This "Directory Services Identifier" is not sent outside of Apple's services though right? And only sent to Apple services that need to know the identity of the user?
The issue is that iCloud knows that I'm the same Apple user coming to get my files from iCloud as accessed the App Store!!! With my Apple account!
Wait ... I'm also not sure what the issue is.
Fundamentally this is only a problem because Apple is too big and controls the App Store, iCloud and all the rest of your device. This is a reasonable artifact of an unreasonable situation.
I also think Apple is too big but I'm more concerned about Big Pharma, Big Oil, Big Banks, Ad Tech, Growing Fascism, ... Big Apple is a worry way down on my list.
Because that identifier is also used in some iCloud API requests, I also spotted the same value in activity logs for third-party applications using things in my iCloud account, as well as in metadata for local copies of documents I downloaded from my drive at iCloud.com.
It's a little unclear what they mean here, but that can easily be because of a service/system server model. The third party apps use things like "icloud daemon" (not sure that one actually exists) which does the iCloud request and passes along the data back to the app. Because the logs are generated with a high privilege level, they are also including what icloud daemon did for those specific apps, but those apps did not get access to that DSID, it was kept internal to icloudd.
If the journalists or whomever wants to claim the DSID is leaky, then they need to show a POC with an app actually obtaining that DSID, and not only in a system logger that only saves files sandboxed locally, or sends to Apple.
I think this advice could be better summed up into: to minimise off-by-one errors, choose a consistent strategy for describing intervals, and stick with it as much as is sensible.
If so I'm wondering what the issue is here.