "entities": "student records, family info", "regulations": [ "GDPR", "FERPA", "COPPA" ], "slug": "childrens-vulnerability", "architecture": "desk" }, { "id": "pp-2-6", "txIdx": 2, "ppIdx": 6, "title": "Legal Basis Switching", "entities": "consent records, processing logs", "regulations": [ "GDPR" ], "slug": "legal-basis-switching", "architecture": "api" }, { "id": "pp-2-7", "txIdx": 2, "ppIdx": 7, "title": "Incomprehensible Policies", "entities": "documents, consent forms", "regulations": [ "GDPR" ], "slug": "incomprehensible-policies", "architecture": "browser" }, { "id": "pp-2-8", "txIdx": 2, "ppIdx": 8, "title": "Stalkerware", "entities": "location, messages, photos", "regulations": [ "GDPR" ], "slug": "stalkerware", "architecture": "desk" }, { "id": "pp-2-9", "txIdx": 2, "ppIdx": 9, "title": "Verification Barriers", "entities": "government IDs, biometric proofs", "regulations": [ "GDPR" ], "slug": "verification-barriers", "architecture": "desk" }, { "id": "pp-3-0", "txIdx": 3, "ppIdx": 0, "title": "Tor + Facebook Login", "entities": "account IDs, session tokens", "regulations": [ "GDPR" ], "slug": "tor-facebook-login", "architecture": "edu" }, { "id": "pp-3-1", "txIdx": 3, "ppIdx": 1, "title": "E2EE + iCloud Backup", "entities": "messages, contacts, metadata", "regulations": [ "GDPR" ], "slug": "e2ee-icloud-backup", "architecture": "local" }, { "id": "pp-3-2", "txIdx": 3, "ppIdx": 2, "title": "Perfect Encryption + Pegasus", "entities": "messages, contacts, files", "regulations": [ "GDPR" ], "slug": "perfect-encryption-pegasus", "architecture": "air" }, { "id": "pp-3-3", "txIdx": 3, "ppIdx": 3, "title": "VPN + DNS Leak", "entities": "DNS queries, browsing history", "regulations": [ "ePR", "GDPR" ], "slug": "vpn-dns-leak", "architecture": "edu" }, { "id": "pp-3-4", "txIdx": 3, "ppIdx": 4, "title": "Anonymized Dataset + External Data", "entities": "quasi-IDs, demographics", "regulations": [ "GDPR" ], "slug": "anonymized-dataset-external-data", "architecture": "api" }, { "id": "pp-3-5", "txIdx": 3, "ppIdx": 5, "title": "Encrypted Messages + Metadata", "entities": "sender/receiver, timestamps, IPs", "regulations": [ "GDPR", "ePR" ], "slug": "encrypted-messages-metadata", "architecture": "api" }, { "id": "pp-3-6", "txIdx": 3, "ppIdx": 6, "title": "SecureDrop + Journalist Emails", "entities": "source names, contacts, emails", "regulations": [ "GDPR", "EUWD" ], "slug": "securedrop-journalist-emails", "architecture": "air" }, { "id": "pp-3-7", "txIdx": 3, "ppIdx": 7, "title": "Printer Tracking Dots", "entities": "printer metadata, serial numbers", "regulations": [ "GDPR" ], "slug": "printer-tracking-dots", "architecture": "local" }, { "id": "pp-3-8", "txIdx": 3, "ppIdx": 8, "title": "OS Telemetry + Tor Browser", "entities": "OS telemetry, hardware UUIDs", "regulations": [ "GDPR", "ePR" ], "slug": "os-telemetry-tor-browser", "architecture": "air" }, { "id": "pp-3-9", "txIdx": 3, "ppIdx": 9, "title": "Hardware IDs + Software Anonymization", "entities": "MAC, Intel ME, UEFI serials", "regulations": [ "GDPR" ], "slug": "hardware-identifiers-software-anonymization", "architecture": "air" }, { "id": "pp-4-0", "txIdx": 4, "ppIdx": 0, "title": "Developer Misconceptions", "entities": "hashed emails, pseudonymized records", "regulations": [ "GDPR" ], "slug": "developer-misconceptions", "architecture": "mcp" }, { "id": "pp-4-1", "txIdx": 4, "ppIdx": 1, "title": "DP Misunderstanding", "entities": "epsilon values, noise parameters", "regulations": [ "GDPR" ], "slug": "dp-misunderstanding", "architecture": "edu" }, { "id": "pp-4-2", "txIdx": 4, "ppIdx": 2, "title": "Privacy vs Security Confusion", "entities": "security credentials, access logs", "regulations": [ "GDPR" ], "slug": "privacy-security-confusion", "architecture": "edu" }, { "id": "pp-4-3", "txIdx": 4, "ppIdx": 3, "title": "VPN Deception", "entities": "VPN logs, browsing, IP addresses", "regulations": [ "GDPR", "ePR" ], "slug": "vpn-deception", "architecture": "browser" }, { "id": "pp-4-4", "txIdx": 4, "ppIdx": 