You clearly didn't actually read the material provided. Please read it, in its entirety, and let me know when you're done. Cheers!

Indeed, Turing Machine in SQL is a really neat five part series on demonstrating Turing completeness in SQL. Fabien Coelho does a really nice job of walking the reader through the various stages.

You're incorrect. Please see Cyclic Tag System and Turing Machine in SQL.

You must have stopped reading after the second sentence of my post. Please allow me to repeat the third sentence:

You're missing the point. Those who control the surface of the sphere of influence control its contents.

Agreed.

You're correct that the motivation is fundamentally economic, but it has nothing to do with revenue generated from Russian datacenter leases, which are less than a drop in the bucket compared to the value derived from legally guaranteed physical access to servers for Russian government representatives. You really haven't thought this through, have you?

As stated in the subject line, security through legislation is no security at all. If anything, this will weaken information security for Russians. It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on. I'm genuinely amused.

If you believe for one moment the KKK was ever or is still compromised of people who only identify with either of our nation's "favorite sports teams," you're severely in need of a bitchslap back into reality. How can you possibly be this stupid? Keep on supporting the status quo, you fucking idiot.

Here we have a fine example of an "undocumented poster" (to use fashionable left wing terminology) making sweeping and emotionally charged bullshit statements about a political party which he or she believes to be an ideological rival of his or her "favorite sports team." I'm shocked, shocked I tell you.

For reference, I'm neither a Republican nor a Democrat, but I am fully in support of you going off to fuck yourself. Have a great day, you spineless little piece of shit.

You're doing it wrong. Yes, I speak from experience.

Thank you for the first reasonable reply I've received throughout this thread. You've caught the gist of part of what I'm hoping to illuminate here (which is probably far more important in the larger scheme of things), but you haven't seen the full picture yet. I have a challenge for you. Using your own line of reasoning as a premise to be challenged, can you analyze it from an adversarial perspective and develop a proposal for how additional inferences might be made regarding unique identification of medallions in the event that each medallion has been replaced with an arbitrary token? In your deliberations, please consider every facet of the reported data. It's quite apparent that those who have replied to my comments in this thread either (1) haven't directly considered the data themselves, or (2) lack the insight required to observe relationships between apparently unrelated constructs.

In short, under this challenge, I can deliver ~90% of the medallion identifiers using no external information other than full knowledge of the means by which the original medallions are assigned. Given a tiny parcel of additional correlation, I can hit 100%.

I look forward to your reply. By the way, what do you do for a living at the moment?

The sort of services being offered are easily worth USD $1M/month when you consider who the clients are, the scale of their operations, the degree to which their systems are interconnected with those of other institutions (large and small), and the complexities involved with regulatory/legal/reputation compliance and management. Risk management and threat analysis are not simple subjects.

To put it simply, these aren't your sort of client engagements.

Throughout this conversation, I've been patiently waiting for someone to realize there's a lot more correlating data available in plain sight than anyone is owning up to. Provided that realization is made in the first place, the ensuing thought experiment should rapidly progress through probability, curve fitting, and rote process of elimination in a key space drastically reduced from even the space represented by the raw medallion search space.

If someone else, anyone else, would bother to think about this for a few moments, they might just arrive at a deeply uncomfortable conclusion: some data sets cannot be properly anonymised at all. Put another way, engineering a cryptographic solution in a vacuum is a lot like gasping for breath in outer space: you can perform actions you are utterly convinced are perfectly valid, but owing to context the end result is going to be highly unpleasant.

This is why we can't have nice things, specifically things involving sane public policy regarding privacy. Regardless of how the voting populace and their elected representatives might desire to craft policy in one direction or another, fundamental lack of understanding of the underlying environment and its rules of operation implies a necessary disconnect between intent and outcome.

This is why people need to study formal reference materials and think about things before they make recommendations, and it is why large scale intelligence outfits will continue to trump those under observation. Tunnel vision is a motherfucker.

Minor correction to the above post: "non-uniform" was intended to be "non-entropic." It's late here.