Re: [OT] UUIDs and privacy (was Re: Apple Serial Number: Redux)
Re: [OT] UUIDs and privacy (was Re: Apple Serial Number: Redux)
- Subject: Re: [OT] UUIDs and privacy (was Re: Apple Serial Number: Redux)
- From: Douglas Davidson <email@hidden>
- Date: Tue, 22 Jan 2002 10:42:19 -0800
On Tuesday, January 22, 2002, at 10:14 AM, email@hidden wrote:
This appears to be the same uuid scheme used by most of the distributed
RPC mechanisms that have been kicking around since the late 80's. If
so, then the algorithm is guaranteed to generate a number that is
unique in space AND time (just in case your app is for Time Lords).
This is pretty cool, but if you look at the generated uuid, you will
notice that it includes your hardware address which means that any data
you tag with the uuid, will be traceable back to the machine that
generated it. This can be a big privacy concern for things like
documents, email, chat connections, etc.
A big stink was raised a few years back when it was discovered that
Micro$oft was embedding these uuids in documents created by Word (and
Excel, and PowerPoint, and ... yada-yada). The stink was so bad (as M$
stinks usually are), that Micro$oft had to release a patch to the
MSOffice suite to stop embedding uuids, and promise not to do it again
(yeah, right...). So you might want to consider the privacy and/or
anonymity needs of your users before you go tagging their data with
numbers generated by uuidgen.
The easiest thing to do in this case would be to put the uuid through a
one-way hash function.
Douglas Davidson