| | 1 | = Cross-project user identification = |
| | 2 | |
| | 3 | Accounts on different projects are considered equivalent |
| | 4 | if they have the same email address |
| | 5 | (we have considered other concepts, but they all lead to extreme complexity). |
| | 6 | |
| | 7 | Email addresses must be kept private, |
| | 8 | so projects can't export them in statistics files; |
| | 9 | It's also not desirable to export hashed email addresses, |
| | 10 | because spammers could enumerate feasible email addresses |
| | 11 | and compare them with the hashed addresses. |
| | 12 | |
| | 13 | Instead, BOINC uses the following system: |
| | 14 | |
| | 15 | * Each account is assigned an 'internal cross-project identifier' (CPID) when it's created; it's a 32-char random string. |
| | 16 | * When a scheduling server replies to an RPC, it includes the account's CPID, |
| | 17 | its email address hash, and its creation time. |
| | 18 | These are stored in the client state file. |
| | 19 | * When the BOINC client makes an RPC request to a scheduling server, |
| | 20 | it scans the accounts with the same email address, |
| | 21 | finds the one with the earliest creation time, |
| | 22 | and sends the CPID stored with that account. |
| | 23 | * If the scheduling server receives a CPID different |
| | 24 | from the one in its database, it updates the database with the new CPID. |
| | 25 | * User elements in the XML download files include a hash of (email address, CPID); |
| | 26 | this 'external' CPID serves as a unique identifier of all |
| | 27 | accounts with that email address. |
| | 28 | (The last step, hashing with the email address, |
| | 29 | prevents people from impersonating other people). |
| | 30 | |
| | 31 | This system provides cross-project identification based on email address, |
| | 32 | without publicizing information from which email addresses could be derived. |
