From ecaed3d91a2d0c209e5d683990b9e9d20f8ba056 Mon Sep 17 00:00:00 2001
From: Daniel Dyla <dyladan@users.noreply.github.com>
Date: Tue, 11 Jan 2022 14:51:31 -0500
Subject: [PATCH] Remove incorrect randomness claim from privacy considerations
 (#482)

* Remove incorrect randomness claim from privacy considerations

* Update spec/50-privacy.md

Co-authored-by: J. Kalyana Sundaram <kalyanaj@microsoft.com>

Co-authored-by: J. Kalyana Sundaram <kalyanaj@microsoft.com>
---
 spec/50-privacy.md         | 2 +-
 spec/60-trace-id-format.md | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/spec/50-privacy.md b/spec/50-privacy.md
index 1d6c54b3..4c70ae15 100644
--- a/spec/50-privacy.md
+++ b/spec/50-privacy.md
@@ -6,7 +6,7 @@ Vendors MUST assess the risk of header abuse. This section provides some conside
 
 ## Privacy of traceparent field
 
-The `traceparent` field is comprised of randomly-generated numbers. If a random number generator leverages any user identifiable information like IP address as seed state, this information may be exposed. Random number generators MUST NOT rely on any information that can potentially be user-identifiable.
+The `traceparent` field MUST NOT contain any personally identifiable information. One way to achieve this is to randomly generate all trace IDs using a random number generator that does not expose any personally identifiable information. Any random number generator used for generating trace IDs MUST NOT rely on any information as input or seed state that can potentially be personally identifiable.
 
 Another privacy risk of the `traceparent` field is the ability to correlate requests made as part of a single transaction. A downstream service may track and correlate two or more requests made in a single transaction and may make assumptions about the identity of the caller of a request based on information from another request.
 
diff --git a/spec/60-trace-id-format.md b/spec/60-trace-id-format.md
index 204b7353..91d17c82 100644
--- a/spec/60-trace-id-format.md
+++ b/spec/60-trace-id-format.md
@@ -22,9 +22,9 @@ concerns](#privacy-considerations) of exposing unwanted information. Randomness
 also allows tracing vendors to base sampling decisions on `trace-id` field value
 and avoid propagating an additional sampling context.
 
-As shown in the next section, it is important for `trace-id` to carry
-"uniqueness" and "randomness" in the right part of the `trace-id`, for better
-inter-operability with some existing systems.
+As shown in the next section, if part of the `trace-id` is nonrandom,
+it is important for the random part of the `trace-id` to be as far right in the
+`trace-id` as possible for better inter-operability with some existing systems.
 
 ### Handling `trace-id` for compliant platforms with shorter internal identifiers