[wp-hackers] Plugin update & security / privacy

Matt Mullenweg m at mullenweg.com
Mon Sep 24 04:59:25 GMT 2007

Mark Jaquith wrote:
>> 2. It's simple, easy, and self-evident.
> It's a behind the scenes feature, so simplicity and ease don't really 
> apply.  Self-evident?  Evident to whom?  Evident for what purpose?

URLs are useful unique identifiers and in my opinion the best one to use 
on the web. You can normalize them, organize them by domains and 
subdomains, look for odd characters or paths, create stats by TLDs, map 
them to hosting providers, use them as a basis for a crawl, and 
associate them with WordPress.org profiles. MD5s are unique, but don't 
have a lot of value beyond that, and even a capitalization or trailing 
slash change will change the whole MD5. There are also things I think we 
haven't imagined yet that could make URLs useful. Maybe a .org toolbar 
that ties into your .org profile and makes it easy to manage multiple 
blogs and tie them together. If by the time 2.5 comes around we're still 
not doing anything useful with it then we can re-examine it.

I don't think an MD5 would be significantly more anonymous either. 
Anyone with a list of URLs could associate the md5 with a URL just by 
pre-computing the URL MD5s and comparing. So they would be different, 
but not really better. You'd have to add a salt of some kind. We're 
hours from the release arguing about a bikeshed that was checked in over 
a month ago.

Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com

More information about the wp-hackers mailing list