> How do you create the hash? If it's based on something that you can derive from the user (let's say sha1(IP address + User Agent), that seems pretty clearly identifying.
of course that is forbidden.
and that's exactly why it is really hard to tell if companies honor it.
of course that is forbidden. and that's exactly why it is really hard to tell if companies honor it.