4, "title": "Research-Industry Gap", "entities": "research data, experimental records", "regulations": [ "GDPR" ], "slug": "research-industry-gap", "architecture": "edu" }, { "id": "pp-4-5", "txIdx": 4, "ppIdx": 5, "title": "Users Unaware of Scope", "entities": "ISP logs, app location, email scans", "regulations": [ "GDPR" ], "slug": "users-unaware-scope", "architecture": "browser" }, { "id": "pp-4-6", "txIdx": 4, "ppIdx": 6, "title": "Password Storage", "entities": "passwords, credential hashes", "regulations": [ "GDPR", "ISO" ], "slug": "password-storage", "architecture": "api" }, { "id": "pp-4-7", "txIdx": 4, "ppIdx": 7, "title": "Unused Cryptographic Tools", "entities": "MPC keys, FHE params, ZKP data", "regulations": [ "GDPR" ], "slug": "unused-cryptographic-tools", "architecture": "api" }, { "id": "pp-4-8", "txIdx": 4, "ppIdx": 8, "title": "Pseudonymization Confusion", "entities": "UUID mappings, pseudonymized records", "regulations": [ "GDPR" ], "slug": "pseudonymization-confusion", "architecture": "edu" }, { "id": "pp-4-9", "txIdx": 4, "ppIdx": 9, "title": "OPSEC Failures", "entities": "SecureDrop URLs, API keys", "regulations": [ "GDPR", "EUWD" ], "slug": "opsec-failures", "architecture": "mcp" }, { "id": "pp-5-0", "txIdx": 5, "ppIdx": 0, "title": "US Federal Law Absence", "entities": "SSNs, HIPAA records, FERPA data", "regulations": [ "HIPAA", "FERPA", "COPPA", "CCPA" ], "slug": "us-federal-law-absence", "architecture": "juris" }, { "id": "pp-5-1", "txIdx": 5, "ppIdx": 1, "title": "GDPR Enforcement Bottleneck", "entities": "EU citizen data, transfer records", "regulations": [ "GDPR" ], "slug": "gdpr-enforcement-bottleneck", "architecture": "juris" }, { "id": "pp-5-2", "txIdx": 5, "ppIdx": 2, "title": "Cross-border Conflicts", "entities": "multi-jurisdiction data, CLOUD Act", "regulations": [ "GDPR", "CLOUD", "PIPL" ], "slug": "cross-border-conflicts", "architecture": "air" }, { "id": "pp-5-3", "txIdx": 5, "ppIdx": 3, "title": "Global South Law Absence", "entities": "telecom data, banking records", "regulations": [ "Malabo" ], "slug": "global-south-law-absence", "architecture": "air" }, { "id": "pp-5-4", "txIdx": 5, "ppIdx": 4, "title": "ePrivacy Stalemate", "entities": "cookies, tracking, fingerprints", "regulations": [ "ePR", "GDPR" ], "slug": "eprivacy-stalemate", "architecture": "juris" }, { "id": "pp-5-5", "txIdx": 5, "ppIdx": 5, "title": "Data Localization Dilemma", "entities": "data center IDs, cloud metadata", "regulations": [ "GDPR" ], "slug": "data-localization-dilemma", "architecture": "air" }, { "id": "pp-5-6", "txIdx": 5, "ppIdx": 6, "title": "Whistleblower Jurisdiction Shopping", "entities": "source IDs, cross-jurisdiction docs", "regulations": [ "EUWD" ], "slug": "whistleblower-jurisdiction-shopping", "architecture": "air" }, { "id": "pp-5-7", "txIdx": 5, "ppIdx": 7, "title": "DP Regulatory Uncertainty", "entities": "DP outputs, epsilon, privacy budget", "regulations": [ "GDPR" ], "slug": "dp-regulatory-uncertainty", "architecture": "juris" }, { "id": "pp-5-8", "txIdx": 5, "ppIdx": 8, "title": "Surveillance Tech Export", "entities": "surveillance targets, spyware", "regulations": [ "Wassenaar" ], "slug": "surveillance-tech-export", "architecture": "air" }, { "id": "pp-5-9", "txIdx": 5, "ppIdx": 9, "title": "Government PII Purchasing", "entities": "location data, broker records", "regulations": [ "4A", "GDPR" ], "slug": "government-pii-purchasing", "architecture": "api" } ], "solutions": [ { "id": "sl-0", "method1": "Redact", "rationale1": "removing fingerprint-contributing values eliminates data points algorithms combine into unique identifiers", "method2": "Replace", "rationale2": "substituting with non-unique alternatives prevents cross-device correlation while preserving readability", "complianceBasis": "GDPR Art. 5(1)(c) data minimization, ePrivacy tracking consent" }, { "id": "sl-1", "method1": "Hash", "rationale1": "deterministic SHA-256 hashing enables referential integrity across datasets while preventing