On Mon, Jan 7, 2019, 7:31 PM Matthew Miller <mattdm@fedoraproject.org> wrote:
On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
> > * The Fedora community cares about privacy and is adverse to tracking
> > measures. We don't want to track; just count.
> Uh, so what's the story there? i mean, if you pass over the uuid you
> make clients trackable, regardless if you want to make use of that or
> not...

Not if we don't keep them for long. One idea is to rotate them fairly
frequently. But this is mostly a statement of intent and might be more about
how we build the backend than about what we force in the client.

You could move the rotation to the client by hashing the UUID with a timestamp of sufficiently coarse granularity (a week?) before submitting it.

Then you make sure that all UUIDs submitted by a given machine during a given time window are the same, but UUIDs submitted in different windows are not related, and you don't have to trust the server to respect your privacy.

Cheers,

Tom