I recently got to know that Fedora's DNF creates an UUID to help keep track of the number of unique Fedora users. As per my understanding, before implementing this UUID mechanism, they obtained their user-base estimate through the use of IP addresses.

I would appreciate it if someone could clarify these concerns of mine:

- Is the generated UUID based on the hardware configuration of the Fedora user, or is it a random UUID? (If the user re-installs Fedora, will the re-generated UUID be alike to the first one, in any way?)

- Will the user's UUID be sent to package mirrors each time they perform an update/installation of packages? (If so, would this mean that a malicious mirror could potentially map a user's UUID with all the associated package-requests?)

- Is there any way to opt out of providing data for this user-base statistical analysis?

Could someone also point to the file in the source-code (https://github.com/rpm-software-management/dnf) where this UUID-feature has been implemented?