re-identification", "method2": "Replace", "rationale2": "substituting quasi-identifiers with type labels removes re-identification potential while preserving structure", "complianceBasis": "GDPR Recital 26 identifiability test, Art. 89 research safeguards" }, { "id": "sl-2", "method1": "Redact", "rationale1": "removing metadata fields entirely prevents correlation attacks linking communication patterns to individuals", "method2": "Mask", "rationale2": "partial masking preserves format for system compatibility while breaking linkability", "complianceBasis": "GDPR Art. 5(1)(f) integrity and confidentiality, ePrivacy metadata restrictions" }, { "id": "sl-3", "method1": "Replace", "rationale1": "substituting phone numbers with format-valid but non-functional alternatives maintains structure while removing PII anchor", "method2": "Hash", "rationale2": "deterministic hashing enables referential integrity across phone-linked records", "complianceBasis": "GDPR Art. 9 special category data, ePrivacy Directive" }, { "id": "sl-4", "method1": "Redact", "rationale1": "removing contact identifiers from documents prevents construction of social graphs from document collections", "method2": "Replace", "rationale2": "substituting names and identifiers with type labels preserves structure while breaking the social graph", "complianceBasis": "GDPR Art. 5(1)(c) data minimization, Art. 25 data protection by design" }, { "id": "sl-5", "method1": "Replace", "rationale1": "replacing original text content with anonymized alternatives disrupts the stylometric fingerprint", "method2": "Redact", "rationale2": "removing text content entirely prevents any stylometric analysis at cost of utility", "complianceBasis": "GDPR Art. 4(1) personal data extends to indirectly identifying information" }, { "id": "sl-6", "method1": "Redact", "rationale1": "removing hardware identifiers from documents and logs eliminates persistent tracking anchors", "method2": "Hash", "rationale2": "hashing hardware identifiers enables device-level analytics without exposing serial numbers", "complianceBasis": "GDPR Art. 4(1) device identifiers as personal data, ePrivacy Art. 5(3)" }, { "id": "sl-7", "method1": "Replace", "rationale1": "substituting location data with generalized alternatives preserves geographic context while preventing tracking", "method2": "Mask", "rationale2": "truncating coordinate decimal places reduces precision while maintaining regional utility", "complianceBasis": "GDPR Art. 9 when location reveals sensitive activities, Art. 5(1)(c)" }, { "id": "sl-8", "method1": "Redact", "rationale1": "removing PII before it enters advertising pipelines prevents 376-times-daily broadcast of personal information", "method2": "Replace", "rationale2": "substituting identifiers with non-trackable alternatives enables analytics without individual targeting", "complianceBasis": "GDPR Art. 6 lawful basis, ePrivacy consent for tracking" }, { "id": "sl-9", "method1": "Redact", "rationale1": "removing identifiers before data leaves organizational boundaries prevents cross-source aggregation", "method2": "Hash", "rationale2": "hashing identifiers enables internal analytics while preventing external matching", "complianceBasis": "GDPR Art. 5(1)(b) purpose limitation, CCPA opt-out rights" }, { "id": "sl-10", "method1": "Redact", "rationale1": "permanently removing biometric references ensures they cannot be compromised from document breaches", "method2": "Encrypt", "rationale2": "AES-256-GCM encryption enables authorized access while protecting at rest", "complianceBasis": "GDPR Art. 9 special category biometric data, HIPAA PHI" }, { "id": "sl-11", "method1": "Redact", "rationale1": "anonymizing data before it enters any storage system prevents the backup persistence problem at source", "method2": "Replace", "rationale2": "substituting PII with anonymized alternatives before storage ensures backups contain no personal data", "complianceBasis": "GDPR Art. 17 right to erasure, Art. 5(1)(e) storage limitation" }, { "id": "sl-12", "method1": "Redact", "rationale1": "anonymizing