It does not matter how exactly the unique user id is generated, the relevant aspect is that it identifies a user.

Whether or not using such an id is acceptable depends on what we want (my understanding of the discussion at Akademy 2017 was that we do not want this), and the legal implications (GDPR even considers IP addresses personal data, so I assume unique ids are also moving us from "data" to "personal data" there).

07:10, 3 April 2018