trace-context icon indicating copy to clipboard operation
trace-context copied to clipboard

Published 20 hours ago verified publisher icon w3c

Incorrect randomness claim in 50-privacy.md

Open dyladan opened this issue 2 years ago • 2 comments

Privacy of traceparent field section incorrectly states that trace-id is randomly generated. Section should be modified such that PII in trace ids is discouraged or forbidden, and randomness suggested as a possible solution.

dyladan avatar Jan 04 '22 18:01 dyladan

Leaving this issue open to decide if we can backport this (https://github.com/w3c/trace-context/pull/482) to level-1 of the spec.

I feel the wording in #482 ("“MUST NOT contain PII”) is sufficiently backwards compatible to backport, since the Level 1 spec indirectly talks about not exposing user-identifiable information.

@plehegar , based on a discussion on this in a recent working group meeting, we wanted to get your thoughts on this.

kalyanaj avatar Apr 25 '22 23:04 kalyanaj

Assigned to Philippe per our discussion in the DT working group meeting today, thanks Philippe!

kalyanaj avatar Apr 26 '22 19:04 kalyanaj

This is fixed in #495 but I will leave this open until it is published

dyladan avatar Nov 23 '22 13:11 dyladan

Closing this one as we have a separate issue to track republishing of level 1 spec to include this fix.

kalyanaj avatar Feb 14 '23 20:02 kalyanaj