Are they just an issue with wefwef or trying to use an exploit

  • milicent_bystandr
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    1 year ago

    Why would you include your hostname in the hash? That just sounds like an invitations for a mistake to leak semi-private telemetry data.

    Come to think of it… Isn’t obscured telemetry exactly what your suggestion is doing? If they get or guess your hostname by other means, then they have a nice timestamped request from you, signed with your hostname, every second

    • Gellis12@lemmy.ca
      link
      fedilink
      arrow-up
      14
      ·
      1 year ago

      It’s essentially to add a unique salt to each machine that’s doing this, otherwise they’d all be generating the same hash from identical timestamps. Afaik, sha hashes are still considered secure; and it’s very unlikely they’d even try to crack one. But even if they did try and were successful, there isn’t really anything nefarious they can do with your machines local name.