RED is the public notebook of Hookay's security and privacy engineering work. We publish research findings, hard-won best practices, and blameless post-mortems — because privacy engineering for queer platforms is too important to keep proprietary. Everything here is generalized: lessons, not blueprints.https://red.hookay.eu/https://red.hookay.eu/posts/location-aggregates-leak-identity/https://red.hookay.eu/posts/location-aggregates-leak-identity/Aggregated location stats feel safe — “31 people in this area this week” names nobody. Our internal red-teaming shows how cell size, update cadence, and cross-time correlation can still single out individuals, especially in low-density regions. We walk through the attack classes, then derive concrete design rules: minimum cohort thresholds, net-delta updates, and why suppression must fail closed.Wed, 10 Jun 2026 00:00:00 GMThttps://red.hookay.eu/posts/k-anonymity-floor-not-feature/https://red.hookay.eu/posts/k-anonymity-floor-not-feature/“Each user is indistinguishable from k−1 others” sounds like a guarantee. It is a starting assumption — and treating it as a finished privacy property is how anonymized datasets keep getting de-anonymized. The primer we wish every product spec linked to.Thu, 14 May 2026 00:00:00 GMT