'Potential use cases must respect the invariant that it remains hard to join identity across first parties, but subject to that limit, there is room to allow sufficiently useful information to flow in a privacy-respecting way. Both "sufficiently useful" and "privacy-respecting" must be evaluated on a case-by-case basis. 'This is where it gets difficult. "Privacy-respecting" and "sufficiently useful" have so far been mutually exclusive states.