We recently noticed that our UUIDs are no where near unique. We have around 20% (!) of daily duplicates, most of which (relative to traffic volume) are coming from chrome.
In theory, UUIDs generated using a good PRNG should have a 2132 probability for collision, but with MWC1616, under some very realistic scenarios, this probability is around 1:30000.
To solve the problem, I considered the following options:
After spending more than a week researching this - my conclusion is: NEVER GENERATE UUIDs on the client. Just don't. Especially if you intend to scale.
For years, I knew that the browser's Math.random implementation was poor, but I didn't understand how bad was it, until we reached the scale of billions of events per day.
I decided to go with the easiest technical solution and moved UUID generation to the server. The percentage of duplicate IDs when down from ~25% a day to ~0.0008%.