PII before sharing with third parties prevents propagation that makes recall impossible", "method2": "Replace", "rationale2": "substituting identifiers before sharing maintains utility while preventing individual tracking", "complianceBasis": "GDPR Art. 28 processor obligations, Art. 44 transfer restrictions" }, { "id": "sl-13", "method1": "Redact", "rationale1": "removing identifying information prevents creation of shadow profiles from shared data", "method2": "Replace", "rationale2": "replacing contact details with placeholders preserves document structure while protecting non-users", "complianceBasis": "GDPR Art. 14 data subjects not directly collected from" }, { "id": "sl-14", "method1": "Redact", "rationale1": "removing credentials from code and documents before version control eliminates the exposure vector", "method2": "Replace", "rationale2": "substituting credentials with placeholder tokens maintains documentation while removing secrets", "complianceBasis": "GDPR Art. 32 security of processing, ISO 27001 access control" }, { "id": "sl-15", "method1": "Replace", "rationale1": "substituting PII in training data with synthetic alternatives preserves statistical properties", "method2": "Redact", "rationale2": "removing PII entirely from training data eliminates memorization risk", "complianceBasis": "GDPR Art. 25 data protection by design, Art. 5(1)(c)" }, { "id": "sl-16", "method1": "Redact", "rationale1": "anonymizing documents at creation prevents PII from appearing in any cached or archived copy", "method2": "Replace", "rationale2": "substituting identifiers before publication ensures cached copies contain only anonymized data", "complianceBasis": "GDPR Art. 17 right to erasure, Art. 17(2) obligation to inform" }, { "id": "sl-17", "method1": "Encrypt", "rationale1": "AES-256-GCM encryption of credentials enables authorized access for incident response", "method2": "Hash", "rationale2": "SHA-256 hashing enables breach impact analysis without exposing original values", "complianceBasis": "GDPR Art. 33-34 breach notification, Art. 32 security" }, { "id": "sl-18", "method1": "Redact", "rationale1": "anonymizing data before it enters caching systems eliminates the dozens-of-copies problem", "method2": "Replace", "rationale2": "substituting identifiers before downstream systems enables analytics without PII copies", "complianceBasis": "GDPR Art. 5(1)(e) storage limitation, Art. 25 data protection by design" }, { "id": "sl-19", "method1": "Redact", "rationale1": "removing identifiers before data enters advertising systems prevents permanent surveillance records", "method2": "Replace", "rationale2": "substituting advertising identifiers with non-trackable alternatives enables aggregate analytics", "complianceBasis": "GDPR Art. 6 lawful basis, ePrivacy consent requirements" }, { "id": "sl-20", "method1": "Redact", "rationale1": "anonymizing personal data entered through consent interfaces reduces value extracted through dark patterns", "method2": "Replace", "rationale2": "substituting identifiers preserves functional data while removing personal tracking value", "complianceBasis": "GDPR Art. 7 conditions for consent, Art. 25 data protection by design" }, { "id": "sl-21", "method1": "Redact", "rationale1": "removing tracking identifiers from data transmitted by default-on settings reduces PII collected", "method2": "Replace", "rationale2": "substituting device identifiers prevents cross-service correlation from default telemetry", "complianceBasis": "GDPR Art. 25(2) data protection by default, ePrivacy Art. 5(3)" }, { "id": "sl-22", "method1": "Redact", "rationale1": "anonymizing PII before it enters advertising systems reduces personal data available for surveillance capitalism", "method2": "Hash", "rationale2": "hashing advertising identifiers enables aggregate analytics while breaking individual targeting", "complianceBasis": "GDPR Art. 6 lawful basis, Art. 21 right to object to