How safe is using UUIDs as URL identifier for non-guessable IDs? Specifically UUIDs generated by Python's uuid4() function, using base64 encoding. E.g.
https://example.com/content/oVOZp0W_SyG23EMjTjrphg
How likely it is that somebody can scrape arbitrary URLs without any information about the content (creation time, etc.)?
How likely it is that somebody who knows something about the content (creation time) can find the specific URL pointing to the content?
If UUIDs have practical security limitations, are there any recommended best practices for non-guessable ids which play nicely inside URLs?
EDIT: Assume we are generating 16-bytes of os.urandom()
randomness as per in the comments below.