Re: Should Emacs provide a uuid function?

[Ken Raeburn]

On Apr 28, 2011, at 23:47, Stephen J. Turnbull wrote:
>> Are calendar or org files not suitable for being made public?
>> (That's a serious question; I don't use either one.)  Should they
>> include information that helps track what computers I use?
> 
> Uh, if I were young, slim, and sexy I really wouldn't want my stalkers
> to know when I plan to walk alone in Central Park, or when I'm going
> anywhere for that matter.

Like I said, I don't know these particular tools.  With some calendar software, 
it's perfectly reasonable to use it to publish a calendar with certain public 
or semi-public information -- theater performance schedules, sports events, 
conference schedules, stuff like that.  If the Emacs calendar and org software 
aren't in that category, which I guess I should take the tone of your reply to 
imply, then fine, it's not an issue.

>  And I would certainly give that concern
> priority over them knowing whether I made a particular appointment via
> my iPhone or Barrack Obama's PC.  Oops, you're not supposed to know I
> have access to that, I guess it would be scary if that leaked.  Yeah,
> right.

IF I were publishing a calendar file with the schedule of talks at an upcoming 
conference, for myself and other attendees to use, I wouldn't necessarily want 
to include with it information that could be used to identify the computer I 
used or where I live.  Not directly, but perhaps when correlated other 
information that may be out there -- e.g., MACs in UUIDs show that I and Suzy Q 
both frequently use a certain computer, and Suzy also posts a lot on Facebook 
about life in a certain city and how she frequents a certain internet cafe; one 
might conclude that I live around there and may use that cafe too.  (Why, yes, 
I *have* spent a lot of years thinking about some aspects of computer and 
network security.)

But it's not an issue if these Emacs apps are not intended to be used for that 
sort of thing, and the files containing the UUIDs not to be shared.

> No, they shouldn't include that information if it can easily be
> avoided.  But get real.  When Emacs net apps all route via TOR only by
> default, then I'll concede you have a point.

Different sorts of exposures lead to different kinds of opportunities for 
attacks.  Just because one hasn't been closed off doesn't mean it's not worth 
looking at others.  E.g., it's possible I could get mugged on my way home from 
work some night; that doesn't make it pointless for me to lock my doors at 
night.

Ken