marketing" }, { "id": "sl-23", "method1": "Redact", "rationale1": "anonymizing government-issued identifiers in documents prevents use beyond original collection context", "method2": "Encrypt", "rationale2": "AES-256-GCM encryption enables authorized government access while protecting records at rest", "complianceBasis": "GDPR Art. 23 restrictions for national security, Art. 9 special category" }, { "id": "sl-24", "method1": "Redact", "rationale1": "removing identifying information from humanitarian documents after processing protects vulnerable populations", "method2": "Replace", "rationale2": "substituting identifiers in aid records preserves program functionality while protecting the vulnerable", "complianceBasis": "GDPR Art. 9 special category data, UNHCR data protection guidelines" }, { "id": "sl-25", "method1": "Redact", "rationale1": "anonymizing children's PII in educational records prevents lifelong tracking from data collected before consent", "method2": "Replace", "rationale2": "substituting student identifiers preserves educational analytics while protecting minors", "complianceBasis": "GDPR Art. 8 children's consent, FERPA student records, COPPA" }, { "id": "sl-26", "method1": "Redact", "rationale1": "anonymizing personal data across legal basis changes prevents continued use of PII under withdrawn consent", "method2": "Replace", "rationale2": "replacing identifiers ensures data under changed legal bases cannot be linked back", "complianceBasis": "GDPR Art. 6 lawful basis, Art. 7(3) right to withdraw consent" }, { "id": "sl-27", "method1": "Redact", "rationale1": "anonymizing PII in submitted documents reduces personal data surrendered through policies nobody reads", "method2": "Replace", "rationale2": "substituting identifiers in forms preserves functionality while reducing PII exposure", "complianceBasis": "GDPR Art. 12 transparent information, Art. 7 consent conditions" }, { "id": "sl-28", "method1": "Redact", "rationale1": "anonymizing device data exports removes PII that stalkerware captures, enabling victims to document abuse safely", "method2": "Encrypt", "rationale2": "encrypting sensitive logs enables authorized access by legal counsel while protecting victim data", "complianceBasis": "GDPR Art. 5(1)(f) integrity and confidentiality" }, { "id": "sl-29", "method1": "Redact", "rationale1": "anonymizing verification documents after deletion request prevents accumulation of sensitive identity data", "method2": "Encrypt", "rationale2": "AES-256-GCM encryption of verification data enables audit trail while protecting documents", "complianceBasis": "GDPR Art. 12(6) verification of identity, Art. 17 right to erasure" }, { "id": "sl-30", "method1": "Redact", "rationale1": "anonymizing login-related identifiers prevents connection between anonymous network activity and personal identity", "method2": "Replace", "rationale2": "substituting account identifiers with anonymous placeholders maintains log structure", "complianceBasis": "GDPR Art. 32 security of processing, Art. 25 data protection by design" }, { "id": "sl-31", "method1": "Encrypt", "rationale1": "AES-256-GCM encryption in backups provides protection that persists even if backup systems lack encryption", "method2": "Redact", "rationale2": "removing PII from messages before backup prevents unencrypted-backup exposure", "complianceBasis": "GDPR Art. 32 encryption as security measure, Art. 5(1)(f)" }, { "id": "sl-32", "method1": "Redact", "rationale1": "anonymizing at the application layer provides protection effective even when endpoint devices are compromised", "method2": "Replace", "rationale2": "substituting identifiers ensures even device memory accessed by spyware contains anonymized data", "complianceBasis": "GDPR Art. 32 appropriate technical measures" }, { "id": "sl-33", "method1": "Redact", "rationale1": "anonymizing browsing data in documents prevents exposure through DNS leaks — if data never contains real PII, leaks expose nothing", "method2": "Replace", "rationale2": "substituting browsing identifiers with