Comment 10 for bug 1413821

Yes, MD5 is not the best solution we have.

I'm not sure about exposing the original source path. Although it's true that it could be a sensible information, I don't think it's more sensible than the content of a file itself.

If a user wants to transfer an image (e.g. from /home/phablet/Pictures/secret_projects/patent_no82399.png) to another app (which is an unknown malware), that app could anyway read the content of the image and upload it somewhere on the net (supposed that the app uses "networking" and "content-hub" policies).
The malware can't access the original source anyway, so the only information it can get from it is that there's a specific path in the FS.
Things change a little bit if the malware is unconfined. But in that case, it could already sniff at all the images without need any further information from content-hub.