They salt the values and compute id = hash(daily_salt + IP + UA). Then they remove those every 24 hours. I think it sounds like a perfectly reasonable solution.
If they remove those every 24 hours, then doesn’t that mean if I made two visits, separated by more than 24 hrs, it would count as 2 unique visits rather than 1?
Yes. I am still not aware how to track returning visitors if while still staying within some privacy framework. Unfortunately on HN the default answer is to say not to track at all.
My IP and UA don’t change, pretty much ever.
I can delete a cookie anytime I want.