anonymized alternatives preserves log analysis", "complianceBasis": "ePrivacy metadata restrictions, GDPR Art. 5(1)(f) confidentiality" }, { "id": "sl-34", "method1": "Hash", "rationale1": "SHA-256 hashing before dataset publication prevents re-identification from external data", "method2": "Redact", "rationale2": "removing identifiers entirely from shared datasets eliminates re-identification risk", "complianceBasis": "GDPR Recital 26 identifiability test, Art. 89 research safeguards" }, { "id": "sl-35", "method1": "Redact", "rationale1": "stripping metadata from documents before sharing provides protection that persists even when content is encrypted", "method2": "Mask", "rationale2": "partially masking metadata preserves format validity while reducing correlation precision", "complianceBasis": "GDPR Art. 5(1)(c) data minimization, ePrivacy metadata rules" }, { "id": "sl-36", "method1": "Redact", "rationale1": "anonymizing source-identifying information before documents enter email prevents SecureDrop-to-Gmail exposure", "method2": "Replace", "rationale2": "substituting source identifiers with anonymous references preserves editorial workflow", "complianceBasis": "GDPR Art. 85 journalistic exemptions, EU Whistleblower Directive" }, { "id": "sl-37", "method1": "Redact", "rationale1": "stripping document metadata including printer tracking dots prevents hardware-level identification", "method2": "Replace", "rationale2": "substituting metadata with generic values maintains document format while removing signatures", "complianceBasis": "GDPR Art. 4(1) indirect identification, Art. 32 security measures" }, { "id": "sl-38", "method1": "Redact", "rationale1": "anonymizing OS-level identifiers in documents prevents correlation between anonymized browsing and telemetry", "method2": "Replace", "rationale2": "substituting hardware identifiers with anonymous values prevents cross-layer correlation", "complianceBasis": "GDPR Art. 5(1)(f) confidentiality, ePrivacy device access provisions" }, { "id": "sl-39", "method1": "Redact", "rationale1": "removing hardware-level identifiers from documents prevents correlation between software and hardware signatures", "method2": "Hash", "rationale2": "hashing hardware identifiers enables device inventory without cross-system tracking", "complianceBasis": "GDPR Art. 4(1) device identifiers, Art. 25 data protection by design" }, { "id": "sl-40", "method1": "Hash", "rationale1": "proper SHA-256 through a validated pipeline ensures consistent, auditable anonymization meeting GDPR requirements", "method2": "Redact", "rationale2": "when uncertain about correct anonymization, complete redaction provides a safe default", "complianceBasis": "GDPR Recital 26 identifiability test, Art. 25 data protection by design" }, { "id": "sl-41", "method1": "Redact", "rationale1": "anonymizing underlying PII before applying DP provides defense in depth even if epsilon is misconfigured", "method2": "Replace", "rationale2": "substituting identifiers before DP application reduces impact of epsilon misconfiguration", "complianceBasis": "GDPR Recital 26 anonymization, Art. 89 statistical processing" }, { "id": "sl-42", "method1": "Redact", "rationale1": "anonymizing PII in security logs addresses the gap between security and privacy", "method2": "Replace", "rationale2": "substituting identifiers in audit logs preserves investigation capability", "complianceBasis": "GDPR Art. 5(1)(f) integrity and confidentiality, Art. 32" }, { "id": "sl-43", "method1": "Redact", "rationale1": "anonymizing browsing data at document level provides protection independent of VPN claims", "method2": "Replace", "rationale2": "substituting network identifiers ensures even VPN logs contain no usable personal data", "complianceBasis": "GDPR Art. 5(1)(f) confidentiality, ePrivacy metadata provisions" }, { "id": "sl-44", "method1": "Hash", "rationale1": "providing production-ready anonymization bridges the 10-year gap between research and industry adoption", "method2": "Replace", "rationale2": "ready-to-use