- <para>Programs may use this ID to identify the host with a
- globally unique ID in the network, which does not change even if
- the local network configuration changes. Due to this and its
- greater length, it is a more useful replacement for the
- <citerefentry project='man-pages'><refentrytitle>gethostid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- call that POSIX specifies.</para>
+ <para>This ID uniquely identifies the host. It should be considered "confidential", and must not
+ be exposed in untrusted environments, in particular on the network. If a stable unique
+ identifier that is tied to the machine is needed for some application, the machine ID or any
+ part of it must not be used directly. Instead the machine ID should be hashed with a
+ cryptographic, keyed hash function, using a fixed, application-specific key. That way the ID
+ will be properly unique, and derived in a constant way from the machine ID but there will be no
+ way to retrieve the original machine ID from the application-specific one.</para>