I suppose you can infer, very roughly, that a UUID with an older date stamp inside it is possessed by an older user ... very roughly.
At the same time age of account is all over forums and other places, often used to demonstrate a certain level of trust vs say new accounts.
Is that also a privacy issue? I'm not sure I like the implications if it is.
MikeNotThePope•2h ago
Practically speaking, an applicant's resume/CV will say more about their age than a UUID v7. I think the risk of someone's minimum age being leaked is low, but it's not zero, so I went with UUID v4. Mostly I just thought it was interesting, so I shared :)
jerlam•1h ago
If this is well-known, won't applicants create new accounts instead of ever using the old ones? Like unsold houses, if they're on the market too long, the listing will be removed and a new one will be created instead of dropping the price to maintain that illusion of a new listing.
tgma•1h ago
The encryption implementation suggested seems overkill and problematic as it increases the size of the ID. UUID is 128 bit which is the same block size as AES. You can simply apply AES to transform the input block with a secret key to and directly expose the result. No need for CBC mode or IVs etc as it is desirable for the same input to map to the same output all the time.
duxup•2h ago
At the same time age of account is all over forums and other places, often used to demonstrate a certain level of trust vs say new accounts.
Is that also a privacy issue? I'm not sure I like the implications if it is.
MikeNotThePope•2h ago