[Sugar-devel] Device's Universally Unique Identifier

James Cameron quozl at laptop.org
Thu Jul 24 17:58:18 EDT 2014


On Thu, Jul 24, 2014 at 11:01:50AM -0400, Samuel Greenfeld wrote:
> Just be careful with what you do with unique identifiers.  Having a
> unique identifier for a device is often considered the same as
> uniquely identifying a child.

Agreed.

> Many countries have laws about what can be collected from younger
> children without permission from their parent or school.  This
> permission has to be given in a manner that children cannot
> intentionally or accidentally do themselves.
> 
> This is why many websites including Google (in most cases) and
> Facebook do not allow children under 13 to have accounts, and do not
> let parents create accounts for them.

I don't believe that stops many children.  I offer as proof:

(a) there are children below the age of 13 that I've met that have
Google or Facebook accounts, and

(b) there are many Google accounts I've communicated with that act like
children below the age of 13.  ;-)

> So while using a unique identifier may be safe within a local
> system, centrally collecting information about Sugar users by
> default may not be.

I agree.  Even the serial number should not be used in a way that is
public.  If you must use it, pass it through a one-way hash seeded
with something application specific.

e.g.

$(echo $SN cordover | md5sum)

-- 
James Cameron
http://quozl.linux.org.au/


More information about the Sugar-devel mailing list