At 12:25 PM 12/8/2006 -1000, Brian Kirsch wrote:
On Dec 8, 2006, at 12:12 PM, Phillip J. Eby wrote:
Note also that there are privacy issues involved in having a UUID
that gets carried in all communications. I would also suggest that
if we do this for sharing purposes, it should be a different and
*secure* UUID (i.e., one not generated using the Ethernet hardware
address) for each effective sharing conduit, to minimize the amount
of trackable information being distributed about the person's machine.
+1 the UUID would just be a random id and have no ties to the users
hardware or software.
Not only that, but it would have to be a *different* UUID for each email
account, or the user's identity can be compromised. For example, if I use
an email account with a phony name or "handle" for one set of purposes, and
another account with my real name, for work/business purposes, my identity
is compromised if Chandler uses the same UUID on both sets of
email. Somebody who has seen an email from *either* account can
potentially Google the UUID to find what other email accounts have used the
same Chandler client! This would be a serious failure to protect user privacy.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "chandler-dev" mailing list
http://lists.osafoundation.org/mailman/listinfo/chandler-dev
