While you're here, can you test the relay dashboard (where you can create aliases) on Firefox for Android 84.1.4 ? The scroll is incredibly sluggish, I don't know what scroll effect you added but please have a look. It's a bit unfortunate for a Mozilla service ^^ I can provide you a screen capture if needed.
That helps only for breaches involving specific email addresses. What the GP is hinting at is Facebook having your email address and you using the same email address on a site for a purchase. Sellers usually upload their customers' email addresses on to Facebook and other social media platforms so that they can target these users better. So if you use the same email address everywhere, then linking all your interactions and transactions is a certainty.
Predictably, synchronizing data is complicated, so it's taking a while and we're trying to do it in a way that doesn't destroy any existing data. So we'll be doing some heavy internal testing on it before we release it.
It's pretty verbose and lengthy, but I recently read the NIST "Trustworthy Email" publication and it did a great job explaining these technologies - Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain Message Authentication, Reporting, and Conformance (DMARC) - that are used for modern email authentication.
I found the statements about PII uploaded by advertisers confusing. The authors say “PII uploaded by advertisers to target customers via custom audiences” was NOT found “being used for advertising” but the whole point of uploading PII into custom audiences is to target them for advertising.
You have to read the details later, where they uploaded 2 different pieces of PII for a customer - one already associated with a FB user, and therefore targetable. The other was brand new PII. Only the latter was not found to be targetable.
So yay - Facebook doesn’t use rainbow table lookups to extract plaintext PII from hashes that advertisers upload. Gold star for them.
Oops, thanks for catching that. We'll add a LICENSE file.