On Mon, Mar 2, 2009 at 3:13 PM, Antony Blakey <[email protected]> wrote: > I guess it's a tradeoff between wanting a distributed overview and wanting > global anonymity. Maybe that's a valid configuration option, rather than > being policy.
It's an information leak if you can tell the originating node because of the uuid. If we want an option to flag docs with information about the originating node, we should add that. Also, the doc.id isn't the right place for this, as what you want to know is the origination of updates, not documents. UUIDs that are consistent per-node are bad not just because you could trace the node. There is even information leakage if you can tell that a set of documents originated on the same node. "Oh, the person who's participating in opposition-party discussions is the person who filed these taxes." -- Chris Anderson http://jchris.mfdz.com
