Why don't you allow partial UDID searches? I should be able to type, say, ten digits and see some results. You could also make it so I type the first eight and the last eight characters.

Easier data entry and I don't have to give you my full UDID.

There would be no way for you to know if you got matched without possibly disclosing other matches as well...

The "other matches" are already disclosed, it's too late.

Could this be another attempt to get more UUIDs? Why should I trust this link?

If you want to lookup your UDID but afraid to expose it, use partial search at http://pastehtml.com/udid

Ah, many thanks, that's a much nicer system. No need to trust anything. Have you considered submitting it?

What can he do with just a UUID? Really, i don't know...

They could asked for a hash of the device uuid. That would be safer, but you would still have to visit the site. With that request they could match ip, browser info, and device uuid.

Perhaps, it could be put entirely into javascript.

Entering 40 characters is hard enough by itself. Tell the average user to send an MD5 hash over... if you care that much you do what I did initally, download it, unpack it, and grep.

I was trying to avoid the "Receipt of stolen property" issue, while maintaining personal privacy. Usability was lower on my list of concerns.

That's a good point. Gotta trust someone, kimosabe! This is me: http://linkedin.com/in/bbunix, and no I don't want UDIDs.

Thanks for doing this.

=) Thanks!

There are ways to do this securely, like client side hashing, that are worth learning and showing off to make you a better web developer and set a good example for others. Yo have a chance to learn and teach here.

"Has your password been compromised? Type it here to check. Please also leave me your email message so I can inform you in case the password gets leaked later on."

Seriously ...

You do realize that AntiSec stated they have access to about 12.000.000 UDIDs while leaking only 1.000.001?

Maybe you should note that on your site, so even negative Results don't get too confident in their security

Good point, I'll update it now...

Can someone tell me what the AntiSec can do with these UDIDs? I mean they are just phone identifiers, what harm can their exposure cause?

If anyone is interested, the top device names sorted by popularity :: http://maxnanis.com/files/apple_udid_top_device_names.txt

Has someone here found his device in the list ?

If you found yours (I don't say mine since I don't own a single apple device), what do ?

If you've been exposed take some time to help us identify who gave this UDID's to the FBI. (Already working with 3 exposed device owners) http://news.ycombinator.com/item?id=4473833

Another UDID checklist: http://dazzlepod.com/apple/ Partial UDID search accepted, i.e. search "d565" instead of your full UDID "d56504ca3b268177f76fef0c2c446ba183afd12b"

Actually all you need to do is permit people to enter wildcards and print the results if (say) less than 100 matches are found, so they enter 12346789 and you search for 12346789

I had some trouble manually retyping my UDID. It turns out that once you click on the serial number, you can go to Edit->Copy Identifier (UDID).

You can also click to show your UDID, leave your mouse where it is, and CMD-C like usual.

Does the leak apply to ipads too?

Yes. The "article" on pastebin said "iOS devices" and my download of the million-and-one has mentions of lots of iPads.

You could ask the bad guys. Do the FBI have an email address? Maybe you could get somewhere with a freedom of information request?