On Mon, Jan 07, 2019 at 22:54:46 +0100,
Tom Gundersen <teg(a)jklm.no> wrote:
You could move the rotation to the client by hashing the UUID with a
timestamp of sufficiently coarse granularity (a week?) before submitting it.
Then you make sure that all UUIDs submitted by a given machine during a
given time window are the same, but UUIDs submitted in different windows
are not related, and you don't have to trust the server to respect your
There are ways to link the new UUIDs to the old ones in many cases. This
could be by looking at IP addresses in common, times of the requests,
varients, repo(s) and possibly other characteristics of the requests. While
a GUUID is in use it could be used to link IP, and time information with
more certainty than you would otherwise. So this allows better tracking
than if you just had to go by IP, time and other information in the requests.