Incorrect randomness claim in 50-privacy.md

Question

Incorrect randomness claim in 50-privacy.md

Closed this issue 2 years ago · 4 comments

Privacy of traceparent field section incorrectly states that trace-id is randomly generated. Section should be modified such that PII in trace ids is discouraged or forbidden, and randomness suggested as a possible solution.

Answer 1 · 2022-04-25T23:50:18.000Z

Leaving this issue open to decide if we can backport this (#482) to level-1 of the spec.

I feel the wording in #482 ("“MUST NOT contain PII”) is sufficiently backwards compatible to backport, since the Level 1 spec indirectly talks about not exposing user-identifiable information.

@plehegar , based on a discussion on this in a recent working group meeting, we wanted to get your thoughts on this.

Answer 2 · 2022-04-26T19:29:58.000Z

Assigned to Philippe per our discussion in the DT working group meeting today, thanks Philippe!

Answer 3 · 2022-11-23T13:34:00.000Z

This is fixed in #495 but I will leave this open until it is published

Answer 4 · 2023-02-14T20:17:58.000Z

Closing this one as we have a separate issue to track republishing of level 1 spec to include this fix.