On Mo, 07.01.19 22:54, Tom Gundersen (teg@xxxxxxx) wrote: > On Mon, Jan 7, 2019, 7:31 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> > wrote: > > > On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote: > > > > * The Fedora community cares about privacy and is adverse to tracking > > > > measures. We don't want to track; just count. > > > Uh, so what's the story there? i mean, if you pass over the uuid you > > > make clients trackable, regardless if you want to make use of that or > > > not... > > > > Not if we don't keep them for long. One idea is to rotate them fairly > > frequently. But this is mostly a statement of intent and might be more > > about > > how we build the backend than about what we force in the client. > > You could move the rotation to the client by hashing the UUID with a > timestamp of sufficiently coarse granularity (a week?) before submitting it. > > Then you make sure that all UUIDs submitted by a given machine during a > given time window are the same, but UUIDs submitted in different windows > are not related, and you don't have to trust the server to respect your > privacy. Yes, Tom's proposal makes sense. Calculate the UUID you submit as HMAC(machined_id, CONCAT(fixedappuuid, unixtime/432000)) where: machine_id = the id from /etc/machine-id fixedappuuid = some fixed compiled-in uuid you make up for dnf unixtime = UNIX time, seconds since 1970 (432000 is the seconds in 5 days, just as an example) This way the uuid submitted is changed automatically both when the machine ID is reset and every 5 days. Of course, I still think the NTP (or http ping check) approach is nicer overall, since it doesn't smell so awfully like "we track users". Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