replacement anonymization eliminates the implementation barrier for proven techniques", "complianceBasis": "GDPR Art. 89 research safeguards, Art. 25 data protection by design" }, { "id": "sl-45", "method1": "Redact", "rationale1": "anonymizing personal data before it enters any system addresses the awareness gap", "method2": "Replace", "rationale2": "substituting identifiers provides protection even when users don't realize their data is collected", "complianceBasis": "GDPR Art. 13-14 right to be informed, Art. 12 transparent communication" }, { "id": "sl-46", "method1": "Encrypt", "rationale1": "AES-256-GCM encryption demonstrates the correct approach — industry-standard cryptography", "method2": "Hash", "rationale2": "SHA-256 hashing provides irreversible protection that plaintext storage lacks", "complianceBasis": "GDPR Art. 32 security of processing, ISO 27001 access control" }, { "id": "sl-47", "method1": "Redact", "rationale1": "providing practical, deployable anonymization today addresses the gap while MPC/FHE/ZKP remain academic", "method2": "Replace", "rationale2": "replacing PII with anonymized alternatives is immediately deployable", "complianceBasis": "GDPR Art. 25 data protection by design, Art. 32 state-of-the-art" }, { "id": "sl-48", "method1": "Redact", "rationale1": "true redaction removes data from GDPR scope entirely — the billion-dollar distinction", "method2": "Hash", "rationale2": "one-way hashing without retained mapping tables achieves anonymization under GDPR", "complianceBasis": "GDPR Art. 4(5) pseudonymization definition, Recital 26 anonymization" }, { "id": "sl-49", "method1": "Redact", "rationale1": "anonymizing sensitive identifiers in code and documents prevents single-careless-moment OPSEC failures", "method2": "Replace", "rationale2": "substituting sensitive identifiers with anonymous placeholders prevents accidental exposure", "complianceBasis": "GDPR Art. 32 security measures, EU Whistleblower Directive" }, { "id": "sl-50", "method1": "Redact", "rationale1": "anonymizing PII across all US regulatory categories using a single platform eliminates patchwork compliance", "method2": "Hash", "rationale2": "SHA-256 hashing enables cross-system integrity while satisfying HIPAA, FERPA, and state laws", "complianceBasis": "HIPAA Privacy Rule, FERPA, COPPA, CCPA consumer rights" }, { "id": "sl-51", "method1": "Redact", "rationale1": "anonymizing PII before it becomes subject to regulatory disputes eliminates the enforcement bottleneck", "method2": "Replace", "rationale2": "substituting identifiers reduces regulatory surface area requiring multi-year investigation", "complianceBasis": "GDPR Art. 56-60 cross-border cooperation, Art. 83 fines" }, { "id": "sl-52", "method1": "Encrypt", "rationale1": "AES-256-GCM encryption enables organizational control with jurisdictional flexibility", "method2": "Redact", "rationale2": "complete PII removal eliminates cross-border conflicts — anonymized data is not subject to GDPR, CLOUD, or NSL", "complianceBasis": "GDPR Chapter V transfers, US CLOUD Act, China PIPL" }, { "id": "sl-53", "method1": "Redact", "rationale1": "anonymizing data collected by telecoms, banks, and governments prevents misuse where laws are absent", "method2": "Encrypt", "rationale2": "AES-256-GCM encryption provides reversible protection where complete anonymization may not be required", "complianceBasis": "African Union Malabo Convention" }, { "id": "sl-54", "method1": "Redact", "rationale1": "anonymizing tracking data regardless of ePrivacy status provides protection not dependent on resolving a stalemate", "method2": "Replace", "rationale2": "substituting tracking identifiers enables compliance with both current and future regulation", "complianceBasis": "ePrivacy Directive 2002/58/EC, proposed ePrivacy Regulation" }, { "id": "sl-55", "method1": "Redact", "rationale1": "anonymizing data at collection eliminates the localization dilemma — anonymized data does not require localization", "method2": "Encrypt", "rationale2": "AES-256-GCM