[OT] UUIDs and privacy (was Re: Apple Serial Number: Redux)
[OT] UUIDs and privacy (was Re: Apple Serial Number: Redux)
- Subject: [OT] UUIDs and privacy (was Re: Apple Serial Number: Redux)
- From: email@hidden
- Date: Tue, 22 Jan 2002 13:14:48 -0500
On Tuesday, January 22, 2002, at 12:33 PM, Douglas Davidson wrote:
* I was interested in doing this for uniquification, not for copy
protection. Several people suggested that I use ethernet Mac address,
which
is supposed to be unique. I'm actually using a code made up from the
time
and random().
CFUUID will do this quite conveniently, and a fair bit of work has gone
into making it bulletproof. It gives you 128 bits, either as a struct
or in a string representation. CFUUID.h for the programmatic
interface, /usr/bin/uuidgen from the command line.
This appears to be the same uuid scheme used by most of the distributed
RPC mechanisms that have been kicking around since the late 80's. If so,
then the algorithm is guaranteed to generate a number that is unique in
space AND time (just in case your app is for Time Lords). This is pretty
cool, but if you look at the generated uuid, you will notice that it
includes your hardware address which means that any data you tag with
the uuid, will be traceable back to the machine that generated it. This
can be a big privacy concern for things like documents, email, chat
connections, etc.
A big stink was raised a few years back when it was discovered that
Micro$oft was embedding these uuids in documents created by Word (and
Excel, and PowerPoint, and ... yada-yada). The stink was so bad (as M$
stinks usually are), that Micro$oft had to release a patch to the
MSOffice suite to stop embedding uuids, and promise not to do it again
(yeah, right...). So you might want to consider the privacy and/or
anonymity needs of your users before you go tagging their data with
numbers generated by uuidgen.
Just another fun fact to consider when hacking...
email@hidden