[Chandler-dev] Edit/update (email sharing) model thoughts

[Phillip J. Eby]

At 12:25 PM 12/8/2006 -1000, Brian Kirsch wrote:
>On Dec 8, 2006, at 12:12 PM, Phillip J. Eby wrote:
>>Note also that there are privacy issues involved in having a UUID
>>that gets carried in all communications.  I would also suggest that
>>if we do this for sharing purposes, it should be a different and
>>*secure* UUID (i.e., one not generated using the Ethernet hardware
>>address) for each effective sharing conduit, to minimize the amount
>>of trackable information being distributed about the person's machine.
>
>+1 the UUID would just be a random id and have no ties to the users
>hardware or software.

Not only that, but it would have to be a *different* UUID for each email 
account, or the user's identity can be compromised.  For example, if I use 
an email account with a phony name or "handle" for one set of purposes, and 
another account with my real name, for work/business purposes, my identity 
is compromised if Chandler uses the same UUID on both sets of 
email.   Somebody who has seen an email from *either* account can 
potentially Google the UUID to find what other email accounts have used the 
same Chandler client!  This would be a serious failure to protect user privacy.