with locally-managed keys enables secure storage in any data center", "complianceBasis": "GDPR Art. 44 transfer restrictions, national localization requirements" }, { "id": "sl-56", "method1": "Redact", "rationale1": "anonymizing source-identifying information before documents cross jurisdictions prevents weakest-link exploitation", "method2": "Replace", "rationale2": "substituting source identifiers enables document sharing across jurisdictions", "complianceBasis": "EU Whistleblower Directive, press freedom laws" }, { "id": "sl-57", "method1": "Redact", "rationale1": "anonymizing PII using established methods provides legal certainty that DP currently lacks", "method2": "Hash", "rationale2": "deterministic hashing provides recognized anonymization with clear legal status", "complianceBasis": "GDPR Recital 26 anonymization standard" }, { "id": "sl-58", "method1": "Redact", "rationale1": "anonymizing surveillance research documents prevents identification of targets and journalists", "method2": "Encrypt", "rationale2": "AES-256-GCM enables secure collaboration among researchers across jurisdictions", "complianceBasis": "EU Dual-Use Regulation, Wassenaar Arrangement" }, { "id": "sl-59", "method1": "Redact", "rationale1": "anonymizing location data before it reaches commercial datasets closes the third-party doctrine loophole", "method2": "Hash", "rationale2": "hashing identifiers enables analytical value while preventing government purchasing of individual data", "complianceBasis": "Fourth Amendment, GDPR Art. 6, proposed Fourth Amendment Is Not For Sale Act" } ], "products": [ { "name": "anonymize.solutions", "folder": "anonymize.solutions", "version": "v1.6.12", "tagline": "Umbrella platform — 3 deployment models", "txIndices": [ 0, 3, 4, 5 ], "color": "#6c8aff" }, { "name": "cloak.business", "folder": "cloak.business", "version": "6.9.1", "tagline": "Air-gapped desktop — 390+ entities", "txIndices": [ 0, 1, 3 ], "color": "#f87171" }, { "name": "anonym.legal", "folder": "anonym.legal", "version": "7.4.4", "tagline": "Cloud platform — 260+ entities", "txIndices": [ 0, 2, 4, 5 ], "color": "#34d399" }, { "name": "anonym.plus", "folder": "anonym.plus", "version": "v8.3.1", "tagline": "Licensed desktop — 100% local", "txIndices": [ 0, 1, 3 ], "color": "#fb923c" } ], "regions": [ { "code": "EU", "name": "EU", "subtitle": "European Union", "regulations": [ "GDPR", "ePR", "EUWD" ] }, { "code": "US", "name": "US", "subtitle": "United States", "regulations": [ "HIPAA", "FERPA", "COPPA", "CCPA", "CLOUD", "4A" ] }, { "code": "UK", "name": "UK", "subtitle": "United Kingdom", "regulations": [ "UKGDPR" ] }, { "code": "AP", "name": "Asia-Pac", "subtitle": "Asia-Pacific", "regulations": [ "PIPL", "APPI", "PDPA" ] }, { "code": "LA", "name": "LatAm", "subtitle": "Latin America", "regulations": [ "LGPD" ] }, { "code": "AF", "name": "Africa", "subtitle": "African Union", "regulations": [ "Malabo" ] }, { "code": "ME", "name": "Middle East", "subtitle": "MENA Region", "regulations": [ "PDPL" ] }, { "code": "GL", "name": "Global", "subtitle": "International", "regulations": [ "ISO", "PCIDSS", "Wassenaar" ] } ], "regulationNames": { "GDPR": "GDPR", "ePR": "ePrivacy Directive", "EUWD": "EU Whistleblower Dir.", "HIPAA": "HIPAA", "FERPA": "FERPA", "COPPA": "COPPA", "CCPA": "CCPA", "CLOUD": "CLOUD Act", "4A": "Fourth Amendment", "UKGDPR": "UK GDPR", "PIPL": "PIPL (China)", "APPI": "APPI (Japan)", "PDPA": "PDPA (Singapore)", "LGPD": "LGPD (Brazil)", "Malabo": "Malabo Convention", "ISO": "ISO 27001", "PCIDSS": "PCI-DSS", "Wassenaar": "Wassenaar Arrangement", "PDPL": "PDPL (Saudi Arabia)" }, "regulationEquivalences": { "UKGDPR": "GDPR", "LGPD": "GDPR", "APPI": "GDPR", "PDPA": "GDPR", "PDPL": "GDPR", "PCIDSS": "ISO" }, "driverSubtitles": [ "The NAND gate of PII", "The second law of thermodynamics applied to information", "The gravitational constant of PII", "The inverse of defense-in-depth", "The resistance in the circuit", "The clock skew of the system" ] }