[Sugar-devel] Device's Universally Unique Identifier

[Puneet Kaur]

On Fri, Jul 25, 2014 at 3:28 AM, James Cameron <quozl at laptop.org> wrote:

> On Thu, Jul 24, 2014 at 11:01:50AM -0400, Samuel Greenfeld wrote:
> > Just be careful with what you do with unique identifiers.  Having a
> > unique identifier for a device is often considered the same as
> > uniquely identifying a child.
>
> Agreed.
>
> > Many countries have laws about what can be collected from younger
> > children without permission from their parent or school.  This
> > permission has to be given in a manner that children cannot
> > intentionally or accidentally do themselves.
> >
> > This is why many websites including Google (in most cases) and
> > Facebook do not allow children under 13 to have accounts, and do not
> > let parents create accounts for them.
>
> I don't believe that stops many children.  I offer as proof:
>
> (a) there are children below the age of 13 that I've met that have
> Google or Facebook accounts, and
>
> (b) there are many Google accounts I've communicated with that act like
> children below the age of 13.  ;-)
>
> > So while using a unique identifier may be safe within a local
> > system, centrally collecting information about Sugar users by
> > default may not be.
>
> I agree.  Even the serial number should not be used in a way that is
> public.  If you must use it, pass it through a one-way hash seeded
> with something application specific.
>
> e.g.
>
> $(echo $SN cordover | md5sum)
>
>
Thanks James , would keep that in mind



> --
> James Cameron
> http://quozl.linux.org.au/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20140725/7e38b5a6/attachment.html>